Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to download anything! Please help!

Chrome Windows 7 Mozilla Firefox

  • Please log in to reply

#1
Liv Scott

Liv Scott

    Member

  • Member
  • PipPipPip
  • 139 posts

Hi!

 

I had this issue a year or two ago, but it seems to have reappeared. I'm unable to download anything using Google Chrome OR Mozilla Firefox. I'm not sure if it helps, but it started after I uninstalled f.lux and Microsoft Security on my computer.

 

Each time I attempt to download something using Google Chrome, I get the message "Failed - Virus scan failed" in the download balloon at the bottom of the browser window.

 

I was able to download a file using Firefox, HOWEVER when I attempted to update the program to the latest version, it failed, and now it has stopped working entirely.

 

I have attempted to remedy it by changing the "3" to a "1" in HKEY_LOCAL_MACHINE >SOFTWARE >Microsoft >Windows >CurrentVersion >Policies >Attachments, which didn't work even after I restarted my computer so I changed it back.

 

I'm in graduate school, so being unable to download files from my professors is proving to make my life overly difficult, so any help would be greatly appreciated!!!!

 

I have also included the OTL Log Scan results that I ran, and I have attached a screenshot of the settings that I used.

 

OTL logfile created on: 11/21/14 11:52:59 AM - Run 6

OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Livsie\Documents\Computer Problem Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy
 
3.80 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 34.69% Memory free
7.60 Gb Paging File | 2.95 Gb Available in Paging File | 38.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 1.94 Gb Free Space | 3.31% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 41.99 Gb Free Space | 10.57% Space Free | Partition Type: NTFS
 
Computer Name: LIVSIE-PC | User Name: Livsie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/15 11:49:11 | 005,225,064 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/11/15 11:49:11 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/11/14 15:35:50 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014/11/12 14:28:02 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/06/10 19:34:28 | 000,707,496 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2014/06/10 19:34:13 | 000,561,064 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2014/06/02 09:36:12 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2013/12/04 05:22:08 | 001,289,544 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2013/12/04 05:22:08 | 000,621,384 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2013/06/28 16:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/01/09 14:53:08 | 000,631,808 | ---- | M] (BodyMedia, Inc.) -- D:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
PRC - [2012/12/03 16:53:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Livsie\Documents\Computer Problem Programs\OTL.exe
PRC - [2009/12/29 13:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/09/30 04:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 04:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/05 02:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\DELL\DellComms\bin\sprtsvc.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/15 11:49:17 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/21 20:04:57 | 008,910,664 | ---- | M] () -- C:\Users\Livsie\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/21 20:04:51 | 001,042,760 | ---- | M] () -- C:\Users\Livsie\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/21 20:04:49 | 000,211,272 | ---- | M] () -- C:\Users\Livsie\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/21 20:04:48 | 001,681,224 | ---- | M] () -- C:\Users\Livsie\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014/06/10 19:34:58 | 000,063,400 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2013/07/10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/15 11:49:11 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/15 11:48:52 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Stopped] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/11/05 19:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/10/09 04:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/17 09:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 17:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/11/17 11:32:29 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/14 15:35:50 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/06/10 19:34:13 | 000,561,064 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2014/06/05 20:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/02 09:36:12 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/04 05:22:08 | 001,289,544 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2013/10/08 18:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/28 16:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/30 04:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 04:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/05/05 02:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/15 11:49:28 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/11/15 11:49:28 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/15 11:49:28 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/11/15 11:49:28 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/15 11:49:28 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/15 11:49:28 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/15 11:49:26 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/15 11:48:57 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/15 11:48:52 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/06/10 19:16:26 | 000,052,592 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64-6.sys -- (vpnva)
DRV:64bit: - [2014/06/10 19:15:48 | 000,112,496 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2014/01/22 07:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 07:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/28 17:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/03 00:29:22 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010/08/03 00:29:22 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/04/27 10:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/30 11:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/26 06:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 11:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/16 05:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/17 09:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 08:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/16 19:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/15 10:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {812F0E75-DDF8-40C9-83B9-57ACF1312B63}
IE:64bit: - HKLM\..\SearchScopes\{812F0E75-DDF8-40C9-83B9-57ACF1312B63}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{3EAD345A-5334-40C5-9F44-62F73C440223}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=18-06-2012
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-171093069-540651395-608262162-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us-mg6.mail.y...d=0clipv0ercmvp
IE - HKU\S-1-5-21-171093069-540651395-608262162-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-171093069-540651395-608262162-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 7E 34 A1 2A 08 CE 01  [binary data]
IE - HKU\S-1-5-21-171093069-540651395-608262162-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...eviantart.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Livsie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/11/15 11:49:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: D:\Program Files (x86)\components [2014/10/16 10:32:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: D:\Program Files (x86)\plugins [2014/09/23 13:50:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: D:\Program Files (x86)\Mozilla Sunbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
[2010/08/01 23:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Extensions
[2010/08/01 23:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010/07/25 21:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/11/13 22:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions
[2014/01/25 23:25:34 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/12/16 09:23:01 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\[email protected]
[2010/08/01 23:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Sunbird\Profiles\6bpd18yu.default\extensions
[2013/01/05 18:07:57 | 000,002,533 | ---- | M] () -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\searchplugins\aol-search.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Livsie\AppData\Local\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Livsie\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Livsie\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = D:\Program Files (x86)\plugins\NPOFF12.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Livsie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Livsie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.7_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc\3.0_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel\1.2.4_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_1\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\34_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngaklbjlbjhmoilkegninbmpfigheol\2.1.0_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.3_0\
CHR - Extension: First user = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn\4.2.16_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp\1_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.245_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa\1.9.9_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.45_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijopgmiofmhjaihppiboemgnddmjpge\1_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/11/19 21:12:06 | 000,000,184 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 128.200.205.245 vpn.uci.edu ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed.
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-171093069-540651395-608262162-1001..\Run: [EPSON WorkForce 310 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHA.EXE /FU "C:\Users\Livsie\AppData\Local\Temp\E_SEB56.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-171093069-540651395-608262162-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-171093069-540651395-608262162-1001..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-171093069-540651395-608262162-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-171093069-540651395-608262162-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00  [binary data]
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.200.192.202 128.200.1.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9FF6BC-1FFE-4AAA-B202-A40150CC9E90}: DhcpNameServer = 128.200.192.202 128.200.1.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A87A788C-0EC6-4821-A9E7-018A1F5F66A2}: DhcpNameServer = 198.6.1.1 204.117.214.10
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/16 22:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco
[2014/11/15 19:39:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vbox
[2014/11/15 19:39:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vbox
[2014/11/15 11:49:33 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/15 11:49:23 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/12 21:21:22 | 000,000,000 | ---D | C] -- C:\Users\Livsie\AppData\Local\FluxSoftware
[2014/11/12 09:45:07 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/11/12 09:45:06 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/11/12 09:45:05 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/11/12 09:45:01 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/11/12 09:45:01 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/11/12 09:45:01 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/11/12 09:44:58 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/11/12 09:44:58 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/11/12 09:44:53 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/11/12 09:44:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/11/12 09:44:53 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/11/12 09:44:53 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/11/12 09:44:52 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/11/12 09:44:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/11/12 09:44:52 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/11/12 09:44:51 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/11/12 09:44:51 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/11/12 09:44:49 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/11/12 09:44:49 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/11/12 09:44:49 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/11/12 09:44:48 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/11/12 09:44:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/11/12 09:44:47 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/11/12 09:44:47 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/11/12 09:44:47 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/11/12 09:44:47 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/11/12 09:44:47 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/11/12 09:44:46 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/11/12 09:44:45 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/11/12 09:44:44 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/11/12 09:44:43 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/11/12 09:44:42 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/11/12 09:44:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/11/12 09:44:42 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/11/12 09:44:41 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/11/12 09:44:40 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/11/12 09:44:39 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/11/12 09:44:39 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/11/12 09:44:39 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/11/12 09:44:38 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/11/12 09:44:38 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/11/12 09:44:37 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/11/12 09:44:37 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/11/12 09:44:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/11/12 09:44:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/11/12 09:44:05 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/11/12 09:44:05 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/11/12 09:44:04 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/11/12 09:44:04 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/11/12 09:44:03 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/11/12 09:43:59 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/11/12 09:43:58 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/11/12 09:43:49 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/11/12 09:43:18 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/11/12 09:43:17 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/11/12 09:43:05 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/11/12 09:42:58 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/11/05 13:26:10 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.DLL
[2014/11/05 13:26:10 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn117.dll
[2014/11/04 08:47:52 | 000,000,000 | -HSD | C] -- C:\Users\Livsie\AppData\Local\EmieUserList
[2014/11/04 08:47:52 | 000,000,000 | -HSD | C] -- C:\Users\Livsie\AppData\Local\EmieSiteList
[2014/10/26 09:58:23 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/10/26 09:58:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/10/25 16:32:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2014/10/25 16:32:22 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2014/10/25 16:32:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/10/25 16:32:19 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2014/10/24 19:46:02 | 000,000,000 | ---D | C] -- C:\Users\Livsie\AppData\Roaming\Origin
[2014/10/24 19:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2014/10/24 19:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/21 11:42:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/21 11:33:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA.job
[2014/11/21 11:32:25 | 000,804,496 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/21 11:32:25 | 000,677,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/21 11:32:25 | 000,128,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/21 11:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/21 11:27:17 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/11/21 10:34:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/21 08:44:12 | 000,000,717 | ---- | M] () -- C:\Users\Livsie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/11/21 08:44:12 | 000,000,497 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/11/20 23:12:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/20 14:33:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core.job
[2014/11/19 21:18:00 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/19 21:18:00 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/19 21:12:06 | 000,000,184 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/11/19 21:11:28 | 000,001,938 | ---- | M] () -- C:\Users\Livsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk
[2014/11/19 21:09:48 | 000,000,039 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ac
[2014/11/19 21:09:17 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/19 15:08:32 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/19 11:00:48 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/11/17 11:32:28 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/11/17 11:32:28 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/11/15 11:49:28 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/11/15 11:49:28 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/15 11:49:28 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/11/15 11:49:28 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/11/15 11:49:28 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/11/15 11:49:28 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/11/15 11:49:28 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/11/15 11:49:26 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/11/15 11:49:23 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/15 11:48:57 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/11/13 04:08:42 | 000,361,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/05 20:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/11/05 19:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/11/05 19:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/11/05 19:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/11/05 19:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/11/05 19:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/11/05 19:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/11/05 19:30:22 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/11/05 19:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/11/05 19:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/11/05 19:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/11/05 19:20:18 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/11/05 19:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/11/05 19:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/11/05 19:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/11/05 19:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/11/05 19:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/11/05 19:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/11/05 19:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/11/05 19:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/11/05 19:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/11/05 18:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/11/05 18:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/11/05 18:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/11/05 18:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/11/05 18:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/11/05 18:41:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/11/05 18:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/11/05 18:38:25 | 002,124,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/11/05 18:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/11/05 18:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/11/05 18:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/11/05 18:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/11/05 17:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/11/05 17:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/11/05 09:56:54 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/11/05 09:56:36 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/11/05 09:52:22 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/24 17:57:59 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/24 17:32:37 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
 
========== Files Created - No Company Name ==========
 
[2014/11/21 08:44:12 | 000,000,497 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/11/16 22:46:37 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/11/12 19:46:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/11/05 13:26:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3117.DLL
[2014/10/18 14:27:32 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/05/25 15:13:01 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/05/25 15:13:00 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2070N.DAT
[2013/04/04 11:02:50 | 000,000,775 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/02/23 07:36:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/23 07:36:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/23 07:36:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/23 07:36:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/23 07:36:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/25 17:31:02 | 000,797,110 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/25 17:14:29 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-LIVSIE-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/03/30 01:25:02 | 000,007,598 | ---- | C] () -- C:\Users\Livsie\AppData\Local\Resmon.ResmonCfg
[2010/10/03 17:28:17 | 000,009,728 | ---- | C] () -- C:\Users\Livsie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/15 15:16:57 | 000,002,587 | ---- | C] () -- C:\Program Files\Dell Support Center.lnk
[2010/09/15 11:04:49 | 000,004,236 | ---- | C] () -- C:\Program Files\Windows Compatibility Report.htm
[2010/08/25 14:11:49 | 000,002,515 | ---- | C] () -- C:\Program Files (x86)\Skype.lnk
[2010/08/20 17:44:01 | 000,002,016 | ---- | C] () -- C:\Program Files (x86)\Adobe Reader 9.lnk
[2010/07/13 03:51:16 | 000,000,000 | ---- | C] () -- C:\Users\Livsie\AppData\Local\prvlcl.dat
[2010/05/20 00:57:05 | 000,000,196 | ---- | C] () -- C:\Users\Livsie\AppData\Roaming\wklnhst.dat
[2010/05/19 20:09:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/18 18:43:34 | 000,002,164 | ---- | C] () -- C:\Users\Livsie\AppData\Roaming\install.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2011/08/04 16:32:24 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline楆敬⁳砨㘸尩䑖卍畯摮䐻尺牐杯慲楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶
[2011/08/04 16:32:24 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline楆敬⁳砨㘸尩䑖卍畯摮䐻尺牐杯慲楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶
[2010/10/21 04:38:30 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline砨㘸尩䑖卍畯摮䐻尺牐杯慲楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷
[2010/10/21 04:38:30 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline砨㘸尩䑖卍畯摮䐻尺牐杯慲楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷
[2010/09/15 02:21:15 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????4???????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠浡汩⁹‶
[2010/09/15 02:21:15 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????4???????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠浡汩⁹‶
[2010/09/07 03:29:35 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnlineC???????????????????????????4???????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnlineC剐䍏卅体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠
[2010/09/07 03:29:35 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnlineC???????????????????????????4???????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnlineC剐䍏卅体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠
[2010/09/06 06:19:52 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline??) -- C:\Users\Livsie\AppData\Local\DataSafeOnline攄င
[2010/09/06 06:19:52 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline??) -- C:\Users\Livsie\AppData\Local\DataSafeOnline攄င
(C:\Users\Livsie\AppData\Local\DataSafeOnlineC???????????????????????????4???????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnlineC剐䍏卅体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠
(C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????4???????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠浡汩⁹‶
(C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline砨㘸尩䑖卍畯摮䐻尺牐杯慲楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷
(C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline楆敬⁳砨㘸尩䑖卍畯摮䐻尺牐杯慲楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶
(C:\Users\Livsie\AppData\Local\DataSafeOnline??) -- C:\Users\Livsie\AppData\Local\DataSafeOnline攄င
 
< End of report >

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Did you check for the presence of

 

HKEY_Current_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments

 

This will override the setting in in HKEY_LOCAL_MACHINE .  I would leave it at 1 until you find the problem.

 

Too bad you killed Firefox as there is a workaround in firefox:

 

 Type in: about:config 

and scroll down to where it says 

browser.download.manager.scanWhenDone

Double click and it should toggle to False. Restart Firefox and try to download something. 

 

 

 

It might be a version of Zero Access virus and OTL may not show it.  Have you tried a boot-time scan in Avast?  This will take a long time so I suggest you let it run while you sleep:

 

 

 
First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it. 
 
Also it appears that you have run combofix in the past.  If you still have it then try to run it again (disable avast and right click on combofix.exe and Run As Admin.  Allow it to update).
 
See if you can get Opera with FTP:
 
Start, All Programs, Accessories then Command Prompt.  (Win 7 and Vista must Right click on Command Prompt and Run As Admin.)
Bold text is what you type with an Enter after each line.  Regular text is the expected response. Text in parentheses are my comments.
 
 
ftp ftp.opera.com
Connected to get2.opera.com.
220 (vsFTPd 2.0.7)
User (get2.opera.com:(none)): anonymous
331 Please specify the password.
Password: any
230 Login successful.
 
ftp> cd pub/opera/win/1151/us
250 Directory successfully changed.
 
ftp> ls
(That's actually L S.  Here you may get a windows prompt that it has blocked the program.  Tell it to unblock)
Opera_1151_int_Setup.exe
 
ftp> binary
200 Switching to Binary mode.
 
ftp> get Opera_1151_int_Setup.exe
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for Opera_1151_int_Setup.exe (10307952 b
ytes).
 
(It will take it some time to download the file.  There is no indication that anything is happening but if you go to Task Manager and look at the network traffic you will see that it is working.)
 
226 File send OK.
ftp: 10307952 bytes received in 119.73Seconds 86.09Kbytes/sec.
ftp> bye
221 Goodbye.
 
Now is the tricky  part.  Have to find where it got stored.  Do a search of the C:\ for Opera and it should show up.  
Usually it stores the file in C:\users\YourLoginName\ (Win 7 or Vista) or in XP at C:\Documents and Settings\YourLoginName\ 
 
Right click on it and Run As Admin.  Does it have the same problem?
 
Get a friend to download Waterfox for you and either burn it to a CD or put it on a clean USB drive.  This is basically a 64 bit version of Firefox.  Try installing it and use the Firefox work around
 
Sometimes people have reported that renaming the Windows Defender folder in c:\Program Files will allow you to download.  I expect this indicates that Zero Access is present as it like to ride on Windows Defender files.
 
You might also try to create a new login with admin power and log in to the new login and see if the new login has the same problem.
 
 
Ron
 

  • 0

#3
Liv Scott

Liv Scott

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts

Hi Ron,

 

I found HKEY_Current_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments but it reads Name: (Default) Type: REG_SZ Data: (value not set) and I can't figure out how to edit it.

 

Currently, my computer doesn't even recognize Firefox as a valid program, it claims that this version is not compatible with the version of Windows that I'm running, but I don't remember having to select 32-bit or 64-bit when I updated it.

 

The boot-time scan indicated simply that some files could not be scanned, and this is all I found in the report:

 

11/16/2014 19:06
Scan of all local drives
 
File D:\LIVSIE-PC\Backup Set 2012-09-10 162648\Backup Files 2012-09-10 162648\Backup files 28.zip|>C\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\CT2438727\Dialogs.zip|>Dialogs\NewSearchProtectorDialog\images\warning.png Error 42125 {ZIP archive is corrupted.}
File D:\LIVSIE-PC\Backup Set 2012-09-10 162648\Backup Files 2012-09-10 162648\Backup files 5.zip|>C\Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc|>101117212509118-000442.file Error 42125 {ZIP archive is corrupted.}
File D:\LIVSIE-PC\Backup Set 2012-10-14 190024\Backup Files 2012-10-21 204935\Backup files 4.zip|>C\Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc|>101117212509118-000442.file Error 42125 {ZIP archive is corrupted.}
File D:\LIVSIE-PC\Backup Set 2012-12-09 191240\Backup Files 2012-12-09 191240\Backup files 6.zip|>C\Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc|>101117212509118-000442.file Error 42125 {ZIP archive is corrupted.}
File D:\LIVSIE-PC\Backup Set 2013-03-31 190002\Backup Files 2013-05-01 231656\Backup files 20.zip|>C\_OTL\MovedFiles\01182013_074439\C_Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc|>101117212509118-000304.file|>Data1.cab|>FP_AX_MSI_INSTALLER.exe Error 42110 {The file is a decompression bomb.}
File D:\LIVSIE-PC\Backup Set 2013-03-31 190002\Backup Files 2013-05-01 231656\Backup files 20.zip|>C\_OTL\MovedFiles\01182013_074439\C_Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc|>101117212509118-000304.file|>Data1.cab Error 42110 {The file is a decompression bomb.}
File D:\LIVSIE-PC\Backup Set 2013-03-31 190002\Backup Files 2013-05-01 231656\Backup files 20.zip|>C\_OTL\MovedFiles\01182013_074439\C_Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc|>101117212509118-000304.file Error 42110 {The file is a decompression bomb.}
File D:\LIVSIE-PC\Backup Set 2013-03-31 190002\Backup Files 2013-05-01 231656\Backup files 20.zip|>C\_OTL\MovedFiles\01182013_074439\C_Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc Error 42110 {The file is a decompression bomb.}
File D:\Users\Livsie\Documents\Important Stuff\UC Irvine\Classes\251A F14\Black-History.ppt|>Pictures Error 42144 {OLE archive is corrupted.}
Number of searched folders: 44902
Number of tested files: 2027832
Number of infected files: 0
 
----------------------------------------
11/22/2014 00:30
Scan of all local drives
 
File D:\LIVSIE-PC\Backup Set 2012-09-10 162648\Backup Files 2012-09-10 162648\Backup files 28.zip|>C\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\CT2438727\Dialogs.zip|>Dialogs\NewSearchProtectorDialog\images\warning.png Error 42125 {ZIP archive is corrupted.}
File D:\LIVSIE-PC\Backup Set 2012-09-10 162648\Backup Files 2012-09-10 162648\Backup files 5.zip|>C\Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc|>101117212509118-000442.file Error 42125 {ZIP archive is corrupted.}
File D:\LIVSIE-PC\Backup Set 2012-10-14 190024\Backup Files 2012-10-21 204935\Backup files 4.zip|>C\Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc|>101117212509118-000442.file Error 42125 {ZIP archive is corrupted.}
File D:\LIVSIE-PC\Backup Set 2012-12-09 191240\Backup Files 2012-12-09 191240\Backup files 6.zip|>C\Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc|>101117212509118-000442.file Error 42125 {ZIP archive is corrupted.}
File D:\LIVSIE-PC\Backup Set 2013-03-31 190002\Backup Files 2013-05-01 231656\Backup files 20.zip|>C\_OTL\MovedFiles\01182013_074439\C_Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc|>101117212509118-000304.file|>Data1.cab|>FP_AX_MSI_INSTALLER.exe Error 42110 {The file is a decompression bomb.}
File D:\LIVSIE-PC\Backup Set 2013-03-31 190002\Backup Files 2013-05-01 231656\Backup files 20.zip|>C\_OTL\MovedFiles\01182013_074439\C_Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc|>101117212509118-000304.file|>Data1.cab Error 42110 {The file is a decompression bomb.}
File D:\LIVSIE-PC\Backup Set 2013-03-31 190002\Backup Files 2013-05-01 231656\Backup files 20.zip|>C\_OTL\MovedFiles\01182013_074439\C_Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc|>101117212509118-000304.file Error 42110 {The file is a decompression bomb.}
File D:\LIVSIE-PC\Backup Set 2013-03-31 190002\Backup Files 2013-05-01 231656\Backup files 20.zip|>C\_OTL\MovedFiles\01182013_074439\C_Users\Livsie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101117212509118.rsc Error 42110 {The file is a decompression bomb.}
File D:\Users\Livsie\Documents\Important Stuff\UC Irvine\Classes\251A F14\Black-History.ppt|>Pictures Error 42144 {OLE archive is corrupted.}
Number of searched folders: 44485
Number of tested files: 2019268
Number of infected files: 0
 
 
I also saw that Avast ran a full-computer scan and here are the results from that are attached, I wasn't able to find the detailed report.
 
I attempted to download Opera using Command Prompt, but it wouldn't recognize the initial command as a valid command.
 
I also renamed Windows Defender as Windows Defenders (added an "s") but no luck!
 
I found ComboFix on my computer but when I ran it, instead it vanished! I've done a full-system search, and it's nowhere to be found, so strange. I have a computer in my office however that I can use to transfer files to my computer using a thumb drive, so I will be putting ComboFix and WaterFox on my computer tomorrow as soon as I can!
 

Attached Thumbnails

  • Avast Full-System Scan for G2G.jpg

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Firefox is 32 bit but it should work fine on your 64 bit PC.  

 

On my win 7 64 bit the last key is:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

 

and the only subkey is Explorer.

 

so if you have HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments  right click on Attachments and select Delete.  If it won't let you then right click on it and select Permissions and change the permissions to give yourself Full Control.  You may have to take ownership of the key.

 

The FTP command works on mine.  The ftp.exe file should be in System32.  This is where it starts if you right click on Command Prompt and Run As Admin.  

 

Also get 

 

 Farbar Recovery Scan Tool http://www.bleepingc...overy-scan-tool

 

(Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  • )

     

     

    the AVG removal tool http://download.avg....6_2011_1184.exe

     

    When you download Combofix it's best to turn off the Anti-Virus.  Then rename it to explorer.exe when you copy it to your desktop.  Again turn off the anti-virus before running it.

     

    AVG is often the cause of this download problem so right click on the removal tool and Run As Admin.

     

    Also get a clean version of Firefox  https://download-ins...etup 32.0.3.exe, uninstall the old version and reboot then try the new one.  (Right click and Run AS Admin)


    • 0

    #5
    Liv Scott

    Liv Scott

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Hi Ron,

     

    My apologies for the delay. My internet at home is refusing to acknowledge Avast as having up-to-date virus definitions (it's residential internet that requires me to have CISCO NAC installed), so I wasn't able to post anything until today when I'm at school (but I can log on here no problem, go figure.) This is a huge post, it ended up being 52 pages when I was writing it in Word.

     

     

    I was able to delete the Attachments without a problem. On my HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

    I have several subkeys:

                ActiveDesktop

                Associations

                Explorer

                Ext

                Network

                System

                WindowsUpdate

     

    Here are the results from the Farbar Recovery Scan Tool

     

    FRST.txt:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01

    Ran by Livsie (administrator) on LIVSIE-PC on 24-11-2014 12:32:24

    Running from C:\Users\Livsie\Desktop

    Loaded Profile: Livsie (Available profiles: Livsie)

    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

    Internet Explorer Version 11

    Boot Mode: Normal

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

     

    ==================== Processes (Whitelisted) =================

     

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

     

    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

    () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

    (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE

    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe

    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    (SupportSoft, Inc.) C:\Program Files (x86)\DELL\DellComms\bin\sprtsvc.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

    (Microsoft Corporation) C:\Windows\System32\rundll32.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    (Intel Corporation) C:\Windows\System32\igfxtray.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

    (Intel Corporation) C:\Windows\System32\hkcmd.exe

    (Intel Corporation) C:\Windows\System32\igfxpers.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe

    (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

    (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe

    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

    (BodyMedia, Inc.) D:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe

    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

    (Microsoft Corporation) C:\Windows\System32\rundll32.exe

    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe

    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe

    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    (Microsoft Corporation) C:\Windows\regedit.exe

    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

    (Microsoft Corporation) C:\Windows\splwow64.exe

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

     

     

    ==================== Registry (Whitelisted) ==================

     

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

     

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-09] (Realtek Semiconductor)

    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)

    HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)

    HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

    HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)

    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

    HKLM-x32\...\Run: [] => [X]

    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)

    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)

    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [843776 2009-02-06] (SEIKO EPSON CORPORATION)

    HKLM-x32\...\Run: [QuickTime Task] => D:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)

    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)

    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-21] (AVAST Software)

    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-10] (Cisco Systems, Inc.)

    HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [621384 2013-12-04] (Cisco Systems, Inc.)

    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

    HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Run: [Google Update] => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-12] (Google Inc.)

    HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)

    HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Run: [EPSON WorkForce 310 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHA.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)

    HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

    HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0xFF000000

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BodyMedia Sync.lnk

    ShortcutTarget: BodyMedia Sync.lnk -> D:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe (BodyMedia, Inc.)

    Startup: C:\Users\Livsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk

    ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

     

    ==================== Internet (Whitelisted) ====================

     

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

     

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome

    HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

    HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x057E34A12A08CE01

    HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

    HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://us-mg6.mail.y...d=0clipv0ercmvp

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

    HKU\S-1-5-21-171093069-540651395-608262162-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKLM-x32 -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=18-06-2012

    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=18-06-2012

    SearchScopes: HKU\S-1-5-21-171093069-540651395-608262162-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-21-171093069-540651395-608262162-1001 -> {812F0E75-DDF8-40C9-83B9-57ACF1312B63} URL =

    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll No File

    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File

    BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

    Tcpip\Parameters: [DhcpNameServer] 128.200.192.202 128.200.1.201

     

    FireFox:

    ========

    FF ProfilePath: C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default

    FF DefaultSearchEngine: AOL Search

    FF Homepage: hxxp://www.google.com/reader/view/|hxxp://www.facebook.com/|hxxp://www.deviantart.com/

    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()

    FF Plugin: @microsoft.com/GENUINE -> disabled No File

    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()

    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @talk.google.com/O1DPlugin -> C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Livsie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF user.js: detected! => C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\user.js

    FF Plugin ProgramFiles/Appdata: C:\Users\Livsie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

    FF Plugin ProgramFiles/Appdata: C:\Users\Livsie\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

    FF SearchPlugin: C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\searchplugins\aol-search.xml

    FF Extension: Echofon - C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\Extensions\[email protected] [2012-12-16]

    FF Extension: Garmin Communicator - C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-01-25]

    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-06]

    FF HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    FF Extension: No Name - D:\Program Files (x86)\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\firefox.exe

     

    Chrome:

    =======

    CHR HomePage: Default -> hxxp://www.google.com/reader/view/

    CHR Profile: C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default

    CHR Extension: (Google Drive) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-15]

    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

    CHR Extension: (YouTube) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-12]

    CHR Extension: (Facebook) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-06-15]

    CHR Extension: (Adblock Plus) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-03]

    CHR Extension: (Spotify - Music for every moment) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2013-06-15]

    CHR Extension: (Google Search) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-12]

    CHR Extension: (Netflix) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2013-06-15]

    CHR Extension: (Google News) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-06-15]

    CHR Extension: (NYTimes) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2013-06-15]

    CHR Extension: (Google Calendar) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-06-15]

    CHR Extension: (Avast SafePrice) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-17]

    CHR Extension: (Pandora) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-06-15]

    CHR Extension: (Avast Online Security) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-23]

    CHR Extension: (feedly) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-06-07]

    CHR Extension: (Dictionary Instant) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngaklbjlbjhmoilkegninbmpfigheol [2013-06-15]

    CHR Extension: (Google Play Music) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-06-15]

    CHR Extension: (Notifier for Twitter) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn [2012-09-12]

    CHR Extension: (SoundCloud) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-06-15]

    CHR Extension: (Hootsuite) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2013-06-15]

    CHR Extension: (Wave Accounting) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2013-06-15]

    CHR Extension: (InvisibleHand) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2012-10-12]

    CHR Extension: (Thor) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijopgmiofmhjaihppiboemgnddmjpge [2012-10-12]

    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]

    CHR Extension: (Google Wallet) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]

    CHR Extension: (Gmail) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-12]

    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]

    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]

    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

     

    ==================== Services (Whitelisted) =================

     

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

     

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)

    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-15] (Avast Software)

    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]

    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]

    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]

    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]

    R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1289544 2013-12-04] (Cisco Systems, Inc.)

    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]

    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-11-14] (Western Digital Technologies, Inc.)

    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)

    R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]

    S3 GameConsoleService; "C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe" [X]

    S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service [X]

    S2 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

    S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

     

    ==================== Drivers (Whitelisted) ====================

     

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

     

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-15] ()

    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-15] (AVAST Software)

    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-15] (AVAST Software)

    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-15] ()

    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)

    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-15] (AVAST Software)

    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-15] (AVAST Software)

    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-15] ()

    S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)

    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)

    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-15] (Avast Software)

    S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-10] (Cisco Systems, Inc.)

    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

     

    ==================== NetSvcs (Whitelisted) ===================

     

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

     

     

    ==================== One Month Created Files and Folders ========

     

    (If an entry is included in the fixlist, the file\folder will be moved.)

     

    2014-11-24 12:32 - 2014-11-24 12:33 - 00028215 _____ () C:\Users\Livsie\Desktop\FRST.txt

    2014-11-24 12:32 - 2014-11-24 12:32 - 00000000 ____D () C:\FRST

    2014-11-24 12:17 - 2014-11-24 12:18 - 10307952 _____ (Opera Software ASA) C:\Windows\system32\Opera_1151_int_Setup.exe

    2014-11-24 11:27 - 2014-11-24 11:27 - 35285328 _____ () C:\Users\Livsie\Desktop\Firefox Setup 32.0.3.exe

    2014-11-24 11:27 - 2014-11-24 11:27 - 05598874 _____ (Swearware) C:\Users\Livsie\Desktop\ComboFix.exe

    2014-11-24 11:26 - 2014-11-24 11:26 - 01090912 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Livsie\Desktop\avg_remover_stf_x86_2011_1184.exe

    2014-11-24 11:25 - 2014-11-24 11:25 - 02118144 _____ (Farbar) C:\Users\Livsie\Desktop\FRST64.exe

    2014-11-22 22:59 - 2014-11-22 22:59 - 00000000 ___SD () C:\ComboFix

    2014-11-21 08:44 - 2014-11-21 08:44 - 00000497 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

    2014-11-21 08:36 - 2014-11-21 08:36 - 00244120 _____ () C:\Users\Livsie\Downloads\Firefox Setup Stub 33.1.1.exe

    2014-11-19 09:44 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

    2014-11-19 09:44 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

    2014-11-19 09:44 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

    2014-11-19 09:44 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

    2014-11-16 22:48 - 2014-11-16 22:49 - 08209601 _____ (Cisco Systems, Inc.) C:\Users\Livsie\Downloads\Update.exe

    2014-11-16 22:46 - 2014-11-19 11:00 - 00001945 _____ () C:\Windows\epplauncher.mif

    2014-11-16 22:43 - 2014-11-16 22:43 - 14087848 _____ (Microsoft Corporation) C:\Users\Livsie\Downloads\mseinstall.exe

    2014-11-15 19:51 - 2014-11-15 19:51 - 00000247 _____ () C:\Windows\system32\2014-11-16-03-51-38.051-aswFe.exe-7408.log

    2014-11-15 19:45 - 2014-11-15 19:51 - 00000247 _____ () C:\Windows\system32\2014-11-16-03-45-38.060-aswFe.exe-6796.log

    2014-11-15 19:45 - 2014-11-15 19:45 - 00000197 _____ () C:\Windows\system32\2014-11-16-03-45-32.098-AvastVBoxSVC.exe-5164.log

    2014-11-15 19:39 - 2014-11-15 19:40 - 00000000 ____D () C:\Windows\SysWOW64\vbox

    2014-11-15 19:39 - 2014-11-15 19:40 - 00000000 ____D () C:\Windows\system32\vbox

    2014-11-15 11:49 - 2014-11-15 11:49 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

    2014-11-15 11:49 - 2014-11-15 11:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

    2014-11-12 21:21 - 2014-11-16 21:51 - 00000000 ____D () C:\Users\Livsie\AppData\Local\FluxSoftware

    2014-11-12 21:20 - 2014-11-12 21:20 - 00597304 _____ () C:\Users\Livsie\Downloads\flux-setup.exe

    2014-11-12 19:46 - 2014-11-23 19:39 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat

    2014-11-12 09:45 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

    2014-11-12 09:45 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

    2014-11-12 09:45 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

    2014-11-12 09:45 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

    2014-11-12 09:45 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

    2014-11-12 09:45 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

    2014-11-12 09:45 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

    2014-11-12 09:45 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

    2014-11-12 09:44 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

    2014-11-12 09:44 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

    2014-11-12 09:44 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

    2014-11-12 09:44 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

    2014-11-12 09:44 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

    2014-11-12 09:44 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

    2014-11-12 09:44 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

    2014-11-12 09:44 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

    2014-11-12 09:44 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

    2014-11-12 09:44 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

    2014-11-12 09:44 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

    2014-11-12 09:44 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

    2014-11-12 09:44 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

    2014-11-12 09:44 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

    2014-11-12 09:44 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

    2014-11-12 09:44 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

    2014-11-12 09:44 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

    2014-11-12 09:44 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

    2014-11-12 09:44 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

    2014-11-12 09:44 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

    2014-11-12 09:44 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

    2014-11-12 09:44 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

    2014-11-12 09:44 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

    2014-11-12 09:44 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

    2014-11-12 09:44 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

    2014-11-12 09:44 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

    2014-11-12 09:44 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

    2014-11-12 09:44 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

    2014-11-12 09:44 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

    2014-11-12 09:44 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

    2014-11-12 09:44 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    2014-11-12 09:44 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

    2014-11-12 09:44 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

    2014-11-12 09:44 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

    2014-11-12 09:44 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

    2014-11-12 09:44 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

    2014-11-12 09:44 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

    2014-11-12 09:44 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

    2014-11-12 09:44 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

    2014-11-12 09:44 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

    2014-11-12 09:44 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

    2014-11-12 09:44 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

    2014-11-12 09:44 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

    2014-11-12 09:44 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

    2014-11-12 09:44 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

    2014-11-12 09:44 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

    2014-11-12 09:44 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

    2014-11-12 09:44 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

    2014-11-12 09:44 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

    2014-11-12 09:44 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

    2014-11-12 09:44 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

    2014-11-12 09:44 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

    2014-11-12 09:44 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

    2014-11-12 09:44 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

    2014-11-12 09:44 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

    2014-11-12 09:44 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

    2014-11-12 09:44 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

    2014-11-12 09:44 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

    2014-11-12 09:44 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

    2014-11-12 09:44 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

    2014-11-12 09:44 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

    2014-11-12 09:44 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

    2014-11-12 09:44 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

    2014-11-12 09:44 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

    2014-11-12 09:44 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

    2014-11-12 09:44 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

    2014-11-12 09:44 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

    2014-11-12 09:44 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

    2014-11-12 09:44 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

    2014-11-12 09:44 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

    2014-11-12 09:44 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

    2014-11-12 09:44 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

    2014-11-12 09:43 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

    2014-11-12 09:43 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

    2014-11-12 09:43 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

    2014-11-12 09:43 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

    2014-11-12 09:43 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

    2014-11-12 09:43 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

    2014-11-12 09:43 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

    2014-11-12 09:43 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

    2014-11-12 09:42 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

    2014-11-12 09:42 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

    2014-11-05 13:26 - 2011-09-28 09:44 - 00311808 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn117.dll

    2014-11-05 13:26 - 2011-09-28 09:34 - 00316928 _____ () C:\Windows\SysWOW64\hpcc3117.DLL

    2014-11-05 13:26 - 2011-04-19 20:57 - 00511488 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.DLL

    2014-11-04 08:47 - 2014-11-04 08:47 - 00000000 __SHD () C:\Users\Livsie\AppData\Local\EmieUserList

    2014-11-04 08:47 - 2014-11-04 08:47 - 00000000 __SHD () C:\Users\Livsie\AppData\Local\EmieSiteList

    2014-10-30 09:37 - 2014-10-30 09:37 - 00323672 _____ (Dropbox, Inc.) C:\Users\Livsie\Downloads\DropboxInstaller.exe

    2014-10-26 09:58 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

    2014-10-26 09:58 - 2014-05-08 01:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

    2014-10-25 16:32 - 2012-08-23 06:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

    2014-10-25 16:32 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

    2014-10-25 16:32 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

    2014-10-25 16:32 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

     

    ==================== One Month Modified Files and Folders =======

     

    (If an entry is included in the fixlist, the file\folder will be moved.)

     

    2014-11-24 12:33 - 2013-02-16 09:34 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA.job

    2014-11-24 12:32 - 2012-03-31 22:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

    2014-11-24 12:04 - 2009-07-13 21:10 - 01520920 _____ () C:\Windows\WindowsUpdate.log

    2014-11-24 11:45 - 2010-06-25 15:16 - 00000000 ____D () C:\Windows\Minidump

    2014-11-24 11:42 - 2013-02-06 11:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2014-11-24 11:31 - 2009-07-13 21:13 - 00804496 _____ () C:\Windows\system32\PerfStringBackup.INI

    2014-11-24 11:30 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2014-11-24 11:30 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2014-11-23 22:13 - 2013-07-15 19:27 - 00000000 ___RD () C:\Users\Livsie\Google Drive

    2014-11-23 21:42 - 2013-02-06 11:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2014-11-23 20:00 - 2009-12-23 17:46 - 00000000 ____D () C:\DELL

    2014-11-23 19:36 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

    2014-11-23 19:18 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF

    2014-11-23 18:15 - 2013-02-16 09:34 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core.job

    2014-11-23 09:03 - 2013-02-06 11:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

    2014-11-22 22:59 - 2012-12-18 08:25 - 00000000 ____D () C:\Qoobox

    2014-11-21 23:50 - 2013-02-06 11:52 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

    2014-11-21 08:44 - 2011-04-01 00:15 - 00000497 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

    2014-11-19 15:08 - 2014-08-13 21:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

    2014-11-19 11:08 - 2013-04-22 12:05 - 00000000 ____D () C:\ProgramData\Package Cache

    2014-11-19 11:06 - 2013-04-22 12:09 - 00000000 ____D () C:\Program Files\Common Files\Western Digital

    2014-11-19 11:06 - 2013-04-22 12:09 - 00000000 ____D () C:\Program Files (x86)\Western Digital

    2014-11-17 11:32 - 2012-03-31 22:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

    2014-11-17 11:32 - 2012-03-31 22:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

    2014-11-17 11:32 - 2011-05-15 13:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    2014-11-16 22:52 - 2014-09-14 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

    2014-11-16 22:51 - 2010-12-17 12:33 - 00000000 ____D () C:\Program Files (x86)\Cisco

    2014-11-15 11:49 - 2014-04-22 21:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

    2014-11-15 11:49 - 2013-12-25 19:21 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

    2014-11-15 11:49 - 2013-11-06 18:00 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

    2014-11-15 11:49 - 2013-03-05 00:26 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

    2014-11-15 11:49 - 2013-03-05 00:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

    2014-11-15 11:49 - 2013-02-06 11:52 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

    2014-11-15 11:49 - 2013-02-06 11:52 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

    2014-11-13 21:37 - 2013-02-06 11:52 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

    2014-11-13 21:37 - 2013-02-06 11:52 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    2014-11-13 05:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache

    2014-11-13 04:08 - 2009-07-13 20:45 - 00361256 _____ () C:\Windows\system32\FNTCACHE.DAT

    2014-11-13 04:05 - 2014-04-29 19:40 - 00000000 ___SD () C:\Windows\system32\CompatTel

    2014-11-13 03:47 - 2010-03-31 15:57 - 00000000 ____D () C:\ProgramData\Microsoft Help

    2014-11-13 03:38 - 2013-10-28 20:23 - 00000000 ____D () C:\Windows\system32\MRT

    2014-11-13 03:03 - 2010-05-23 15:23 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    2014-11-12 14:28 - 2012-09-12 15:29 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA

    2014-11-12 14:28 - 2012-09-12 15:29 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core

    2014-11-10 13:29 - 2010-05-19 16:49 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\Mozilla

    2014-11-10 08:34 - 2012-07-09 22:06 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\Dropbox

    2014-11-08 01:51 - 2010-05-19 20:08 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\Skype

    2014-11-06 19:27 - 2013-02-06 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

    2014-11-04 14:30 - 2010-06-03 02:38 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    2014-11-04 08:46 - 2010-05-22 16:19 - 00000000 ____D () C:\Users\Livsie\AppData\Local\Adobe

    2014-11-04 04:07 - 2010-05-18 18:32 - 00000000 ____D () C:\Users\Livsie

    2014-11-03 10:54 - 2010-06-29 19:20 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\HpUpdate

    2014-11-01 20:26 - 2014-06-03 20:39 - 00000000 ____D () C:\Users\Livsie\Desktop\Food and Weight

    2014-10-30 18:36 - 2010-05-19 16:49 - 00000000 ____D () C:\Users\Livsie\AppData\Local\Mozilla

    2014-10-27 12:23 - 2014-08-13 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

    2014-10-27 12:23 - 2014-08-13 21:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

    2014-10-26 20:12 - 2014-09-14 22:18 - 00000000 ____D () C:\ProgramData\Cisco

    2014-10-26 20:09 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

    2014-10-26 19:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

     

    ==================== Bamital & volsnap Check =================

     

    (There is no automatic fix for files that do not pass verification.)

     

    C:\Windows\System32\winlogon.exe => File is digitally signed

    C:\Windows\System32\wininit.exe => File is digitally signed

    C:\Windows\SysWOW64\wininit.exe => File is digitally signed

    C:\Windows\explorer.exe => File is digitally signed

    C:\Windows\SysWOW64\explorer.exe => File is digitally signed

    C:\Windows\System32\svchost.exe => File is digitally signed

    C:\Windows\SysWOW64\svchost.exe => File is digitally signed

    C:\Windows\System32\services.exe => File is digitally signed

    C:\Windows\System32\User32.dll => File is digitally signed

    C:\Windows\SysWOW64\User32.dll => File is digitally signed

    C:\Windows\System32\userinit.exe => File is digitally signed

    C:\Windows\SysWOW64\userinit.exe => File is digitally signed

    C:\Windows\System32\rpcss.dll => File is digitally signed

    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

     

     

    LastRegBack: 2014-11-15 11:30

     

    ==================== End Of Log ============================

     

    Addition.txt:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01

    Ran by Livsie at 2014-11-24 12:33:48

    Running from C:\Users\Livsie\Desktop

    Boot Mode: Normal

    ==========================================================

     

     

    ==================== Security Center ========================

     

    (If an entry is included in the fixlist, it will be removed.)

     

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

     

    ==================== Installed Programs ======================

     

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

     

    64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden

    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)

    Acrobat.com (x32 Version: 2.1.0 - Adobe Systems Incorporated) Hidden

    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)

    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)

    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

    AIM for Windows (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\AIM) (Version:  - AOL Inc.)

    AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

    AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

    AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

    AOL Messaging Toolbar (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\AOL Messaging Toolbar) (Version:  - )

    Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

    Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)

    Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)

    bodybugg Software (HKLM-x32\...\InstallShield_{CB706270-54EA-4E48-9FFB-0B95FA04DBE6}) (Version: 9.0.0.846 - BodyMedia, Inc.)

    bodybugg Software (x32 Version: 9.0.0.846 - BodyMedia, Inc.) Hidden

    BodyMedia SYNC (HKLM-x32\...\InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}) (Version: 2.3.1.102 - BodyMedia, Inc.)

    BodyMedia SYNC (x32 Version: 2.3.1.102 - BodyMedia, Inc.) Hidden

    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

    C3100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

    c3100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden

    CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)

    Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)

    Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden

    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

    Cisco NAC Agent  (HKLM-x32\...\{3657178B-CDB0-46B0-8C43-E1FB50DA313D}) (Version: 4.9.4.3 - Cisco Systems, Inc.)

    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

    Commander Keen 4: Goodbye Galaxy (HKLM-x32\...\Commander Keen 4: Goodbye Galaxy - Install) (Version:  - )

    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)

    Complete Care Consumer Service Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)

    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)

    Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden

    Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)

    Dell Communications (Support Software) (HKLM-x32\...\{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}) (Version: 1.0.09094 - Dell)

    Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)

    Dell Dock (Version: 2.0 - Stardock Corporation) Hidden

    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)

    Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)

    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.303 - ALPS ELECTRIC CO., LTD.)

    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)

    Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)

    Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden

    DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden

    DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

    Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION

    Dropbox (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)

    Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)

    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.000 - SEIKO EPSON CORPORATION)

    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )

    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )

    EPSON WorkForce 310 Series Printer Uninstall (HKLM\...\EPSON WorkForce 310 Series) (Version:  - SEIKO EPSON Corporation)

    EPSON XP-800 Series Printer Uninstall (HKLM\...\EPSON XP-800 Series) (Version:  - SEIKO EPSON Corporation)

    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)

    EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)

    Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden

    FL Studio 9 (HKLM-x32\...\FL Studio 9) (Version:  - Image-Line)

    FoxyTunes for Firefox (HKLM-x32\...\FoxyTunesForFirefox) (Version:  - )

    Garmin Communicator Plugin (HKLM-x32\...\{8ED02445-D491-414C-A56D-2ED6BBB7239A}) (Version: 3.0.1 - Garmin Ltd or its subsidiaries)

    Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)

    Google Chrome (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)

    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)

    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

    Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line)

    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

    HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

    HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)

    HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden

    HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden

    HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

    HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

    HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

    LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )

    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)

    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden

    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

    Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)

    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)

    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

    Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)

    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)

    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

    Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden

    Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden

    Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)

    Pong (HKLM-x32\...\Pong) (Version:  - )

    Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)

    PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)

    QualXServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)

    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.11 - Dell Inc.)

    QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)

    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)

    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.)

    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)

    Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)

    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden

    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

    Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

    SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden

    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )

    Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden

    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

    Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line)

    TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden

    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

    Unity Web Player (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)

    UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

    VDMSound (HKLM-x32\...\VDMSound) (Version: 2.1.0 - Vlad Romascanu)

    VueMinder Calendar Lite (HKLM-x32\...\{F595BBCE-C93D-44A1-9779-D6B8721A651F}) (Version: 7.2.1001 - VueSoft)

    WD Quick View (HKLM-x32\...\{2A3862B1-F0C6-49F3-AB9A-C53D7C4EEBEA}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)

    WD SmartWare (HKLM\...\{5A6ABA38-E8D6-4B52-B0BF-44081833E1D2}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)

    WD SmartWare Installer (HKLM-x32\...\{e502616c-37a2-498e-a9ee-cd1234ccc820}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)

    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

    WinRAR (HKLM-x32\...\WinRAR) (Version:  - )

    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

    Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

    Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

     

    ==================== Custom CLSID (selected items): ==========================

     

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

     

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

     

    ==================== Restore Points  =========================

     

    19-11-2014 20:22:19 Windows Update

    24-11-2014 03:24:40 Restore Operation

     

    ==================== Hosts content: ==========================

     

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

     

    2009-07-13 18:34 - 2014-11-19 21:09 - 00000039 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1       localhost

     

     

     

     

     

    ==================== Scheduled Tasks (whitelisted) =============

     

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

     

    Task: {072236B5-37DF-415D-B3E2-D6535D44ADA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

    Task: {170A61EE-B695-423D-924F-65708D5003B7} - System32\Tasks\Livsie-PC\Livsie - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)

    Task: {1E720257-FDD0-4541-B99B-AE486DC5DD37} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-17] (Adobe Systems Incorporated)

    Task: {23ED0F9E-8722-42F6-AB9C-93F8346CD9BE} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe

    Task: {3DAC61EB-808A-4A25-88EC-51B78A7590D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)

    Task: {57378B1C-43CD-4932-9CD7-96C2A96B66F6} - System32\Tasks\D1234567\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)

    Task: {5C8C3E5B-2089-45E1-A6B8-34C0C4719E46} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-15] (AVAST Software)

    Task: {88109771-3ED3-4EE3-A7C7-CA98E748E9E0} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)

    Task: {8BE1D9B2-3A90-44B9-AA68-FBBB4C46B548} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)

    Task: {8EC54DBF-61BD-4465-9FF1-7A71C494148A} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

    Task: {92435E04-0F86-4FA6-8B77-5D6A544634D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)

    Task: {B1AA054D-CD0A-4606-BD4F-B546F1625746} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe

    Task: {DC5D5CA9-4765-4F50-AF9C-7F3731EDFDDB} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)

    Task: {E0036ECE-F0EA-4D05-83DF-983FFDB78C98} - System32\Tasks\{06E33403-A08B-4A14-BD9C-D35EC8B19314} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)

    Task: {F0DCDCF0-1265-420E-9135-48AA4A48974C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core.job => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA.job => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe

     

    ==================== Loaded Modules (whitelisted) =============

     

    2010-03-31 15:38 - 2009-07-17 09:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

    2010-03-31 15:38 - 2009-07-17 09:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll

    2014-10-06 15:21 - 2012-12-04 19:33 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL

    2014-09-30 22:09 - 2012-12-04 19:33 - 02672128 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030SU.DLL

    2014-09-30 22:09 - 2012-12-04 19:33 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030GC.dll

    2014-09-30 22:09 - 2012-12-04 19:33 - 00341504 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030SD.DLL

    2014-06-10 19:34 - 2014-06-10 19:34 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

    2014-11-23 13:08 - 2014-11-23 13:08 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112301\algo.dll

    2014-11-24 09:56 - 2014-11-24 09:56 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112400\algo.dll

    2012-02-20 23:55 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll

    2012-02-20 23:55 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

    2014-11-15 11:49 - 2014-11-15 11:49 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

    2014-11-20 23:37 - 2014-11-14 13:15 - 01077064 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.65\libglesv2.dll

    2014-11-20 23:37 - 2014-11-14 13:15 - 00211272 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.65\libegl.dll

    2014-11-20 23:37 - 2014-11-14 13:15 - 09009480 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.65\pdf.dll

    2014-11-20 23:37 - 2014-11-14 13:15 - 01677128 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll

    2014-11-20 23:37 - 2014-11-14 13:15 - 14910280 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll

     

    ==================== Alternate Data Streams (whitelisted) =========

     

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

     

     

    ==================== Safe Mode (whitelisted) ===================

     

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

     

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

     

    ==================== EXE Association (whitelisted) =============

     

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

     

     

    ==================== MSCONFIG/TASK MANAGER disabled items =========

     

    (Currently there is no automatic fix for this section.)

     

    MSCONFIG\startupreg: AVG9_TRAY => D:\PROGRA~2\avgtray.exe

    MSCONFIG\startupreg: AVG_TRAY => C:\Program Files (x86)\AVG\AVG10\avgtray.exe

    MSCONFIG\startupreg: DellComms => "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms

    MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

    MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

    MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

     

    ========================= Accounts: ==========================

     

    Administrator (S-1-5-21-171093069-540651395-608262162-500 - Administrator - Disabled)

    Guest (S-1-5-21-171093069-540651395-608262162-501 - Limited - Disabled)

    HomeGroupUser$ (S-1-5-21-171093069-540651395-608262162-1002 - Limited - Enabled)

    Livsie (S-1-5-21-171093069-540651395-608262162-1001 - Administrator - Enabled) => C:\Users\Livsie

     

    ==================== Faulty Device Manager Devices =============

     

    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

    Manufacturer: Cisco Systems

    Service: vpnva

    Problem: : This device is disabled. (Code 22)

    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

     

     

    ==================== Event log errors: =========================

     

    Application errors:

    ==================

    Error: (11/24/2014 00:03:23 PM) (Source: Chrome) (EventID: 1) (User: Livsie-PC)

    Description: Chrome has encountered a fatal error.

    ver=39.0.2171.65;lang=;guid=A071F610351B4B0DAF5B7E4B115432A0;is_machine=0;oop=1;upload=1;minidump=C:\Users\Livsie\AppData\Local\Google\CrashReports\04c6a551-c31f-4540-a605-95b34a0b1cb7.dmp

     

    Error: (11/24/2014 00:03:08 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: googledrivesync.exe, version: 1.18.7821.2489, time stamp: 0x509418e4

    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

    Exception code: 0xc0000005

    Fault offset: 0x0002dfe4

    Faulting process id: 0xfa0

    Faulting application start time: 0xgoogledrivesync.exe0

    Faulting application path: googledrivesync.exe1

    Faulting module path: googledrivesync.exe2

    Report Id: googledrivesync.exe3

     

    Error: (11/23/2014 07:38:27 PM) (Source: System Restore) (EventID: 8206) (User: )

    Description: The restore point selected was damaged or deleted during the restore (WD SmartWare Installer).

     

    Error: (11/23/2014 06:00:14 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: googledrivesync.exe, version: 1.18.7821.2489, time stamp: 0x509418e4

    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

    Exception code: 0xc0000005

    Fault offset: 0x0002dfe4

    Faulting process id: 0x1174

    Faulting application start time: 0xgoogledrivesync.exe0

    Faulting application path: googledrivesync.exe1

    Faulting module path: googledrivesync.exe2

    Report Id: googledrivesync.exe3

     

    Error: (11/22/2014 08:03:56 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: googledrivesync.exe, version: 1.18.7821.2489, time stamp: 0x509418e4

    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

    Exception code: 0xc0000005

    Fault offset: 0x0002dfe4

    Faulting process id: 0x13bc

    Faulting application start time: 0xgoogledrivesync.exe0

    Faulting application path: googledrivesync.exe1

    Faulting module path: googledrivesync.exe2

    Report Id: googledrivesync.exe3

     

    Error: (11/22/2014 09:10:35 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: googledrivesync.exe, version: 1.18.7821.2489, time stamp: 0x509418e4

    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

    Exception code: 0xc0000005

    Fault offset: 0x0002dfe4

    Faulting process id: 0x1118

    Faulting application start time: 0xgoogledrivesync.exe0

    Faulting application path: googledrivesync.exe1

    Faulting module path: googledrivesync.exe2

    Report Id: googledrivesync.exe3

     

    Error: (11/22/2014 03:03:54 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: bcmwltry.exe, version: 5.30.21.0, time stamp: 0x4a53eb54

    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

    Exception code: 0xc0000005

    Fault offset: 0x000007ff0034bf68

    Faulting process id: 0x4cc

    Faulting application start time: 0xbcmwltry.exe0

    Faulting application path: bcmwltry.exe1

    Faulting module path: bcmwltry.exe2

    Report Id: bcmwltry.exe3

     

    Error: (11/20/2014 05:02:14 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: googledrivesync.exe, version: 1.18.7821.2489, time stamp: 0x509418e4

    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

    Exception code: 0xc0000005

    Fault offset: 0x0002dfe4

    Faulting process id: 0x1304

    Faulting application start time: 0xgoogledrivesync.exe0

    Faulting application path: googledrivesync.exe1

    Faulting module path: googledrivesync.exe2

    Report Id: googledrivesync.exe3

     

    Error: (11/19/2014 03:41:57 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: googledrivesync.exe, version: 1.18.7821.2489, time stamp: 0x509418e4

    Faulting module name: pyexpat.pyd, version: 0.0.0.0, time stamp: 0x53908779

    Exception code: 0xc0000005

    Fault offset: 0x00011160

    Faulting process id: 0x133c

    Faulting application start time: 0xgoogledrivesync.exe0

    Faulting application path: googledrivesync.exe1

    Faulting module path: googledrivesync.exe2

    Report Id: googledrivesync.exe3

     

    Error: (11/19/2014 02:45:36 PM) (Source: Chrome) (EventID: 1) (User: Livsie-PC)

    Description: Chrome has encountered a fatal error.

    ver=38.0.2125.111;lang=;guid=A071F610351B4B0DAF5B7E4B115432A0;is_machine=0;oop=1;upload=1;minidump=C:\Users\Livsie\AppData\Local\Google\CrashReports\d4892ee1-3dd4-4e64-a117-5c28924f0c3d.dmp

     

     

    System errors:

    =============

    Error: (11/24/2014 00:03:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

    Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

     

    Error: (11/23/2014 09:34:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

    Description: The following fatal alert was generated: 10. The internal error state is 10.

     

    Error: (11/23/2014 09:33:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

    Description: The following fatal alert was generated: 10. The internal error state is 10.

     

    Error: (11/23/2014 09:33:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

    Description: The following fatal alert was generated: 10. The internal error state is 10.

     

    Error: (11/23/2014 07:38:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

     

    Error: (11/23/2014 07:38:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

     

    Error: (11/23/2014 07:37:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The WinDefend service terminated with the following error:

    %%126

     

    Error: (11/23/2014 06:21:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

     

    Error: (11/23/2014 06:21:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

     

    Error: (11/23/2014 06:20:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

    Description: The WD Backup service failed to start due to the following error:

    %%1053

     

     

    Microsoft Office Sessions:

    =========================

    Error: (11/07/2014 07:46:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33656 seconds with 6660 seconds of active time.  This session ended with a crash.

     

    Error: (06/28/2013 07:21:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 355485 seconds with 6480 seconds of active time.  This session ended with a crash.

     

    Error: (09/24/2012 11:03:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 28866 seconds with 0 seconds of active time.  This session ended with a crash.

     

    Error: (09/20/2012 11:26:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 12239 seconds with 300 seconds of active time.  This session ended with a crash.

     

     

    CodeIntegrity Errors:

    ===================================

      Date: 2012-12-18 08:35:31.516

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2012-12-18 08:35:31.329

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

     

    ==================== Memory info ===========================

     

    Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz

    Percentage of memory in use: 72%

    Total physical RAM: 3892.52 MB

    Available physical RAM: 1076.07 MB

    Total Pagefile: 7783.23 MB

    Available Pagefile: 4484.16 MB

    Total Virtual: 8192 MB

    Available Virtual: 8191.83 MB

     

    ==================== Drives ================================

     

    Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:1.17 GB) NTFS

    Drive d: () (Fixed) (Total:397.3 GB) (Free:47.6 GB) NTFS

    Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

    Drive g: (LIV SCOTT) (Removable) (Total:1.91 GB) (Free:1.37 GB) FAT

     

    ==================== MBR & Partition Table ==================

     

    ========================================================

    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CCDD77FD)

    Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)

    Partition 2: (Active) - (Size=9.8 GB) - (Type=07 NTFS)

    Partition 3: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)

    Partition 4: (Not Active) - (Size=397.3 GB) - (Type=OF Extended)

     

    ========================================================

    Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

     

    Partition: GPT Partition Type.

     

    ==================== End Of Log ============================

     

     

     

    When I attempted to run the AVG removal tool, it looked like it was trying to work (The window popped up for literally a split-second) and then nothing. I finally found a AVGRemovalLog on my desktop, and it reads (I attempted it twice, and my system says it's Windows 64-bit):

    2014-11-24 20:44:22,939 ERROR Wrong application platform. Use corresponding application version for 32bit or 64bit systems
    2014-11-24 20:44:55,013 ERROR Wrong application platform. Use corresponding application version for 32bit or 64bit systems
     

     

    I was also able to complete the ComboFix Scan, and the log is below.

     

    ComboFix 14-11-24.02 - Livsie 11/24/14  12:59:24.3.4 - x64

    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2051 [GMT -8:00]

    Running from: c:\users\Livsie\Desktop\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((((   Files Created from 2014-10-24 to 2014-11-24  )))))))))))))))))))))))))))))))

    .

    .

    2014-11-24 21:06 . 2014-11-24 21:06            --------  d-----w-           c:\users\Public\AppData\Local\temp

    2014-11-24 21:06 . 2014-11-24 21:06            --------  d-----w-           c:\users\Default\AppData\Local\temp

    2014-11-24 20:32 . 2014-11-24 20:34            --------  d-----w-           C:\FRST

    2014-11-24 20:17 . 2014-11-24 20:18            10307952        ----a-w-            c:\windows\system32\Opera_1151_int_Setup.exe

    2014-11-23 07:09 . 2014-11-23 07:09            75888  ----a-w-            c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DF95E0A-A59C-4137-97A9-46DA13637AEC}\offreg.dll

    2014-11-21 16:33 . 2014-11-17 10:08            11632448        ----a-w-            c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DF95E0A-A59C-4137-97A9-46DA13637AEC}\mpengine.dll

    2014-11-19 17:44 . 2014-11-11 03:08            728064            ----a-w-            c:\windows\system32\kerberos.dll

    2014-11-19 17:44 . 2014-11-11 03:08            241152            ----a-w-            c:\windows\system32\pku2u.dll

    2014-11-19 17:44 . 2014-11-11 02:44            186880            ----a-w-            c:\windows\SysWow64\pku2u.dll

    2014-11-19 17:44 . 2014-11-11 02:44            550912            ----a-w-            c:\windows\SysWow64\kerberos.dll

    2014-11-17 06:51 . 2014-11-17 06:51            --------  d-----w-           c:\program files (x86)\Common Files\Cisco

    2014-11-16 03:39 . 2014-11-16 03:40            --------  d-----w-           c:\windows\system32\vbox

    2014-11-16 03:39 . 2014-11-16 03:40            --------  d-----w-           c:\windows\SysWow64\vbox

    2014-11-15 19:49 . 2014-11-15 19:49            364512            ----a-w-            c:\windows\system32\aswBoot.exe

    2014-11-15 19:49 . 2014-11-15 19:49            43152  ----a-w-            c:\windows\avastSS.scr

    2014-11-13 05:21 . 2014-11-17 05:51            --------  d-----w-           c:\users\Livsie\AppData\Local\FluxSoftware

    2014-11-12 17:45 . 2014-11-05 17:56            304640            ----a-w-            c:\windows\system32\generaltel.dll

    2014-11-12 17:45 . 2014-11-05 17:56            228864            ----a-w-            c:\windows\system32\aepdu.dll

    2014-11-12 17:45 . 2014-11-05 17:52            424448            ----a-w-            c:\windows\system32\aeinv.dll

    2014-11-12 17:45 . 2014-10-14 02:13            683520            ----a-w-            c:\windows\system32\termsrv.dll

    2014-11-12 17:45 . 2014-10-14 02:16            155064            ----a-w-            c:\windows\system32\drivers\ksecpkg.sys

    2014-11-12 17:45 . 2014-10-14 02:12            1460736          ----a-w-            c:\windows\system32\lsasrv.dll

    2014-11-12 17:45 . 2014-10-14 02:07            681984            ----a-w-            c:\windows\system32\adtschema.dll

    2014-11-12 17:45 . 2014-10-14 01:46            681984            ----a-w-            c:\windows\SysWow64\adtschema.dll

    2014-11-12 17:43 . 2014-08-12 02:02            878080            ----a-w-            c:\windows\system32\IMJP10K.DLL

    2014-11-12 17:42 . 2014-10-18 02:05            861696            ----a-w-            c:\windows\system32\oleaut32.dll

    2014-11-12 17:42 . 2014-10-18 01:33            571904            ----a-w-            c:\windows\SysWow64\oleaut32.dll

    2014-11-05 21:26 . 2011-09-28 17:44            467456            ----a-w-            c:\windows\system32\Spool\prtprocs\x64\hpcpp117.DLL

    2014-11-05 21:26 . 2011-09-28 17:44            311808            ----a-w-            c:\windows\system32\hpcpn117.dll

    2014-11-05 21:26 . 2011-09-28 17:34            316928            ----a-w-            c:\windows\SysWow64\hpcc3117.DLL

    2014-11-05 21:26 . 2011-04-20 04:57            511488            ----a-w-            c:\windows\SysWow64\hpcdmc32.DLL

    2014-11-04 16:47 . 2014-11-04 16:47            --------  d-sh--w-          c:\users\Livsie\AppData\Local\EmieUserList

    2014-11-04 16:47 . 2014-11-04 16:47            --------  d-sh--w-          c:\users\Livsie\AppData\Local\EmieSiteList

    2014-10-26 17:58 . 2014-08-29 02:07            3179520          ----a-w-            c:\windows\system32\rdpcorets.dll

    2014-10-26 17:58 . 2014-05-08 09:32            16384  ----a-w-            c:\windows\system32\RdpGroupPolicyExtension.dll

    2014-10-26 00:32 . 2012-08-23 14:10            19456  ----a-w-            c:\windows\system32\drivers\rdpvideominiport.sys

    2014-10-26 00:32 . 2012-08-23 11:12            192000            ----a-w-            c:\windows\SysWow64\rdpendp_winip.dll

    2014-10-26 00:32 . 2012-08-23 14:13            243200            ----a-w-            c:\windows\system32\rdpudd.dll

    2014-10-26 00:32 . 2012-08-23 10:51            228864            ----a-w-            c:\windows\system32\rdpendp_winip.dll

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2014-11-22 07:50 . 2013-02-06 19:52            1050432          ----a-w-            c:\windows\system32\drivers\aswsnx.sys

    2014-11-19 23:08 . 2014-08-14 05:03            129752            ----a-w-            c:\windows\system32\drivers\MBAMSwissArmy.sys

    2014-11-17 19:32 . 2012-04-01 06:55            701104            ----a-w-            c:\windows\SysWow64\FlashPlayerApp.exe

    2014-11-17 19:32 . 2011-05-15 21:27            71344  ----a-w-            c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2014-11-15 19:49 . 2014-04-23 05:39            29208  ----a-w-            c:\windows\system32\drivers\aswHwid.sys

    2014-11-15 19:49 . 2013-12-26 03:21            116728            ----a-w-            c:\windows\system32\drivers\aswstm.sys

    2014-11-15 19:49 . 2013-11-07 02:00            436624            ----a-w-            c:\windows\system32\drivers\aswsp.sys

    2014-11-15 19:49 . 2013-03-05 08:26            267632            ----a-w-            c:\windows\system32\drivers\aswVmm.sys

    2014-11-15 19:49 . 2013-03-05 08:26            65776  ----a-w-            c:\windows\system32\drivers\aswRvrt.sys

    2014-11-15 19:49 . 2013-02-06 19:52            83280  ----a-w-            c:\windows\system32\drivers\aswMonFlt.sys

    2014-11-15 19:49 . 2013-02-06 19:52            93568  ----a-w-            c:\windows\system32\drivers\aswRdr2.sys

    2014-11-13 11:03 . 2010-05-23 23:23            103374192      ----a-w-            c:\windows\system32\MRT.exe

    2014-11-04 22:30 . 2010-06-03 10:38            275080            ------w-            c:\windows\system32\MpSigStub.exe

    2014-10-17 16:37 . 2014-10-17 16:37            98216  ----a-w-            c:\windows\SysWow64\WindowsAccessBridge-32.dll

    2014-10-01 18:11 . 2014-08-14 05:03            63704  ----a-w-            c:\windows\system32\drivers\mwac.sys

    2014-10-01 18:11 . 2014-08-14 05:03            93400  ----a-w-            c:\windows\system32\drivers\mbamchameleon.sys

    2014-10-01 18:11 . 2012-12-13 07:03            25816  ----a-w-            c:\windows\system32\drivers\mbam.sys

    2014-09-25 02:08 . 2014-10-01 01:57            371712            ----a-w-            c:\windows\system32\qdvd.dll

    2014-09-25 01:40 . 2014-10-01 01:57            519680            ----a-w-            c:\windows\SysWow64\qdvd.dll

    2014-09-09 22:11 . 2014-09-24 06:04            2048    ----a-w-            c:\windows\system32\tzres.dll

    2014-09-09 21:47 . 2014-09-24 06:04            2048    ----a-w-            c:\windows\SysWow64\tzres.dll

    2014-09-05 02:11 . 2014-10-16 02:32            6584320          ----a-w-            c:\windows\system32\mstscax.dll

    2014-09-05 01:52 . 2014-10-16 02:32            5703168          ----a-w-            c:\windows\SysWow64\mstscax.dll

    2014-09-04 05:23 . 2014-10-16 02:32            424448            ----a-w-            c:\windows\system32\rastls.dll

    2014-09-04 05:04 . 2014-10-16 02:32            372736            ----a-w-            c:\windows\SysWow64\rastls.dll

    .

    .

    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2014-06-24 22:04        131480            ----a-w-            c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2014-06-24 22:04        131480            ----a-w-            c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

    2014-06-24 22:04        131480            ----a-w-            c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

    2014-06-24 22:04        131480            ----a-w-            c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2014-06-24 22:04        131480            ----a-w-            c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

    2014-06-24 22:04        131480            ----a-w-            c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

    2014-06-24 22:04        131480            ----a-w-            c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

    2014-06-24 22:04        131480            ----a-w-            c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-22 22869088]

    "HP Photosmart 7520 series (NET)"="c:\program files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-25 409744]

    "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]

    "QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]

    "WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2014-07-22 5562736]

    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-22 5226600]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]

    "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2014-06-11 707496]

    "NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2013-12-04 621384]

    .

    c:\users\Livsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 7520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=TH45O710MW05YY;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    BodyMedia Sync.lnk - d:\program files (x86)\BodyMedia\Sync\BodyMediaSync.exe /startup [2013-1-9 631808]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    "SoftwareSASGeneration"= 1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux1"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    .

    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

    R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]

    R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]

    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

    R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]

    S0 aswRvrt;avast! Revert; [x]

    S0 aswVmm;avast! VM Monitor; [x]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]

    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]

    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

    S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [x]

    S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]

    S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]

    S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]

    S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]

    S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]

    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

    S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    hpdevmgmt     REG_MULTI_SZ      hpqcxs08 hpqddsvc

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2014-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:32]

    .

    2014-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06 16:30]

    .

    2014-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06 16:30]

    .

    2014-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core.job

    - c:\users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12 23:29]

    .

    2014-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA.job

    - c:\users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12 23:29]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2014-11-15 19:49        860984            ----a-w-            c:\program files\AVAST Software\Avast\ashShA64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2014-06-24 22:04        164760            ----a-w-            c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2014-06-24 22:04        164760            ----a-w-            c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2014-06-24 22:04        164760            ----a-w-            c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

    2014-06-24 22:04        164760            ----a-w-            c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

    2014-10-22 01:52        777032            ----a-w-            c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2014-10-22 01:52        777032            ----a-w-            c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2014-10-22 01:52        777032            ----a-w-            c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

    2014-10-22 01:52        777032            ----a-w-            c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

    2014-10-22 01:52        777032            ----a-w-            c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

    2014-10-22 01:52        777032            ----a-w-            c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]

    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 2327952]

    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://us-mg6.mail.yahoo.com/neo/launch?.rand=0clipv0ercmvp

    mLocal Page = c:\windows\SysWOW64\blank.htm

    TCP: DhcpNameServer = 128.200.192.202 128.200.1.201

    FF - ProfilePath - c:\users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/reader/view/|http://www.facebook....deviantart.com/

    FF - ExtSQL: 2014-10-16 11:29; [email protected]; c:\users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\[email protected]

    FF - user.js: network.protocol-handler.warn-external.dnupdate - false

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-Locked - (no file)

    Wow6432Node-HKLM-Run-<NO NAME> - (no file)

    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

    AddRemove-Pong - d:\program files (x86)\Uninst.isu

    AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-171093069-540651395-608262162-1001\Software\SecuROM\License information*]

    @Allowed: (Read) (RestrictedCode)

    "datasecu"=hex:38,f7,23,23,ba,63,0c,91,33,e8,b5,a3,59,ed,2b,5a,2e,6d,2d,9d,06,

       d1,fa,0a,3b,32,4f,ca,2e,3f,09,eb,e4,e3,f9,f6,c2,4f,ed,dd,ac,03,37,71,07,46,\

    "rkeysecu"=hex:05,9c,2f,9f,45,21,16,d0,45,ab,1c,0d,d8,4e,59,27

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker6"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.15"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker6"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    Completion time: 2014-11-24  13:09:20

    ComboFix-quarantined-files.txt  2014-11-24 21:09

    ComboFix2.txt  2013-02-23 16:00

    ComboFix3.txt  2012-12-18 16:40

    .

    Pre-Run: 1,240,018,944 bytes free

    Post-Run: 4,667,408,384 bytes free

    .

    - - End Of File - - D078775763CB8B5A9F574B101947972C

    A36C5E4F47E84449FF07ED3517B43A31

     

     

     

    I was able to put Firefox back on my computer, and am able to download files using Firefox, which is a tremendous relief, to know that I at least have that as an option even though my preference is Chrome.

     

    I followed the commands to download Opera, but it’s saying it cannot find the file specified, even though I’m looking right at it! It was saved to C:\Windows\System32, and has the logo of Opera and recognizes it as an Application, but when I right-click and say Run as Administrator, it stills comes up with that error message. HOWEVER, I was able to download it using Firefox after I installed it. Unfortunately, Opera failed to download files in the same manner as Chrome, saying that the virus scan failed. Should I keep Opera on my computer?


    Edited by Liv Scott, 24 November 2014 - 04:57 PM.

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Good that you can download again.  Did you have to use the workaround I told you about or did the new install just work?

     

    I'm not seeing any sign of Zero Access or any other infection.

     

     

    Let's look at the registry where you have more than I do and also at your path:

     

    Copy the next 4 lines then Start, All Programs, Accessories, then right click on Command Prompt and Run as Admin.

     

    reg query  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies /s > \junk.txt

    reg query  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies /s >> \junk.txt

    set >> \junk.txt

    notepad \junk.txt

     

     

     

    Right click in the command window and select  Paste (on some you have to select Edit then Paste).  The 4 lines should appear.   Notepad should open.   If not hit Enter once.   Copy the text from notepad and paste it into your next reply.


    • 0

    #7
    Liv Scott

    Liv Scott

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    The new install of Firefox worked without having to use the workaround.

     

    That's wonderful to hear that it might be less serious. Here are the results from junk.txt

     

     
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
     
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
     
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
        NoDrives    REG_DWORD    0x0
        NoDriveTypeAutoRun    REG_BINARY    FF000000
     
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext
     
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
     
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
     
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate
     
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
        ScanWithAntiVirus    REG_DWORD    0x3
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
        NoDrives    REG_DWORD    0x0
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
        {BDEADF00-C265-11D0-BCED-00A0C90AB50F}    REG_DWORD    0x1
        {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}    REG_DWORD    0x40000021
        {0DF44EAA-FF21-4412-828E-260A8728E7F1}    REG_DWORD    0x20
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
        ConsentPromptBehaviorAdmin    REG_DWORD    0x5
        ConsentPromptBehaviorUser    REG_DWORD    0x3
        EnableInstallerDetection    REG_DWORD    0x1
        EnableLUA    REG_DWORD    0x1
        EnableSecureUIAPaths    REG_DWORD    0x1
        EnableUIADesktopToggle    REG_DWORD    0x0
        EnableVirtualization    REG_DWORD    0x1
        PromptOnSecureDesktop    REG_DWORD    0x1
        ValidateAdminCodeSignatures    REG_DWORD    0x0
        dontdisplaylastusername    REG_DWORD    0x0
        legalnoticecaption    REG_SZ    
        legalnoticetext    REG_SZ    
        scforceoption    REG_DWORD    0x0
        shutdownwithoutlogon    REG_DWORD    0x1
        undockwithoutlogon    REG_DWORD    0x1
        FilterAdministratorToken    REG_DWORD    0x0
        DisableRegistryTools    REG_DWORD    0x0
        SoftwareSASGeneration    REG_DWORD    0x1
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats
        CF_TEXT    REG_DWORD    0x1
        CF_BITMAP    REG_DWORD    0x2
        CF_OEMTEXT    REG_DWORD    0x7
        CF_DIB    REG_DWORD    0x8
        CF_PALETTE    REG_DWORD    0x9
        CF_UNICODETEXT    REG_DWORD    0xd
        CF_DIBV5    REG_DWORD    0x11
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate
     
    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Livsie\AppData\Roaming
    CLASSPATH=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
    CommonProgramW6432=C:\Program Files\Common Files
    COMPUTERNAME=LIVSIE-PC
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Livsie
    LOCALAPPDATA=C:\Users\Livsie\AppData\Local
    LOGONSERVER=\\LIVSIE-PC
    NUMBER_OF_PROCESSORS=4
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\Dell\Dell Wireless WLAN Card;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;D:\Program Files (x86)\VDMSound;D:\Program Files (x86)\QuickTime\QTSystem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=AMD64
    PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=2502
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    ProgramFiles(x86)=C:\Program Files (x86)
    ProgramW6432=C:\Program Files
    PROMPT=$P$G
    PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Livsie\AppData\Local\Temp
    TMP=C:\Users\Livsie\AppData\Local\Temp
    USERDOMAIN=Livsie-PC
    USERNAME=Livsie
    USERPROFILE=C:\Users\Livsie
    VDMSPath=D:\Program Files (x86)\VDMSound
    windir=C:\Windows

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Turns out that there are two places in the registry for 64 bit systems that might be a problem.  Look in

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Attachments

    and change 

    ScanWithAntiVirus from 3 to 1.

     

    Do the same for 

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments

     

    You can also look at HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\ but there should be only the Active Setup subkey.

     

    Then open Chrome and see if you can download.

     

    Since you had such good luck with a new install of Firefox perhaps a new install of Chrome might help.

     

    Let's check your hard drive to make sure it is not sick:

     

    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?

     

    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on Computer and select Manage (Continue or OK) Then click on the arrow in front of Event Viewer. Next, Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    The disk check will run and will take several hours to complete.  Log back in when it finishes.
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied lines should appear.  If notepad does not appear, Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.
     
     
    Ron

    • 0

    #9
    Liv Scott

    Liv Scott

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Hi Ron,

     

    I'm not sure where my post went, so here goes again!

     

    I tried the first fix, changed the 3 to 1 in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Windows\CurrentVersion\Policies\Attachments, and THAT WORKED!!! I haven't reinstalled Chrome yet, I was hesitant to do anything drastic since it works now unless you suggested it.

     

    I did however run the scans that you asked for!

     

    Event Viewer Tool

    Application

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 29/11/2014 12:28:38 AM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 28/11/2014 6:26:58 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: googledrivesync.exe, version: 1.18.7821.2489, time stamp: 0x509418e4 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002dfe4 Faulting process id: 0x175c Faulting application start time: 0x01d009b28a8b21bf Faulting application path: C:\Program Files (x86)\Google\Drive\googledrivesync.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 229ba328-772c-11e4-9e58-9a393bd85952
     
    Log: 'Application' Date/Time: 26/11/2014 7:52:53 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: WDBackupEngine.exe, version: 2.0.0.15, time stamp: 0x546690c1 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc00000fd Fault offset: 0x0002defe Faulting process id: 0x9fc Faulting application start time: 0x01d009b24b90d9a0 Faulting application path: C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: ce8cb5ba-75a5-11e4-9e58-9a393bd85952
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 26/11/2014 8:10:30 PM
    Type: Warning Category: 3
    Event: 10023 Source: Microsoft-Windows-Search
    The protocol host process 6872 did not respond and is being forcibly terminated {filter host process 7620}. 
     
     
    Log: 'Application' Date/Time: 26/11/2014 7:50:52 PM
    Type: Warning Category: 0
    Event: 1 Source: LMS
    LMS Service cannot connect to Intel® MEI driver
     
     
    System
    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 29/11/2014 12:29:50 AM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 27/11/2014 4:12:39 PM
    Type: Error Category: 0
    Event: 7011 Source: Service Control Manager
    A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
     
    Log: 'System' Date/Time: 27/11/2014 7:17:38 AM
    Type: Error Category: 0
    Event: 7011 Source: Service Control Manager
    A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
     
    Log: 'System' Date/Time: 26/11/2014 7:53:33 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
     
    Log: 'System' Date/Time: 26/11/2014 7:52:28 PM
    Type: Error Category: 0
    Event: 10016 Source: Microsoft-Windows-DistributedCOM
    The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
     
    Log: 'System' Date/Time: 26/11/2014 7:51:54 PM
    Type: Error Category: 0
    Event: 10016 Source: Microsoft-Windows-DistributedCOM
    The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
     
    Log: 'System' Date/Time: 26/11/2014 7:50:54 PM
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The WinDefend service terminated with the following error:  The specified module could not be found.
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 29/11/2014 12:49:25 AM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 23 seconds since the last report.
     
    Log: 'System' Date/Time: 28/11/2014 6:26:55 PM
    Type: Warning Category: 0
    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
     
    Log: 'System' Date/Time: 28/11/2014 11:10:40 AM
    Type: Warning Category: 0
    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
     
    Log: 'System' Date/Time: 28/11/2014 7:40:47 AM
    Type: Warning Category: 0
    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
     
    Log: 'System' Date/Time: 27/11/2014 10:58:38 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 24 seconds since the last report.
     
    Log: 'System' Date/Time: 27/11/2014 7:42:16 PM
    Type: Warning Category: 0
    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
     
    Log: 'System' Date/Time: 27/11/2014 8:21:00 AM
    Type: Warning Category: 0
    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
     
    Log: 'System' Date/Time: 27/11/2014 7:17:48 AM
    Type: Warning Category: 0
    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
     
    Log: 'System' Date/Time: 26/11/2014 9:38:18 PM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 23 seconds since the last report.
     
    Log: 'System' Date/Time: 26/11/2014 7:50:17 PM
    Type: Warning Category: 0
    Event: 1 Source: RTL8167
    Realtek PCIe FE Family Controller is disconnected from network.
     
     
     
    And I've attached the Speccy scan without my computer system serial number!

     

    If there is anything else you think I should do, I'm of course all ears! If not, I just wanted to thank you for taking the time out of your days to help me again.

    Attached Files


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    OK so I learned something this time.  Remember this is a work around that disables a security feature.  Make sure Avast checks any file you download.  If it doesn't do it automatically then right click on the file and scan with avast.

     

    Looking at your error log you have some other problems:

     

    Log: 'System' Date/Time: 27/11/2014 4:12:39 PM
    Type: Error Category: 0
    Event: 7011 Source: Service Control Manager
    A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

     

    Log: 'System' Date/Time: 27/11/2014 7:17:38 AM
    Type: Error Category: 0
    Event: 7011 Source: Service Control Manager
    A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
     
    I'm thinking these two may be because your network is a bit slow setting up as Speccy says they are both running running.
     
    Log: 'System' Date/Time: 26/11/2014 7:53:33 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
    Are you using the WD backup service?  If not uninstall it:
     

     

     

    1. Please be sure to install another backup solution once you have removed WD Anywhere Backup from your computer. Once the software is removed, your files will no longer be automaticly backed up.
    2. Uninstalling the software does not remove your existing backups from your WD external or network drive.
    3. In order to properly remove the WD Anywhere Backup software you will need to stop the program from running in the background by stopping the WD Anywhere Backup service, then uninstall the software. Please see the steps below for assistance removing the software:

       

       

      Important: If this does not uninstall WD Anywhere Backup successfully and you are using Windows XP, you may need to use System Restore to restore the computer to a previous date (before WD Anywhere Backup) was installed. For more information on how to use System Restore, please see Microsoft Answer 306084.

       
      1. Right-click on the taskbar icon, down by the system clock, for WD Anywhere Backup and then choose Quit from the pop-up menu. The icon should will look like a blue circular arrow or a knight from a chess set. If you don't have the icon down there, then the service is not running and you can move to the next step.
      2. Click on the OK button to acknowledge that you want to close the program.
      3. Click the Windows Start button.
      4. Go to the Control Panel.
      5. Double-click on Add/Remove Programs if you are running Windows 2000/XP, or Programs and Features if you are using Windows Vista to bring up the list of installed programs on your computer.
      6. Left-click on WD Anywhere Backup to Highlight the entry.
      7. Click on the Change/Remove or Uninstall button and an uninstall wizard will open.
      8. It will then ask if you want to keep your Backup Configuration files. If you don't plan to reinstall WD Anywhere Backup or you don't want your old backup configuration files click on No. If you are going to reinstall and you want to keep your configuration files. Click on Yes.
      9. Click on the Close button to finishg the uninstallation.
      10. When the uninstall wizard finishes, your web browser will open to a survey page. You can close this page without filling out the survey if you wish.

     

      1.  
     
    Log: 'System' Date/Time: 26/11/2014 7:52:28 PM
    Type: Error Category: 0
    Event: 10016 Source: Microsoft-Windows-DistributedCOM
    The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

     

    i. Click Start, type dcomcnfg in the Search bar, and hit enter.

    ii. In Component Services, double-click Component Services, and then double-click Computers.

    iii. Right-click My Computer, and then click Properties.

    iv. Click the COM Security tab.

    v. In the Launch and Activation Permissions area, click Edit Default.

    vi. Click Add, type System, and then click OK.

    vii. While System is selected, click to select the Allow check boxes for the following items:

    viii. Local Launch

    ix. Remote Launch

    x. Local Activation

    xi. Remote Activation

    xii. Click OK two times.

     

     

     

    Log: 'System' Date/Time: 26/11/2014 7:50:54 PM
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The WinDefend service terminated with the following error:  The specified module could not be found.
    Copy the next line:
     
    SC CONFIG "WinDefend" start= disabled
     
    Start, All programs, Accessories then right click on Command Prompt and Run As Admin.   Right click inside the command window and select Edit then paste (Or just Paste).  Hit Enter.  Do you get an error message or does it say:  [SC] ChangeServiceConfig SUCCESS
     
    I think there may also be a task running to start Windefend too so Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    Log: 'System' Date/Time: 29/11/2014 12:49:25 AM
    Type: Warning Category: 7
    Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
    The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 23 seconds since the last report.

     

     

    These are probably caused by speed step since the temps look OK.  Start, (Settings) Control panel, Power Options.  Change it to High Performance when plugged in.  OK.  
     
    Once you have done the above we want to clear the alarms, reboot and run VEW again:
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
     
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    Ron
     

    • 0

    Advertisements


    #11
    Liv Scott

    Liv Scott

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Hi Ron,

     

    I can't find the WD backup service anywhere, not on the lower right icon boxes or in my list of programs in my Control Panel-do you know another way I could find it? Normally I don't have my WD drive hooked up, when I do I back it up immediately.

     

    In attempting to run through the dcomcnfg instructions, right after I clicked OK twice I got an error message saying that Microsoft Management Console stopped working and then gave me an option to debug, is that something you would recommend?

     

    I ran Command Prompt with "SC CONFIG "WinDefend" start= disabled" and it came back "[SC] ChangeServiceConfig SUCCESS"

     

    Here are the results from the FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014

    Ran by Livsie (administrator) on LIVSIE-PC on 01-12-2014 16:59:46

    Running from C:\Users\Livsie\Desktop

    Loaded Profile: Livsie (Available profiles: Livsie)

    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

    Internet Explorer Version 11

    Boot Mode: Normal

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

     

    ==================== Processes (Whitelisted) =================

     

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

     

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

    () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

    (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE

    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe

    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    (SupportSoft, Inc.) C:\Program Files (x86)\DELL\DellComms\bin\sprtsvc.exe

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    (Intel Corporation) C:\Windows\System32\igfxtray.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe

    (Intel Corporation) C:\Windows\System32\hkcmd.exe

    (Intel Corporation) C:\Windows\System32\igfxpers.exe

    (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

    (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe

    (BodyMedia, Inc.) D:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe

    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

    (Microsoft Corporation) C:\Windows\System32\rundll32.exe

    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe

    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe

    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe

    (Microsoft Corporation) C:\Program Files\Zune\ZuneWlanCfgSvc.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Microsoft Corporation) C:\Windows\System32\cmd.exe

     

     

    ==================== Registry (Whitelisted) ==================

     

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

     

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-09] (Realtek Semiconductor)

    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)

    HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)

    HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

    HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)

    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

    HKLM-x32\...\Run: [] => [X]

    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)

    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)

    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [843776 2009-02-06] (SEIKO EPSON CORPORATION)

    HKLM-x32\...\Run: [QuickTime Task] => D:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)

    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)

    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-21] (AVAST Software)

    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-10] (Cisco Systems, Inc.)

    HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [621384 2013-12-04] (Cisco Systems, Inc.)

    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

    HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)

    HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

    HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0xFF000000

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BodyMedia Sync.lnk

    ShortcutTarget: BodyMedia Sync.lnk -> D:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe (BodyMedia, Inc.)

    Startup: C:\Users\Livsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk

    ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

     

    ==================== Internet (Whitelisted) ====================

     

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

     

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

    HKU\S-1-5-21-171093069-540651395-608262162-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome

    HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

    HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x057E34A12A08CE01

    HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

    HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://us-mg6.mail.y...d=0clipv0ercmvp

    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

    SearchScopes: HKLM -> DefaultScope {812F0E75-DDF8-40C9-83B9-57ACF1312B63} URL = http://www.bing.com/...rc=IE-SearchBox

    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

    SearchScopes: HKLM -> {812F0E75-DDF8-40C9-83B9-57ACF1312B63} URL = http://www.bing.com/...rc=IE-SearchBox

    SearchScopes: HKLM-x32 -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=18-06-2012

    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

    SearchScopes: HKLM-x32 -> {3EAD345A-5334-40C5-9F44-62F73C440223} URL = http://www.bing.com/...rc=IE-SearchBox

    SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=18-06-2012

    SearchScopes: HKU\S-1-5-21-171093069-540651395-608262162-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

    SearchScopes: HKU\S-1-5-21-171093069-540651395-608262162-1001 -> {812F0E75-DDF8-40C9-83B9-57ACF1312B63} URL = 

    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll No File

    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File

    BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

    Tcpip\Parameters: [DhcpNameServer] 128.200.1.201 128.200.192.202

     

    FireFox:

    ========

    FF ProfilePath: C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default

    FF DefaultSearchEngine: AOL Search

    FF Homepage: hxxp://www.google.com/reader/view/|hxxp://www.facebook.com/|hxxp://www.deviantart.com/

    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()

    FF Plugin: @microsoft.com/GENUINE -> disabled No File

    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()

    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @talk.google.com/O1DPlugin -> C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Livsie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF user.js: detected! => C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\user.js

    FF Plugin ProgramFiles/Appdata: C:\Users\Livsie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

    FF Plugin ProgramFiles/Appdata: C:\Users\Livsie\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

    FF SearchPlugin: C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\searchplugins\aol-search.xml

    FF Extension: Echofon - C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\Extensions\[email protected] [2012-12-16]

    FF Extension: Garmin Communicator - C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-01-25]

    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-06]

    FF HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\firefox.exe

     

    Chrome: 

    =======

    CHR HomePage: Default -> hxxp://www.google.com/reader/view/

    CHR Profile: C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default

    CHR Extension: (Google Drive) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-15]

    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

    CHR Extension: (YouTube) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-12]

    CHR Extension: (Facebook) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-06-15]

    CHR Extension: (Adblock Plus) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-03]

    CHR Extension: (Spotify - Music for every moment) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2013-06-15]

    CHR Extension: (Google Search) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-12]

    CHR Extension: (Netflix) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2013-06-15]

    CHR Extension: (Google News) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-06-15]

    CHR Extension: (NYTimes) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2013-06-15]

    CHR Extension: (Google Calendar) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-06-15]

    CHR Extension: (Avast SafePrice) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-17]

    CHR Extension: (Pandora) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-06-15]

    CHR Extension: (Avast Online Security) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-23]

    CHR Extension: (feedly) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-06-07]

    CHR Extension: (Dictionary Instant) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngaklbjlbjhmoilkegninbmpfigheol [2013-06-15]

    CHR Extension: (Google Play Music) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-06-15]

    CHR Extension: (Notifier for Twitter) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn [2012-09-12]

    CHR Extension: (SoundCloud) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-06-15]

    CHR Extension: (Hootsuite) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2013-06-15]

    CHR Extension: (Wave Accounting) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2013-06-15]

    CHR Extension: (InvisibleHand) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2012-10-12]

    CHR Extension: (Thor) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijopgmiofmhjaihppiboemgnddmjpge [2012-10-12]

    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]

    CHR Extension: (Google Wallet) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]

    CHR Extension: (Gmail) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-12]

    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]

    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]

    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

     

    ==================== Services (Whitelisted) =================

     

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

     

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)

    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-15] (Avast Software)

    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]

    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]

    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]

    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]

    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

    R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1289544 2013-12-04] (Cisco Systems, Inc.)

    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]

    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-11-14] (Western Digital Technologies, Inc.)

    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)

    R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]

    S3 GameConsoleService; "C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe" [X]

    S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service [X]

    S2 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

     

    ==================== Drivers (Whitelisted) ====================

     

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

     

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-15] ()

    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-15] (AVAST Software)

    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-15] (AVAST Software)

    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-15] ()

    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)

    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-15] (AVAST Software)

    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-15] (AVAST Software)

    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-15] ()

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

    S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)

    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)

    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-15] (Avast Software)

    S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-10] (Cisco Systems, Inc.)

    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

     

    ==================== NetSvcs (Whitelisted) ===================

     

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

     

     

    ==================== One Month Created Files and Folders ========

     

    (If an entry is included in the fixlist, the file\folder will be moved.)

     

    2014-12-01 16:59 - 2014-12-01 16:59 - 00000000 ____D () C:\Users\Livsie\Desktop\FRST-OlderVersion

    2014-11-27 10:13 - 2014-11-27 15:12 - 00011697 _____ () C:\Users\Livsie\Desktop\Meal Plan Week 9, November 30 Liv Fixed Template.xlsx

    2014-11-26 17:22 - 2014-11-27 09:55 - 00012470 _____ () C:\Users\Livsie\Desktop\Meal Plan Week 9, November 30.xlsx

    2014-11-26 13:00 - 2014-11-29 00:32 - 00223828 _____ () C:\Users\Livsie\Desktop\LIVSIE-PC.txt

    2014-11-26 12:54 - 2014-11-26 12:54 - 00000758 _____ () C:\Users\Public\Desktop\Speccy.lnk

    2014-11-26 12:54 - 2014-11-26 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

    2014-11-26 12:54 - 2014-11-26 12:54 - 00000000 ____D () C:\Program Files\Speccy

    2014-11-26 12:53 - 2014-11-26 12:53 - 04890736 _____ (Piriform Ltd) C:\Users\Livsie\Desktop\spsetup126.exe

    2014-11-26 12:47 - 2014-11-26 12:47 - 00061440 _____ ( ) C:\Users\Livsie\Desktop\VEW.exe

    2014-11-26 12:34 - 2014-11-26 12:34 - 00000000 ____D () C:\Program Files\Windows Defender

    2014-11-26 11:53 - 2014-11-26 12:09 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat

    2014-11-24 17:07 - 2014-11-24 17:07 - 00002079 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

    2014-11-24 17:06 - 2014-11-24 17:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

    2014-11-24 17:05 - 2014-11-24 17:07 - 00000000 ____D () C:\Program Files\Microsoft Security Client

    2014-11-24 14:51 - 2014-11-24 14:51 - 00003824 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1416869436

    2014-11-24 14:51 - 2014-11-24 14:51 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\Opera Software

    2014-11-24 14:51 - 2014-11-24 14:51 - 00000000 ____D () C:\Users\Livsie\AppData\Local\Opera Software

    2014-11-24 14:50 - 2014-11-24 14:50 - 00001093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

    2014-11-24 14:49 - 2014-11-25 16:07 - 00000000 ____D () C:\Program Files (x86)\Opera

    2014-11-24 14:48 - 2014-11-24 14:48 - 00683624 _____ (Opera Software) C:\Users\Livsie\Downloads\Opera_NI_stable.exe

    2014-11-24 13:50 - 2014-11-24 13:50 - 00000247 _____ () C:\Windows\system32\2014-11-24-21-50-02.094-aswFe.exe-4916.log

    2014-11-24 13:41 - 2014-11-24 13:50 - 00000247 _____ () C:\Windows\system32\2014-11-24-21-41-46.032-aswFe.exe-6276.log

    2014-11-24 13:41 - 2014-11-24 13:41 - 00000197 _____ () C:\Windows\system32\2014-11-24-21-41-41.046-AvastVBoxSVC.exe-3408.log

    2014-11-24 13:33 - 2014-11-24 13:34 - 00000197 _____ () C:\Windows\system32\2014-11-24-21-33-57.000-AvastVBoxSVC.exe-3048.log

    2014-11-24 13:27 - 2014-12-01 12:49 - 00000336 _____ () C:\Windows\setupact.log

    2014-11-24 13:27 - 2014-11-26 11:50 - 00014158 _____ () C:\Windows\PFRO.log

    2014-11-24 13:27 - 2014-11-24 13:27 - 00000000 _____ () C:\Windows\setuperr.log

    2014-11-24 13:09 - 2014-11-24 13:09 - 00030021 _____ () C:\ComboFix.txt

    2014-11-24 12:57 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe

    2014-11-24 12:57 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe

    2014-11-24 12:57 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

    2014-11-24 12:57 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

    2014-11-24 12:57 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

    2014-11-24 12:57 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe

    2014-11-24 12:57 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe

    2014-11-24 12:57 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe

    2014-11-24 12:44 - 2014-11-24 12:44 - 00000498 _____ () C:\Users\Livsie\Desktop\avgremover.log

    2014-11-24 12:33 - 2014-11-24 12:34 - 00040476 _____ () C:\Users\Livsie\Desktop\Addition.txt

    2014-11-24 12:32 - 2014-12-01 17:01 - 00029806 _____ () C:\Users\Livsie\Desktop\FRST.txt

    2014-11-24 12:32 - 2014-12-01 17:00 - 00000000 ____D () C:\FRST

    2014-11-24 12:17 - 2014-11-24 12:18 - 10307952 _____ (Opera Software ASA) C:\Windows\system32\Opera_1151_int_Setup.exe

    2014-11-24 11:27 - 2014-11-24 11:27 - 35285328 _____ () C:\Users\Livsie\Desktop\Firefox Setup 32.0.3.exe

    2014-11-24 11:27 - 2014-11-24 11:27 - 05598874 ____R (Swearware) C:\Users\Livsie\Desktop\ComboFix.exe

    2014-11-24 11:26 - 2014-11-24 11:26 - 01090912 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Livsie\Desktop\avg_remover_stf_x86_2011_1184.exe

    2014-11-24 11:25 - 2014-12-01 16:59 - 02117120 _____ (Farbar) C:\Users\Livsie\Desktop\FRST64.exe

    2014-11-21 08:36 - 2014-11-21 08:36 - 00244120 _____ () C:\Users\Livsie\Downloads\Firefox Setup Stub 33.1.1.exe

    2014-11-19 09:44 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

    2014-11-19 09:44 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

    2014-11-19 09:44 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

    2014-11-19 09:44 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

    2014-11-16 22:48 - 2014-11-16 22:49 - 08209601 _____ (Cisco Systems, Inc.) C:\Users\Livsie\Downloads\Update.exe

    2014-11-16 22:46 - 2014-11-24 17:07 - 00001945 _____ () C:\Windows\epplauncher.mif

    2014-11-16 22:43 - 2014-11-24 17:04 - 14087848 _____ (Microsoft Corporation) C:\Users\Livsie\Downloads\mseinstall.exe

    2014-11-15 19:51 - 2014-11-15 19:51 - 00000247 _____ () C:\Windows\system32\2014-11-16-03-51-38.051-aswFe.exe-7408.log

    2014-11-15 19:45 - 2014-11-15 19:51 - 00000247 _____ () C:\Windows\system32\2014-11-16-03-45-38.060-aswFe.exe-6796.log

    2014-11-15 19:45 - 2014-11-15 19:45 - 00000197 _____ () C:\Windows\system32\2014-11-16-03-45-32.098-AvastVBoxSVC.exe-5164.log

    2014-11-15 19:39 - 2014-11-15 19:40 - 00000000 ____D () C:\Windows\SysWOW64\vbox

    2014-11-15 19:39 - 2014-11-15 19:40 - 00000000 ____D () C:\Windows\system32\vbox

    2014-11-15 11:49 - 2014-11-15 11:49 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

    2014-11-15 11:49 - 2014-11-15 11:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

    2014-11-12 21:21 - 2014-11-16 21:51 - 00000000 ____D () C:\Users\Livsie\AppData\Local\FluxSoftware

    2014-11-12 21:20 - 2014-11-12 21:20 - 00597304 _____ () C:\Users\Livsie\Downloads\flux-setup.exe

    2014-11-12 09:45 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

    2014-11-12 09:45 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

    2014-11-12 09:45 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

    2014-11-12 09:45 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

    2014-11-12 09:45 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

    2014-11-12 09:45 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

    2014-11-12 09:45 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

    2014-11-12 09:45 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

    2014-11-12 09:44 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

    2014-11-12 09:44 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

    2014-11-12 09:44 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

    2014-11-12 09:44 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

    2014-11-12 09:44 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

    2014-11-12 09:44 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

    2014-11-12 09:44 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

    2014-11-12 09:44 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

    2014-11-12 09:44 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

    2014-11-12 09:44 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

    2014-11-12 09:44 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

    2014-11-12 09:44 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

    2014-11-12 09:44 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

    2014-11-12 09:44 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

    2014-11-12 09:44 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

    2014-11-12 09:44 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

    2014-11-12 09:44 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

    2014-11-12 09:44 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

    2014-11-12 09:44 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

    2014-11-12 09:44 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

    2014-11-12 09:44 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

    2014-11-12 09:44 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

    2014-11-12 09:44 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

    2014-11-12 09:44 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

    2014-11-12 09:44 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

    2014-11-12 09:44 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

    2014-11-12 09:44 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

    2014-11-12 09:44 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

    2014-11-12 09:44 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

    2014-11-12 09:44 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

    2014-11-12 09:44 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    2014-11-12 09:44 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

    2014-11-12 09:44 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

    2014-11-12 09:44 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

    2014-11-12 09:44 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

    2014-11-12 09:44 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

    2014-11-12 09:44 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

    2014-11-12 09:44 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

    2014-11-12 09:44 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

    2014-11-12 09:44 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

    2014-11-12 09:44 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

    2014-11-12 09:44 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

    2014-11-12 09:44 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

    2014-11-12 09:44 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

    2014-11-12 09:44 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

    2014-11-12 09:44 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

    2014-11-12 09:44 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

    2014-11-12 09:44 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

    2014-11-12 09:44 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

    2014-11-12 09:44 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

    2014-11-12 09:44 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

    2014-11-12 09:44 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

    2014-11-12 09:44 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

    2014-11-12 09:44 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

    2014-11-12 09:44 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

    2014-11-12 09:44 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

    2014-11-12 09:44 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

    2014-11-12 09:44 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

    2014-11-12 09:44 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

    2014-11-12 09:44 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

    2014-11-12 09:44 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

    2014-11-12 09:44 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

    2014-11-12 09:44 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

    2014-11-12 09:44 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

    2014-11-12 09:44 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

    2014-11-12 09:44 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

    2014-11-12 09:44 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

    2014-11-12 09:44 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

    2014-11-12 09:44 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

    2014-11-12 09:44 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

    2014-11-12 09:44 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

    2014-11-12 09:44 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

    2014-11-12 09:43 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

    2014-11-12 09:43 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

    2014-11-12 09:43 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

    2014-11-12 09:43 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

    2014-11-12 09:43 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

    2014-11-12 09:43 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

    2014-11-12 09:43 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

    2014-11-12 09:43 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

    2014-11-12 09:42 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

    2014-11-12 09:42 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

    2014-11-05 13:26 - 2011-09-28 09:44 - 00311808 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn117.dll

    2014-11-05 13:26 - 2011-09-28 09:34 - 00316928 _____ () C:\Windows\SysWOW64\hpcc3117.DLL

    2014-11-05 13:26 - 2011-04-19 20:57 - 00511488 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.DLL

    2014-11-04 08:47 - 2014-11-04 08:47 - 00000000 __SHD () C:\Users\Livsie\AppData\Local\EmieUserList

    2014-11-04 08:47 - 2014-11-04 08:47 - 00000000 __SHD () C:\Users\Livsie\AppData\Local\EmieSiteList

     

    ==================== One Month Modified Files and Folders =======

     

    (If an entry is included in the fixlist, the file\folder will be moved.)

     

    2014-12-01 16:42 - 2013-02-06 11:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2014-12-01 16:39 - 2009-07-13 21:10 - 01947877 _____ () C:\Windows\WindowsUpdate.log

    2014-12-01 16:33 - 2013-02-16 09:34 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA.job

    2014-12-01 16:32 - 2012-03-31 22:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

    2014-12-01 14:33 - 2013-02-16 09:34 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core.job

    2014-11-30 21:42 - 2013-02-06 11:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2014-11-30 16:42 - 2009-07-13 21:13 - 00804496 _____ () C:\Windows\system32\PerfStringBackup.INI

    2014-11-29 00:29 - 2013-01-31 20:23 - 00004906 _____ () C:\VEW.txt

    2014-11-28 16:37 - 2013-02-06 11:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

    2014-11-27 11:32 - 2012-03-31 22:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

    2014-11-27 11:32 - 2012-03-31 22:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

    2014-11-27 11:32 - 2011-05-15 13:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    2014-11-26 17:48 - 2014-06-03 20:39 - 00000000 ____D () C:\Users\Livsie\Desktop\Food and Weight

    2014-11-26 12:00 - 2009-12-23 17:46 - 00000000 ____D () C:\DELL

    2014-11-26 11:58 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2014-11-26 11:58 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2014-11-26 11:53 - 2013-07-15 19:27 - 00000000 ___RD () C:\Users\Livsie\Google Drive

    2014-11-26 11:50 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

    2014-11-25 19:34 - 2010-10-03 17:28 - 00009216 _____ () C:\Users\Livsie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    2014-11-24 22:17 - 2013-02-04 19:54 - 00004862 _____ () C:\junk.txt

    2014-11-24 14:36 - 2014-08-13 21:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

    2014-11-24 13:27 - 2014-10-16 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

    2014-11-24 13:16 - 2011-04-01 00:15 - 00000664 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

    2014-11-24 13:09 - 2012-12-18 08:25 - 00000000 ____D () C:\Qoobox

    2014-11-24 13:06 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini

    2014-11-24 11:45 - 2010-06-25 15:16 - 00000000 ____D () C:\Windows\Minidump

    2014-11-23 19:18 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF

    2014-11-21 23:50 - 2013-02-06 11:52 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

    2014-11-19 11:08 - 2013-04-22 12:05 - 00000000 ____D () C:\ProgramData\Package Cache

    2014-11-19 11:06 - 2013-04-22 12:09 - 00000000 ____D () C:\Program Files\Common Files\Western Digital

    2014-11-19 11:06 - 2013-04-22 12:09 - 00000000 ____D () C:\Program Files (x86)\Western Digital

    2014-11-16 22:52 - 2014-09-14 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

    2014-11-16 22:51 - 2010-12-17 12:33 - 00000000 ____D () C:\Program Files (x86)\Cisco

    2014-11-15 11:49 - 2014-04-22 21:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

    2014-11-15 11:49 - 2013-12-25 19:21 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

    2014-11-15 11:49 - 2013-11-06 18:00 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

    2014-11-15 11:49 - 2013-03-05 00:26 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

    2014-11-15 11:49 - 2013-03-05 00:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

    2014-11-15 11:49 - 2013-02-06 11:52 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

    2014-11-15 11:49 - 2013-02-06 11:52 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

    2014-11-13 21:37 - 2013-02-06 11:52 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

    2014-11-13 21:37 - 2013-02-06 11:52 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    2014-11-13 05:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache

    2014-11-13 04:08 - 2009-07-13 20:45 - 00361256 _____ () C:\Windows\system32\FNTCACHE.DAT

    2014-11-13 04:05 - 2014-04-29 19:40 - 00000000 ___SD () C:\Windows\system32\CompatTel

    2014-11-13 03:47 - 2010-03-31 15:57 - 00000000 ____D () C:\ProgramData\Microsoft Help

    2014-11-13 03:38 - 2013-10-28 20:23 - 00000000 ____D () C:\Windows\system32\MRT

    2014-11-13 03:03 - 2010-05-23 15:23 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    2014-11-12 14:28 - 2012-09-12 15:29 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA

    2014-11-12 14:28 - 2012-09-12 15:29 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core

    2014-11-10 13:29 - 2010-05-19 16:49 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\Mozilla

    2014-11-10 08:34 - 2012-07-09 22:06 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\Dropbox

    2014-11-08 01:51 - 2010-05-19 20:08 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\Skype

    2014-11-06 19:27 - 2013-02-06 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

    2014-11-04 14:30 - 2010-06-03 02:38 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    2014-11-04 08:46 - 2010-05-22 16:19 - 00000000 ____D () C:\Users\Livsie\AppData\Local\Adobe

    2014-11-04 04:07 - 2010-05-18 18:32 - 00000000 ____D () C:\Users\Livsie

    2014-11-03 10:54 - 2010-06-29 19:20 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\HpUpdate

     

    ==================== Bamital & volsnap Check =================

     

    (There is no automatic fix for files that do not pass verification.)

     

    C:\Windows\System32\winlogon.exe => File is digitally signed

    C:\Windows\System32\wininit.exe => File is digitally signed

    C:\Windows\SysWOW64\wininit.exe => File is digitally signed

    C:\Windows\explorer.exe => File is digitally signed

    C:\Windows\SysWOW64\explorer.exe => File is digitally signed

    C:\Windows\System32\svchost.exe => File is digitally signed

    C:\Windows\SysWOW64\svchost.exe => File is digitally signed

    C:\Windows\System32\services.exe => File is digitally signed

    C:\Windows\System32\User32.dll => File is digitally signed

    C:\Windows\SysWOW64\User32.dll => File is digitally signed

    C:\Windows\System32\userinit.exe => File is digitally signed

    C:\Windows\SysWOW64\userinit.exe => File is digitally signed

    C:\Windows\System32\rpcss.dll => File is digitally signed

    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

     

     

    LastRegBack: 2014-11-26 06:01

     

    ==================== End Of Log ============================

     

    Here are the results from the Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014

    Ran by Livsie at 2014-12-01 17:02:48

    Running from C:\Users\Livsie\Desktop

    Boot Mode: Normal

    ==========================================================

     

     

    ==================== Security Center ========================

     

    (If an entry is included in the fixlist, it will be removed.)

     

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

     

    ==================== Installed Programs ======================

     

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

     

    64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden

    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)

    Acrobat.com (x32 Version: 2.1.0 - Adobe Systems Incorporated) Hidden

    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)

    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)

    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

    AIM for Windows (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\AIM) (Version:  - AOL Inc.)

    AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

    AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

    AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

    AOL Messaging Toolbar (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\AOL Messaging Toolbar) (Version:  - )

    Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

    Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)

    Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)

    bodybugg Software (HKLM-x32\...\InstallShield_{CB706270-54EA-4E48-9FFB-0B95FA04DBE6}) (Version: 9.0.0.846 - BodyMedia, Inc.)

    bodybugg Software (x32 Version: 9.0.0.846 - BodyMedia, Inc.) Hidden

    BodyMedia SYNC (HKLM-x32\...\InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}) (Version: 2.3.1.102 - BodyMedia, Inc.)

    BodyMedia SYNC (x32 Version: 2.3.1.102 - BodyMedia, Inc.) Hidden

    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

    C3100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

    c3100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden

    CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)

    Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)

    Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden

    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

    Cisco NAC Agent  (HKLM-x32\...\{3657178B-CDB0-46B0-8C43-E1FB50DA313D}) (Version: 4.9.4.3 - Cisco Systems, Inc.)

    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

    Commander Keen 4: Goodbye Galaxy (HKLM-x32\...\Commander Keen 4: Goodbye Galaxy - Install) (Version:  - )

    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)

    Complete Care Consumer Service Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)

    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)

    Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden

    Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)

    Dell Communications (Support Software) (HKLM-x32\...\{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}) (Version: 1.0.09094 - Dell)

    Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)

    Dell Dock (Version: 2.0 - Stardock Corporation) Hidden

    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)

    Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)

    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.303 - ALPS ELECTRIC CO., LTD.)

    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)

    Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)

    Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden

    DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden

    DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

    Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION

    Dropbox (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)

    Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)

    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.000 - SEIKO EPSON CORPORATION)

    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )

    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )

    EPSON WorkForce 310 Series Printer Uninstall (HKLM\...\EPSON WorkForce 310 Series) (Version:  - SEIKO EPSON Corporation)

    EPSON XP-800 Series Printer Uninstall (HKLM\...\EPSON XP-800 Series) (Version:  - SEIKO EPSON Corporation)

    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)

    EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)

    Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden

    FL Studio 9 (HKLM-x32\...\FL Studio 9) (Version:  - Image-Line)

    FoxyTunes for Firefox (HKLM-x32\...\FoxyTunesForFirefox) (Version:  - )

    Garmin Communicator Plugin (HKLM-x32\...\{8ED02445-D491-414C-A56D-2ED6BBB7239A}) (Version: 3.0.1 - Garmin Ltd or its subsidiaries)

    Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)

    Google Chrome (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)

    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)

    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

    Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line)

    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

    HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

    HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)

    HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden

    HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden

    HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

    HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

    HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

    LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )

    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)

    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden

    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

    Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)

    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)

    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)

    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)

    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

    Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden

    Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden

    Opera Stable 26.0.1656.24 (HKLM-x32\...\Opera 26.0.1656.24) (Version: 26.0.1656.24 - Opera Software ASA)

    Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)

    Pong (HKLM-x32\...\Pong) (Version:  - )

    Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)

    PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)

    QualXServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)

    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.11 - Dell Inc.)

    QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)

    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)

    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.)

    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)

    Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)

    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden

    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

    Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

    SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden

    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)

    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )

    Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden

    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

    Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line)

    TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden

    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

    Unity Web Player (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)

    UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

    VDMSound (HKLM-x32\...\VDMSound) (Version: 2.1.0 - Vlad Romascanu)

    VueMinder Calendar Lite (HKLM-x32\...\{F595BBCE-C93D-44A1-9779-D6B8721A651F}) (Version: 7.2.1001 - VueSoft)

    WD Quick View (HKLM-x32\...\{2A3862B1-F0C6-49F3-AB9A-C53D7C4EEBEA}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)

    WD SmartWare (HKLM\...\{5A6ABA38-E8D6-4B52-B0BF-44081833E1D2}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)

    WD SmartWare Installer (HKLM-x32\...\{e502616c-37a2-498e-a9ee-cd1234ccc820}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)

    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

    WinRAR (HKLM-x32\...\WinRAR) (Version:  - )

    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

    Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

    Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

     

    ==================== Custom CLSID (selected items): ==========================

     

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

     

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

     

    ==================== Restore Points  =========================

     

    25-11-2014 01:12:36 Windows Update

    28-11-2014 07:54:17 Windows Update

    01-12-2014 20:15:59 Windows Update

     

    ==================== Hosts content: ==========================

     

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

     

    2009-07-13 18:34 - 2014-11-19 21:09 - 00000039 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1       localhost

     

     

     

     

     

    ==================== Scheduled Tasks (whitelisted) =============

     

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

     

    Task: {072236B5-37DF-415D-B3E2-D6535D44ADA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

    Task: {170A61EE-B695-423D-924F-65708D5003B7} - System32\Tasks\Livsie-PC\Livsie - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)

    Task: {1E720257-FDD0-4541-B99B-AE486DC5DD37} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated)

    Task: {3DAC61EB-808A-4A25-88EC-51B78A7590D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)

    Task: {57378B1C-43CD-4932-9CD7-96C2A96B66F6} - System32\Tasks\D1234567\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)

    Task: {5C8C3E5B-2089-45E1-A6B8-34C0C4719E46} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-15] (AVAST Software)

    Task: {88109771-3ED3-4EE3-A7C7-CA98E748E9E0} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)

    Task: {8BE1D9B2-3A90-44B9-AA68-FBBB4C46B548} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)

    Task: {8EC54DBF-61BD-4465-9FF1-7A71C494148A} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

    Task: {92435E04-0F86-4FA6-8B77-5D6A544634D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)

    Task: {CA3B2726-D70A-451B-8F7C-CF639CF8C624} - System32\Tasks\Opera scheduled Autoupdate 1416869436 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-20] (Opera Software)

    Task: {DC5D5CA9-4765-4F50-AF9C-7F3731EDFDDB} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)

    Task: {E0036ECE-F0EA-4D05-83DF-983FFDB78C98} - System32\Tasks\{06E33403-A08B-4A14-BD9C-D35EC8B19314} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)

    Task: {F0DCDCF0-1265-420E-9135-48AA4A48974C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core.job => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA.job => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe

     

    ==================== Loaded Modules (whitelisted) =============

     

    2010-03-31 15:38 - 2009-07-17 09:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

    2010-03-31 15:38 - 2009-07-17 09:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll

    2014-10-06 15:21 - 2012-12-04 19:33 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL

    2014-09-30 22:09 - 2012-12-04 19:33 - 02672128 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030SU.DLL

    2014-09-30 22:09 - 2012-12-04 19:33 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030GC.dll

    2014-06-10 19:34 - 2014-06-10 19:34 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

    2014-11-26 09:29 - 2014-11-26 09:29 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112600\algo.dll

    2014-12-01 16:07 - 2014-12-01 16:07 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14120101\algo.dll

    2012-02-20 23:55 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll

    2012-02-20 23:55 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

    2014-11-15 11:49 - 2014-11-15 11:49 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    2014-11-25 20:40 - 2014-11-24 22:39 - 01077064 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.71\libglesv2.dll

    2014-11-25 20:40 - 2014-11-24 22:39 - 00211272 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.71\libegl.dll

    2014-11-25 20:40 - 2014-11-24 22:39 - 09009480 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll

    2014-11-25 20:40 - 2014-11-24 22:39 - 01677128 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll

    2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll

    2014-11-25 20:40 - 2014-11-24 22:39 - 14910280 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll

     

    ==================== Alternate Data Streams (whitelisted) =========

     

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

     

     

    ==================== Safe Mode (whitelisted) ===================

     

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

     

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

     

    ==================== EXE Association (whitelisted) =============

     

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

     

     

    ==================== MSCONFIG/TASK MANAGER disabled items =========

     

    (Currently there is no automatic fix for this section.)

     

    MSCONFIG\startupreg: AVG9_TRAY => D:\PROGRA~2\avgtray.exe

    MSCONFIG\startupreg: AVG_TRAY => C:\Program Files (x86)\AVG\AVG10\avgtray.exe

    MSCONFIG\startupreg: DellComms => "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms

    MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

    MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

    MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

     

    ========================= Accounts: ==========================

     

    Administrator (S-1-5-21-171093069-540651395-608262162-500 - Administrator - Disabled)

    Guest (S-1-5-21-171093069-540651395-608262162-501 - Limited - Disabled)

    HomeGroupUser$ (S-1-5-21-171093069-540651395-608262162-1002 - Limited - Enabled)

    Livsie (S-1-5-21-171093069-540651395-608262162-1001 - Administrator - Enabled) => C:\Users\Livsie

     

    ==================== Faulty Device Manager Devices =============

     

    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

    Manufacturer: Cisco Systems

    Service: vpnva

    Problem: : This device is disabled. (Code 22)

    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

     

     

    ==================== Event log errors: =========================

     

    Application errors:

    ==================

    Error: (12/01/2014 04:53:45 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: mmc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc808

    Faulting module name: comuid.dll, version: 2001.12.8530.16385, time stamp: 0x4a5bdf82

    Exception code: 0xc0000005

    Fault offset: 0x0000000000027eb4

    Faulting process id: 0x%9

    Faulting application start time: 0xmmc.exe0

    Faulting application path: mmc.exe1

    Faulting module path: mmc.exe2

    Report Id: mmc.exe3

     

    Error: (11/28/2014 10:26:58 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: googledrivesync.exe, version: 1.18.7821.2489, time stamp: 0x509418e4

    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

    Exception code: 0xc0000005

    Fault offset: 0x0002dfe4

    Faulting process id: 0x175c

    Faulting application start time: 0xgoogledrivesync.exe0

    Faulting application path: googledrivesync.exe1

    Faulting module path: googledrivesync.exe2

    Report Id: googledrivesync.exe3

     

    Error: (11/26/2014 11:52:53 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: WDBackupEngine.exe, version: 2.0.0.15, time stamp: 0x546690c1

    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

    Exception code: 0xc00000fd

    Fault offset: 0x0002defe

    Faulting process id: 0x9fc

    Faulting application start time: 0xWDBackupEngine.exe0

    Faulting application path: WDBackupEngine.exe1

    Faulting module path: WDBackupEngine.exe2

    Report Id: WDBackupEngine.exe3

     

     

    System errors:

    =============

    Error: (12/01/2014 11:16:53 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

    Description: WLAN Extensibility Module has failed to start.

     

    Module Path: C:\Windows\System32\bcmihvsrv64.dll

    Error Code: 21

     

    Error: (11/29/2014 09:22:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

     

    Error: (11/27/2014 08:12:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

     

    Error: (11/26/2014 11:17:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

     

    Error: (11/26/2014 11:53:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

    Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

     

    Error: (11/26/2014 11:52:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

     

    Error: (11/26/2014 11:51:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

     

    Error: (11/26/2014 11:50:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The WinDefend service terminated with the following error: 

    %%126

     

     

    Microsoft Office Sessions:

    =========================

    Error: (11/07/2014 07:46:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33656 seconds with 6660 seconds of active time.  This session ended with a crash.

     

    Error: (06/28/2013 07:21:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 355485 seconds with 6480 seconds of active time.  This session ended with a crash.

     

    Error: (09/24/2012 11:03:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 28866 seconds with 0 seconds of active time.  This session ended with a crash.

     

    Error: (09/20/2012 11:26:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 12239 seconds with 300 seconds of active time.  This session ended with a crash.

     

     

    CodeIntegrity Errors:

    ===================================

      Date: 2012-12-18 08:35:31.516

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2012-12-18 08:35:31.329

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

     

    ==================== Memory info =========================== 

     

    Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz

    Percentage of memory in use: 71%

    Total physical RAM: 3892.52 MB

    Available physical RAM: 1110.73 MB

    Total Pagefile: 7783.23 MB

    Available Pagefile: 2719.86 MB

    Total Virtual: 8192 MB

    Available Virtual: 8191.85 MB

     

    ==================== Drives ================================

     

    Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:0.76 GB) NTFS

    Drive d: () (Fixed) (Total:397.3 GB) (Free:50.23 GB) NTFS

     

    ==================== MBR & Partition Table ==================

     

    ========================================================

    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CCDD77FD)

    Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)

    Partition 2: (Active) - (Size=9.8 GB) - (Type=07 NTFS)

    Partition 3: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)

    Partition 4: (Not Active) - (Size=397.3 GB) - (Type=OF Extended)

     

    ==================== End Of Log ============================

     

    I couldn’t find the pathway you outlined to change it to High Performance, so I clicked the radio button next to High Performance and reset the settings to the default, does that work?

     

    Here is the VEW.txt log for System

     

    Vino's Event Viewer v01c run on Windows 2008 in English

    Report run at 01/12/2014 5:56:46 PM

     

    Note: All dates below are in the format dd/mm/yyyy

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    'System' Log - Critical Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    'System' Log - Error Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Log: 'System' Date/Time: 02/12/2014 1:47:35 AM

    Type: Error Category: 0

    Event: 10016 Source: Microsoft-Windows-DistributedCOM

    The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

     

    Log: 'System' Date/Time: 02/12/2014 1:47:23 AM

    Type: Error Category: 0

    Event: 10016 Source: Microsoft-Windows-DistributedCOM

    The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    'System' Log - Warning Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Log: 'System' Date/Time: 02/12/2014 1:49:44 AM

    Type: Warning Category: 0

    Event: 1014 Source: Microsoft-Windows-DNS-Client

    Name resolution for the name ipm-provider.ff.avast.com timed out after none of the configured DNS servers responded.

     

    Log: 'System' Date/Time: 02/12/2014 1:49:23 AM

    Type: Warning Category: 0

    Event: 1014 Source: Microsoft-Windows-DNS-Client

    Name resolution for the name wpad.uci.edu timed out after none of the configured DNS servers responded.

     

    Log: 'System' Date/Time: 02/12/2014 1:45:47 AM

    Type: Warning Category: 0

    Event: 1 Source: RTL8167

    Realtek PCIe FE Family Controller is disconnected from network.

     

    Log: 'System' Date/Time: 02/12/2014 1:45:13 AM

    Type: Warning Category: 0

    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

    WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll

     

     

    And here is the VEW.txt log for Application

     

    Vino's Event Viewer v01c run on Windows 2008 in English

    Report run at 01/12/2014 5:59:16 PM

     

    Note: All dates below are in the format dd/mm/yyyy

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    'Application' Log - Critical Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    'Application' Log - Error Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    'Application' Log - Warning Type

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Log: 'Application' Date/Time: 02/12/2014 1:46:18 AM

    Type: Warning Category: 0

    Event: 1 Source: LMS

    LMS Service cannot connect to Intel® MEI driver


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Uninstall Microsoft Security Essentials.  You don't want two anti-viruses.  They fight each other and slow you down.  You should also uninstall Skype Click to Call.  This is the annoying program that turns every random 10 digit number into a telephone number. I doubt you need it and it slows things down a tad.  Won't stop Skpe from working.

     

    I am seeing 3 WD programs in the uninstall list:

     

    WD Quick View (HKLM-x32\...\{2A3862B1-F0C6-49F3-AB9A-C53D7C4EEBEA}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)

    WD SmartWare (HKLM\...\{5A6ABA38-E8D6-4B52-B0BF-44081833E1D2}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)

    WD SmartWare Installer (HKLM-x32\...\{e502616c-37a2-498e-a9ee-cd1234ccc820}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)

     

    Not sure which does the backup but suppose it must be one of them.

     

    Uninstall Speccy,  Don't need it any more.  Also Opera unless you want to use it.

     

    Also see if you can uninstall:

     

    Intel® Management Engine Components

     

    This is something used by big companies to remotely control PCs on their network.  Nothing you need and it's causing an error.  Sometimes you have to go into the BIOS setup to turn it off or you can try the latest driver from Intel:  http://downloadcente...g&DwnldID=18532 to get rid of the error.

     

    You have two AVG entries turned off in MSCONFIG.  Try checking them, rebooting then try the avg removal tool again.  Remember to right click on it and Run As Admin.

     

    I'm going to clean up some deadwood with FRST:

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix

     

    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

     

     

     

     

     

     

     


    • 0

    #13
    Liv Scott

    Liv Scott

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Hi Ron,

     

    I understand that having 2 anti-virus programs running on my computer can cause my computer to slow down and fight each other. Here’s my problem with uninstalling Microsoft Essentials-it was the only way to get my computer onto the internet at my apartment. ResNet (the provider that my graduate student housing uses) requires me to have Cisco NAC on my computer, which is a program that checks my antivirus for up-to-date virus definitions and such. It has stopped acknowledging Avast as having updated virus definitions and will only recognize Microsoft Essentials.

     

    I currently have Avast disabled permanently on my computer, would it be best to uninstall it completely?

     

     

     

    I wasn’t able to identify which WD program was the backup program, and when I tried to uninstall one of them, it uninstalled all of them. I have also uninstalled Speccy and Opera.

     

     

    I can’t find the Intel Management Engine Components in the Control Panel or by searching my computer. When I attempted to download the driver from Intel, the button to accept the agreement wasn’t functioning.

     

    I just attempted the AVG Removal Tool again with both boxes checked, and I still get the message (I also tried restarting my computer again just in case).

    “2014-12-02 05:26:34,669 ERROR Wrong application platform. Use corresponding application version for 32bit or 64bit systems

    2014-12-02 05:30:38,865 ERROR Wrong application platform. Use corresponding application version for 32bit or 64bit systems

    2014-12-02 05:32:29,994 ERROR Wrong application platform. Use corresponding application version for 32bit or 64bit systems”

     

     

    Here is the fixlog.txt from FRST-I was unsure what you wanted me to do with the fixitlist once I downloaded it to my desktop (same as FRS is saved), was I supposed to type that in the search box in FRST?

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014

    Ran by Livsie at 2014-12-02 17:55:02 Run:1

    Running from C:\Users\Livsie\Desktop

    Loaded Profile: Livsie (Available profiles: Livsie)

    Boot Mode: Normal

    ==============================================

     

    Content of fixlist:

    *****************

    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-21-171093069-540651395-608262162-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-21-171093069-540651395-608262162-1001 -> {812F0E75-DDF8-40C9-83B9-57ACF1312B63} URL =

    \Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll No File

    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    C:\Program Files (x86)\AVG

    D:\PROGRA~2\avgtray.exe

    *****************

     

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.

    "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.

    "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.

    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.

    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

    "HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.

    HKU\S-1-5-21-171093069-540651395-608262162-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

    "HKU\S-1-5-21-171093069-540651395-608262162-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{812F0E75-DDF8-40C9-83B9-57ACF1312B63}" => Key deleted successfully.

    "HKCR\CLSID\{812F0E75-DDF8-40C9-83B9-57ACF1312B63}" => Key not found.

    \Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) => Error: No automatic fix found for this entry.

    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" => Key deleted successfully.

    "HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.

    "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.

    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}" => Key deleted successfully.

    "HKCR\Wow6432Node\CLSID\{0347C33E-8762-4905-BF09-768834316C61}" => Key deleted successfully.

    "HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.

    "HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.

    "HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.

    "HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.

    "C:\Program Files (x86)\AVG" => File/Directory not found.

    D:\PROGRA~2\avgtray.exe => Moved successfully.

     

    ==== End of Fixlog ====

     

     

    Here is the FRST log!

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014

    Ran by Livsie (administrator) on LIVSIE-PC on 02-12-2014 18:01:29

    Running from C:\Users\Livsie\Desktop

    Loaded Profile: Livsie (Available profiles: Livsie)

    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

    Internet Explorer Version 11

    Boot Mode: Normal

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

     

    ==================== Processes (Whitelisted) =================

     

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

     

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

    () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

    (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    (Intel Corporation) C:\Windows\System32\igfxtray.exe

    (Intel Corporation) C:\Windows\System32\hkcmd.exe

    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe

    (Intel Corporation) C:\Windows\System32\igfxpers.exe

    (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

    (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe

    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe

    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    (SupportSoft, Inc.) C:\Program Files (x86)\DELL\DellComms\bin\sprtsvc.exe

    (BodyMedia, Inc.) D:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe

    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe

    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

    (Microsoft Corporation) C:\Windows\splwow64.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe

    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Users\Livsie\AppData\Local\Google\Chrome\Application\chrome.exe

     

     

    ==================== Registry (Whitelisted) ==================

     

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

     

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-09] (Realtek Semiconductor)

    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)

    HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)

    HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

    HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)

    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

    HKLM-x32\...\Run: [] => [X]

    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)

    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)

    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [843776 2009-02-06] (SEIKO EPSON CORPORATION)

    HKLM-x32\...\Run: [QuickTime Task] => D:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)

    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-21] (AVAST Software)

    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-10] (Cisco Systems, Inc.)

    HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [621384 2013-12-04] (Cisco Systems, Inc.)

    HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe

    HKLM-x32\...\Run: [AVG9_TRAY] => D:\PROGRA~2\avgtray.exe

    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

    HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)

    HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

    HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0xFF000000

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BodyMedia Sync.lnk

    ShortcutTarget: BodyMedia Sync.lnk -> D:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe (BodyMedia, Inc.)

    Startup: C:\Users\Livsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk

    ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

     

    ==================== Internet (Whitelisted) ====================

     

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

     

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

    HKU\S-1-5-21-171093069-540651395-608262162-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome

    HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

    HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x057E34A12A08CE01

    HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

    HKU\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://us-mg6.mail.y...d=0clipv0ercmvp

    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

    SearchScopes: HKLM -> DefaultScope {812F0E75-DDF8-40C9-83B9-57ACF1312B63} URL = http://www.bing.com/...rc=IE-SearchBox

    SearchScopes: HKLM -> {812F0E75-DDF8-40C9-83B9-57ACF1312B63} URL = http://www.bing.com/...rc=IE-SearchBox

    SearchScopes: HKLM-x32 -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=18-06-2012

    SearchScopes: HKLM-x32 -> {3EAD345A-5334-40C5-9F44-62F73C440223} URL = http://www.bing.com/...rc=IE-SearchBox

    SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect...mrud=18-06-2012

    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

    BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    Tcpip\Parameters: [DhcpNameServer] 128.200.1.201 128.200.192.202

     

    FireFox:

    ========

    FF ProfilePath: C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default

    FF DefaultSearchEngine: AOL Search

    FF Homepage: hxxp://www.google.com/reader/view/|hxxp://www.facebook.com/|hxxp://www.deviantart.com/

    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()

    FF Plugin: @microsoft.com/GENUINE -> disabled No File

    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()

    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @talk.google.com/O1DPlugin -> C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin HKU\S-1-5-21-171093069-540651395-608262162-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Livsie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF user.js: detected! => C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\user.js

    FF Plugin ProgramFiles/Appdata: C:\Users\Livsie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

    FF Plugin ProgramFiles/Appdata: C:\Users\Livsie\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

    FF SearchPlugin: C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\searchplugins\aol-search.xml

    FF Extension: Echofon - C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\Extensions\[email protected] [2012-12-16]

    FF Extension: Garmin Communicator - C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-01-25]

    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-06]

    FF HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\firefox.exe

     

    Chrome:

    =======

    CHR HomePage: Default -> hxxp://www.google.com/reader/view/

    CHR Profile: C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default

    CHR Extension: (Google Drive) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-15]

    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

    CHR Extension: (YouTube) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-12]

    CHR Extension: (Facebook) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-06-15]

    CHR Extension: (Adblock Plus) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-03]

    CHR Extension: (Spotify - Music for every moment) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2013-06-15]

    CHR Extension: (Google Search) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-12]

    CHR Extension: (Netflix) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2013-06-15]

    CHR Extension: (Google News) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-06-15]

    CHR Extension: (NYTimes) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2013-06-15]

    CHR Extension: (Google Calendar) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-06-15]

    CHR Extension: (Avast SafePrice) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-17]

    CHR Extension: (Pandora) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-06-15]

    CHR Extension: (Avast Online Security) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-23]

    CHR Extension: (feedly) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-06-07]

    CHR Extension: (Dictionary Instant) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngaklbjlbjhmoilkegninbmpfigheol [2013-06-15]

    CHR Extension: (Google Play Music) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-06-15]

    CHR Extension: (Notifier for Twitter) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn [2012-09-12]

    CHR Extension: (SoundCloud) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-06-15]

    CHR Extension: (Hootsuite) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2013-06-15]

    CHR Extension: (Wave Accounting) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2013-06-15]

    CHR Extension: (InvisibleHand) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2012-10-12]

    CHR Extension: (Thor) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijopgmiofmhjaihppiboemgnddmjpge [2012-10-12]

    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]

    CHR Extension: (Google Wallet) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]

    CHR Extension: (Gmail) - C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-12]

    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]

    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]

     

    ==================== Services (Whitelisted) =================

     

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

     

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)

    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-15] (Avast Software)

    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]

    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]

    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]

    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]

    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

    R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1289544 2013-12-04] (Cisco Systems, Inc.)

    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]

    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

    R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]

    S3 GameConsoleService; "C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe" [X]

    S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service [X]

    S2 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

     

    ==================== Drivers (Whitelisted) ====================

     

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

     

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-15] ()

    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-15] (AVAST Software)

    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-15] (AVAST Software)

    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-15] ()

    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)

    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-15] (AVAST Software)

    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-15] (AVAST Software)

    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-15] ()

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

    S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)

    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)

    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-15] (Avast Software)

    S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-10] (Cisco Systems, Inc.)

    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

     

    ==================== NetSvcs (Whitelisted) ===================

     

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

     

     

    ==================== One Month Created Files and Folders ========

     

    (If an entry is included in the fixlist, the file\folder will be moved.)

     

    2014-12-01 21:32 - 2014-12-01 21:32 - 00002984 _____ () C:\Windows\System32\Tasks\{14C0EDF0-2C5C-4C0C-ABF6-33E4F4F85EB4}

    2014-12-01 21:02 - 2014-12-01 21:02 - 00000000 __SHD () C:\Users\Livsie\AppData\Local\EmieBrowserModeList

    2014-12-01 17:46 - 2014-12-01 17:51 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat

    2014-12-01 17:32 - 2014-12-01 17:33 - 04443312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

    2014-12-01 16:59 - 2014-12-01 16:59 - 00000000 ____D () C:\Users\Livsie\Desktop\FRST-OlderVersion

    2014-11-27 10:13 - 2014-11-27 15:12 - 00011697 _____ () C:\Users\Livsie\Desktop\Meal Plan Week 9, November 30 Liv Fixed Template.xlsx

    2014-11-26 17:22 - 2014-11-27 09:55 - 00012470 _____ () C:\Users\Livsie\Desktop\Meal Plan Week 9, November 30.xlsx

    2014-11-26 13:00 - 2014-11-29 00:32 - 00223828 _____ () C:\Users\Livsie\Desktop\LIVSIE-PC.txt

    2014-11-26 12:54 - 2014-11-26 12:54 - 00000758 _____ () C:\Users\Public\Desktop\Speccy.lnk

    2014-11-26 12:54 - 2014-11-26 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

    2014-11-26 12:54 - 2014-11-26 12:54 - 00000000 ____D () C:\Program Files\Speccy

    2014-11-26 12:53 - 2014-11-26 12:53 - 04890736 _____ (Piriform Ltd) C:\Users\Livsie\Desktop\spsetup126.exe

    2014-11-26 12:47 - 2014-11-26 12:47 - 00061440 _____ ( ) C:\Users\Livsie\Desktop\VEW.exe

    2014-11-26 12:34 - 2014-11-26 12:34 - 00000000 ____D () C:\Program Files\Windows Defender

    2014-11-24 17:07 - 2014-11-24 17:07 - 00002079 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

    2014-11-24 17:06 - 2014-11-24 17:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

    2014-11-24 17:05 - 2014-11-24 17:07 - 00000000 ____D () C:\Program Files\Microsoft Security Client

    2014-11-24 14:51 - 2014-12-01 21:02 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\Opera Software

    2014-11-24 14:51 - 2014-12-01 21:02 - 00000000 ____D () C:\Users\Livsie\AppData\Local\Opera Software

    2014-11-24 14:49 - 2014-12-01 21:02 - 00000000 ____D () C:\Program Files (x86)\Opera

    2014-11-24 14:48 - 2014-11-24 14:48 - 00683624 _____ (Opera Software) C:\Users\Livsie\Downloads\Opera_NI_stable.exe

    2014-11-24 13:50 - 2014-11-24 13:50 - 00000247 _____ () C:\Windows\system32\2014-11-24-21-50-02.094-aswFe.exe-4916.log

    2014-11-24 13:41 - 2014-11-24 13:50 - 00000247 _____ () C:\Windows\system32\2014-11-24-21-41-46.032-aswFe.exe-6276.log

    2014-11-24 13:41 - 2014-11-24 13:41 - 00000197 _____ () C:\Windows\system32\2014-11-24-21-41-41.046-AvastVBoxSVC.exe-3408.log

    2014-11-24 13:33 - 2014-11-24 13:34 - 00000197 _____ () C:\Windows\system32\2014-11-24-21-33-57.000-AvastVBoxSVC.exe-3048.log

    2014-11-24 13:27 - 2014-12-01 21:28 - 00000560 _____ () C:\Windows\setupact.log

    2014-11-24 13:27 - 2014-12-01 21:23 - 00043296 _____ () C:\Windows\PFRO.log

    2014-11-24 13:27 - 2014-11-24 13:27 - 00000000 _____ () C:\Windows\setuperr.log

    2014-11-24 13:09 - 2014-11-24 13:09 - 00030021 _____ () C:\ComboFix.txt

    2014-11-24 12:57 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe

    2014-11-24 12:57 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe

    2014-11-24 12:57 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

    2014-11-24 12:57 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

    2014-11-24 12:57 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

    2014-11-24 12:57 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe

    2014-11-24 12:57 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe

    2014-11-24 12:57 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe

    2014-11-24 12:44 - 2014-12-01 21:32 - 00001242 _____ () C:\Users\Livsie\Desktop\avgremover.log

    2014-11-24 12:33 - 2014-12-01 17:04 - 00037112 _____ () C:\Users\Livsie\Desktop\Addition.txt

    2014-11-24 12:32 - 2014-12-02 18:02 - 00026665 _____ () C:\Users\Livsie\Desktop\FRST.txt

    2014-11-24 12:32 - 2014-12-02 18:01 - 00000000 ____D () C:\FRST

    2014-11-24 12:17 - 2014-11-24 12:18 - 10307952 _____ (Opera Software ASA) C:\Windows\system32\Opera_1151_int_Setup.exe

    2014-11-24 11:27 - 2014-11-24 11:27 - 35285328 _____ () C:\Users\Livsie\Desktop\Firefox Setup 32.0.3.exe

    2014-11-24 11:27 - 2014-11-24 11:27 - 05598874 ____R (Swearware) C:\Users\Livsie\Desktop\ComboFix.exe

    2014-11-24 11:26 - 2014-11-24 11:26 - 01090912 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Livsie\Desktop\avg_remover_stf_x86_2011_1184.exe

    2014-11-24 11:25 - 2014-12-01 16:59 - 02117120 _____ (Farbar) C:\Users\Livsie\Desktop\FRST64.exe

    2014-11-21 08:36 - 2014-11-21 08:36 - 00244120 _____ () C:\Users\Livsie\Downloads\Firefox Setup Stub 33.1.1.exe

    2014-11-19 09:44 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

    2014-11-19 09:44 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

    2014-11-19 09:44 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

    2014-11-19 09:44 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

    2014-11-16 22:48 - 2014-11-16 22:49 - 08209601 _____ (Cisco Systems, Inc.) C:\Users\Livsie\Downloads\Update.exe

    2014-11-16 22:46 - 2014-11-24 17:07 - 00001945 _____ () C:\Windows\epplauncher.mif

    2014-11-16 22:43 - 2014-11-24 17:04 - 14087848 _____ (Microsoft Corporation) C:\Users\Livsie\Downloads\mseinstall.exe

    2014-11-15 19:51 - 2014-11-15 19:51 - 00000247 _____ () C:\Windows\system32\2014-11-16-03-51-38.051-aswFe.exe-7408.log

    2014-11-15 19:45 - 2014-11-15 19:51 - 00000247 _____ () C:\Windows\system32\2014-11-16-03-45-38.060-aswFe.exe-6796.log

    2014-11-15 19:45 - 2014-11-15 19:45 - 00000197 _____ () C:\Windows\system32\2014-11-16-03-45-32.098-AvastVBoxSVC.exe-5164.log

    2014-11-15 19:39 - 2014-11-15 19:40 - 00000000 ____D () C:\Windows\SysWOW64\vbox

    2014-11-15 19:39 - 2014-11-15 19:40 - 00000000 ____D () C:\Windows\system32\vbox

    2014-11-15 11:49 - 2014-11-15 11:49 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

    2014-11-15 11:49 - 2014-11-15 11:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

    2014-11-12 21:21 - 2014-11-16 21:51 - 00000000 ____D () C:\Users\Livsie\AppData\Local\FluxSoftware

    2014-11-12 21:20 - 2014-11-12 21:20 - 00597304 _____ () C:\Users\Livsie\Downloads\flux-setup.exe

    2014-11-12 09:45 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

    2014-11-12 09:45 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

    2014-11-12 09:45 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

    2014-11-12 09:45 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

    2014-11-12 09:45 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

    2014-11-12 09:45 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

    2014-11-12 09:45 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

    2014-11-12 09:45 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

    2014-11-12 09:44 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

    2014-11-12 09:44 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

    2014-11-12 09:44 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

    2014-11-12 09:44 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

    2014-11-12 09:44 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

    2014-11-12 09:44 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

    2014-11-12 09:44 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

    2014-11-12 09:44 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

    2014-11-12 09:44 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

    2014-11-12 09:44 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

    2014-11-12 09:44 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

    2014-11-12 09:44 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

    2014-11-12 09:44 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

    2014-11-12 09:44 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

    2014-11-12 09:44 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

    2014-11-12 09:44 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

    2014-11-12 09:44 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

    2014-11-12 09:44 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

    2014-11-12 09:44 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

    2014-11-12 09:44 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

    2014-11-12 09:44 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

    2014-11-12 09:44 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

    2014-11-12 09:44 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

    2014-11-12 09:44 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

    2014-11-12 09:44 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

    2014-11-12 09:44 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

    2014-11-12 09:44 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

    2014-11-12 09:44 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

    2014-11-12 09:44 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

    2014-11-12 09:44 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

    2014-11-12 09:44 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    2014-11-12 09:44 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

    2014-11-12 09:44 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

    2014-11-12 09:44 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

    2014-11-12 09:44 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

    2014-11-12 09:44 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

    2014-11-12 09:44 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

    2014-11-12 09:44 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

    2014-11-12 09:44 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

    2014-11-12 09:44 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

    2014-11-12 09:44 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

    2014-11-12 09:44 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

    2014-11-12 09:44 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

    2014-11-12 09:44 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

    2014-11-12 09:44 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

    2014-11-12 09:44 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

    2014-11-12 09:44 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

    2014-11-12 09:44 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

    2014-11-12 09:44 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

    2014-11-12 09:44 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

    2014-11-12 09:44 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

    2014-11-12 09:44 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

    2014-11-12 09:44 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

    2014-11-12 09:44 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

    2014-11-12 09:44 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

    2014-11-12 09:44 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

    2014-11-12 09:44 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

    2014-11-12 09:44 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

    2014-11-12 09:44 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

    2014-11-12 09:44 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

    2014-11-12 09:44 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

    2014-11-12 09:44 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

    2014-11-12 09:44 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

    2014-11-12 09:44 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

    2014-11-12 09:44 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

    2014-11-12 09:44 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

    2014-11-12 09:44 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

    2014-11-12 09:44 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

    2014-11-12 09:44 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

    2014-11-12 09:44 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

    2014-11-12 09:44 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

    2014-11-12 09:44 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

    2014-11-12 09:43 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

    2014-11-12 09:43 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

    2014-11-12 09:43 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

    2014-11-12 09:43 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

    2014-11-12 09:43 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

    2014-11-12 09:43 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

    2014-11-12 09:43 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

    2014-11-12 09:43 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

    2014-11-12 09:43 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

    2014-11-12 09:43 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

    2014-11-12 09:42 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

    2014-11-12 09:42 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

    2014-11-05 13:26 - 2011-09-28 09:44 - 00311808 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn117.dll

    2014-11-05 13:26 - 2011-09-28 09:34 - 00316928 _____ () C:\Windows\SysWOW64\hpcc3117.DLL

    2014-11-05 13:26 - 2011-04-19 20:57 - 00511488 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.DLL

    2014-11-04 08:47 - 2014-11-04 08:47 - 00000000 __SHD () C:\Users\Livsie\AppData\Local\EmieUserList

    2014-11-04 08:47 - 2014-11-04 08:47 - 00000000 __SHD () C:\Users\Livsie\AppData\Local\EmieSiteList

     

    ==================== One Month Modified Files and Folders =======

     

    (If an entry is included in the fixlist, the file\folder will be moved.)

     

    2014-12-02 17:45 - 2013-02-16 09:34 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA.job

    2014-12-02 17:45 - 2013-02-06 11:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2014-12-02 17:45 - 2009-07-13 21:10 - 02025318 _____ () C:\Windows\WindowsUpdate.log

    2014-12-02 17:44 - 2012-03-31 22:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

    2014-12-02 15:00 - 2013-02-16 09:34 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core.job

    2014-12-02 09:52 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF

    2014-12-01 22:52 - 2010-05-19 20:08 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\Skype

    2014-12-01 22:00 - 2009-12-23 17:46 - 00000000 ____D () C:\DELL

    2014-12-01 21:56 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2014-12-01 21:56 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2014-12-01 21:42 - 2013-02-06 11:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2014-12-01 21:31 - 2013-02-06 11:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

    2014-12-01 21:30 - 2013-07-15 19:27 - 00000000 ___RD () C:\Users\Livsie\Google Drive

    2014-12-01 21:28 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

    2014-12-01 21:08 - 2011-06-23 23:28 - 00000000 ____D () C:\ProgramData\Western Digital

    2014-12-01 21:04 - 2014-04-27 10:32 - 00000000 ___RD () C:\Program Files (x86)\Skype

    2014-12-01 17:59 - 2013-01-31 20:23 - 00000622 _____ () C:\VEW.txt

    2014-12-01 17:34 - 2012-03-31 22:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

    2014-12-01 17:34 - 2012-03-31 22:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

    2014-12-01 17:34 - 2011-05-15 13:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    2014-11-30 16:42 - 2009-07-13 21:13 - 00804496 _____ () C:\Windows\system32\PerfStringBackup.INI

    2014-11-26 17:48 - 2014-06-03 20:39 - 00000000 ____D () C:\Users\Livsie\Desktop\Food and Weight

    2014-11-25 19:34 - 2010-10-03 17:28 - 00009216 _____ () C:\Users\Livsie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    2014-11-24 22:17 - 2013-02-04 19:54 - 00004862 _____ () C:\junk.txt

    2014-11-24 14:36 - 2014-08-13 21:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

    2014-11-24 13:27 - 2014-10-16 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

    2014-11-24 13:16 - 2011-04-01 00:15 - 00000664 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

    2014-11-24 13:09 - 2012-12-18 08:25 - 00000000 ____D () C:\Qoobox

    2014-11-24 13:06 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini

    2014-11-24 11:45 - 2010-06-25 15:16 - 00000000 ____D () C:\Windows\Minidump

    2014-11-21 23:50 - 2013-02-06 11:52 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

    2014-11-16 22:52 - 2014-09-14 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

    2014-11-16 22:51 - 2010-12-17 12:33 - 00000000 ____D () C:\Program Files (x86)\Cisco

    2014-11-15 11:49 - 2014-04-22 21:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

    2014-11-15 11:49 - 2013-12-25 19:21 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

    2014-11-15 11:49 - 2013-11-06 18:00 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

    2014-11-15 11:49 - 2013-03-05 00:26 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

    2014-11-15 11:49 - 2013-03-05 00:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

    2014-11-15 11:49 - 2013-02-06 11:52 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

    2014-11-15 11:49 - 2013-02-06 11:52 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

    2014-11-13 21:37 - 2013-02-06 11:52 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

    2014-11-13 21:37 - 2013-02-06 11:52 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    2014-11-13 05:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache

    2014-11-13 04:08 - 2009-07-13 20:45 - 00361256 _____ () C:\Windows\system32\FNTCACHE.DAT

    2014-11-13 04:05 - 2014-04-29 19:40 - 00000000 ___SD () C:\Windows\system32\CompatTel

    2014-11-13 03:47 - 2010-03-31 15:57 - 00000000 ____D () C:\ProgramData\Microsoft Help

    2014-11-13 03:38 - 2013-10-28 20:23 - 00000000 ____D () C:\Windows\system32\MRT

    2014-11-13 03:03 - 2010-05-23 15:23 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    2014-11-12 14:28 - 2012-09-12 15:29 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA

    2014-11-12 14:28 - 2012-09-12 15:29 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core

    2014-11-10 13:29 - 2010-05-19 16:49 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\Mozilla

    2014-11-10 08:34 - 2012-07-09 22:06 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\Dropbox

    2014-11-06 19:27 - 2013-02-06 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

    2014-11-04 14:30 - 2010-06-03 02:38 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    2014-11-04 08:46 - 2010-05-22 16:19 - 00000000 ____D () C:\Users\Livsie\AppData\Local\Adobe

    2014-11-04 04:07 - 2010-05-18 18:32 - 00000000 ____D () C:\Users\Livsie

    2014-11-03 10:54 - 2010-06-29 19:20 - 00000000 ____D () C:\Users\Livsie\AppData\Roaming\HpUpdate

     

    Some content of TEMP:

    ====================

    C:\Users\Livsie\AppData\Local\Temp\SkypeSetup.exe

     

     

    ==================== Bamital & volsnap Check =================

     

    (There is no automatic fix for files that do not pass verification.)

     

    C:\Windows\System32\winlogon.exe => File is digitally signed

    C:\Windows\System32\wininit.exe => File is digitally signed

    C:\Windows\SysWOW64\wininit.exe => File is digitally signed

    C:\Windows\explorer.exe => File is digitally signed

    C:\Windows\SysWOW64\explorer.exe => File is digitally signed

    C:\Windows\System32\svchost.exe => File is digitally signed

    C:\Windows\SysWOW64\svchost.exe => File is digitally signed

    C:\Windows\System32\services.exe => File is digitally signed

    C:\Windows\System32\User32.dll => File is digitally signed

    C:\Windows\SysWOW64\User32.dll => File is digitally signed

    C:\Windows\System32\userinit.exe => File is digitally signed

    C:\Windows\SysWOW64\userinit.exe => File is digitally signed

    C:\Windows\System32\rpcss.dll => File is digitally signed

    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

     

     

    LastRegBack: 2014-11-26 06:01

     

    ==================== End Of Log ============================

     

     

     

    And here is the Addition log

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014

    Ran by Livsie at 2014-12-02 18:03:46

    Running from C:\Users\Livsie\Desktop

    Boot Mode: Normal

    ==========================================================

     

     

    ==================== Security Center ========================

     

    (If an entry is included in the fixlist, it will be removed.)

     

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

     

    ==================== Installed Programs ======================

     

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

     

    64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden

    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)

    Acrobat.com (x32 Version: 2.1.0 - Adobe Systems Incorporated) Hidden

    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)

    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)

    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

    AIM for Windows (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\AIM) (Version:  - AOL Inc.)

    AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

    AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

    AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

    AOL Messaging Toolbar (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\AOL Messaging Toolbar) (Version:  - )

    Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

    Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)

    Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)

    bodybugg Software (HKLM-x32\...\InstallShield_{CB706270-54EA-4E48-9FFB-0B95FA04DBE6}) (Version: 9.0.0.846 - BodyMedia, Inc.)

    bodybugg Software (x32 Version: 9.0.0.846 - BodyMedia, Inc.) Hidden

    BodyMedia SYNC (HKLM-x32\...\InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}) (Version: 2.3.1.102 - BodyMedia, Inc.)

    BodyMedia SYNC (x32 Version: 2.3.1.102 - BodyMedia, Inc.) Hidden

    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

    C3100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

    c3100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden

    CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)

    Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)

    Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden

    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

    Cisco NAC Agent  (HKLM-x32\...\{3657178B-CDB0-46B0-8C43-E1FB50DA313D}) (Version: 4.9.4.3 - Cisco Systems, Inc.)

    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

    Commander Keen 4: Goodbye Galaxy (HKLM-x32\...\Commander Keen 4: Goodbye Galaxy - Install) (Version:  - )

    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)

    Complete Care Consumer Service Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)

    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)

    Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden

    Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)

    Dell Communications (Support Software) (HKLM-x32\...\{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}) (Version: 1.0.09094 - Dell)

    Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)

    Dell Dock (Version: 2.0 - Stardock Corporation) Hidden

    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)

    Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)

    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.303 - ALPS ELECTRIC CO., LTD.)

    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)

    Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)

    Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden

    DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden

    DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

    Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION

    Dropbox (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)

    Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)

    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.000 - SEIKO EPSON CORPORATION)

    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )

    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )

    EPSON WorkForce 310 Series Printer Uninstall (HKLM\...\EPSON WorkForce 310 Series) (Version:  - SEIKO EPSON Corporation)

    EPSON XP-800 Series Printer Uninstall (HKLM\...\EPSON XP-800 Series) (Version:  - SEIKO EPSON Corporation)

    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)

    EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)

    Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden

    FL Studio 9 (HKLM-x32\...\FL Studio 9) (Version:  - Image-Line)

    FoxyTunes for Firefox (HKLM-x32\...\FoxyTunesForFirefox) (Version:  - )

    Garmin Communicator Plugin (HKLM-x32\...\{8ED02445-D491-414C-A56D-2ED6BBB7239A}) (Version: 3.0.1 - Garmin Ltd or its subsidiaries)

    Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)

    Google Chrome (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)

    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)

    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

    Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line)

    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

    HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

    HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)

    HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden

    HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden

    HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

    HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

    HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

    LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )

    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)

    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden

    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

    Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)

    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)

    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)

    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)

    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

    Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden

    Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden

    Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)

    Pong (HKLM-x32\...\Pong) (Version:  - )

    Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)

    PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)

    QualXServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)

    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.11 - Dell Inc.)

    QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)

    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)

    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.)

    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)

    Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)

    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden

    Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

    SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden

    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)

    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )

    Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden

    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

    Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line)

    TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden

    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

    Unity Web Player (HKU\S-1-5-21-171093069-540651395-608262162-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)

    UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

    VDMSound (HKLM-x32\...\VDMSound) (Version: 2.1.0 - Vlad Romascanu)

    VueMinder Calendar Lite (HKLM-x32\...\{F595BBCE-C93D-44A1-9779-D6B8721A651F}) (Version: 7.2.1001 - VueSoft)

    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

    WinRAR (HKLM-x32\...\WinRAR) (Version:  - )

    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

    Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

    Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

     

    ==================== Custom CLSID (selected items): ==========================

     

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

     

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Livsie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-171093069-540651395-608262162-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

     

    ==================== Restore Points  =========================

     

    25-11-2014 01:12:36 Windows Update

    28-11-2014 07:54:17 Windows Update

    01-12-2014 20:15:59 Windows Update

    02-12-2014 05:03:12 Removed Skype Click to Call

    02-12-2014 05:05:20 WD SmartWare Installer

    02-12-2014 05:08:55 WD SmartWare Installer

     

    ==================== Hosts content: ==========================

     

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

     

    2009-07-13 18:34 - 2014-11-19 21:09 - 00000039 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1       localhost

     

     

     

     

     

    ==================== Scheduled Tasks (whitelisted) =============

     

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

     

    Task: {072236B5-37DF-415D-B3E2-D6535D44ADA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

    Task: {170A61EE-B695-423D-924F-65708D5003B7} - System32\Tasks\Livsie-PC\Livsie - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)

    Task: {1E720257-FDD0-4541-B99B-AE486DC5DD37} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-01] (Adobe Systems Incorporated)

    Task: {3797726B-CD20-4632-8E5B-EE65662A2F33} - System32\Tasks\{14C0EDF0-2C5C-4C0C-ABF6-33E4F4F85EB4} => C:\Users\Livsie\Desktop\avg_remover_stf_x86_2011_1184.exe [2014-11-24] (AVG Technologies CZ, s.r.o.)

    Task: {3DAC61EB-808A-4A25-88EC-51B78A7590D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)

    Task: {57378B1C-43CD-4932-9CD7-96C2A96B66F6} - System32\Tasks\D1234567\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)

    Task: {5C8C3E5B-2089-45E1-A6B8-34C0C4719E46} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-15] (AVAST Software)

    Task: {88109771-3ED3-4EE3-A7C7-CA98E748E9E0} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)

    Task: {8BE1D9B2-3A90-44B9-AA68-FBBB4C46B548} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)

    Task: {8EC54DBF-61BD-4465-9FF1-7A71C494148A} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

    Task: {92435E04-0F86-4FA6-8B77-5D6A544634D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)

    Task: {DC5D5CA9-4765-4F50-AF9C-7F3731EDFDDB} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)

    Task: {E0036ECE-F0EA-4D05-83DF-983FFDB78C98} - System32\Tasks\{06E33403-A08B-4A14-BD9C-D35EC8B19314} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)

    Task: {F0DCDCF0-1265-420E-9135-48AA4A48974C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core.job => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA.job => C:\Users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe

     

    ==================== Loaded Modules (whitelisted) =============

     

    2010-03-31 15:38 - 2009-07-17 09:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

    2010-03-31 15:38 - 2009-07-17 09:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll

    2014-10-06 15:21 - 2012-12-04 19:33 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL

    2014-09-30 22:09 - 2012-12-04 19:33 - 02672128 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030SU.DLL

    2014-09-30 22:09 - 2012-12-04 19:33 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030GC.dll

    2014-09-30 22:09 - 2012-12-04 19:33 - 00341504 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030SD.DLL

    2014-06-10 19:34 - 2014-06-10 19:34 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

    2014-12-01 16:07 - 2014-12-01 16:07 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14120101\algo.dll

    2012-02-20 23:55 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll

    2012-02-20 23:55 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

    2014-11-15 11:49 - 2014-11-15 11:49 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    2014-12-01 21:29 - 2014-12-01 21:29 - 00098816 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32api.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00110080 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\pywintypes27.dll

    2014-12-01 21:29 - 2014-12-01 21:29 - 00364544 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\pythoncom27.dll

    2014-12-01 21:29 - 2014-12-01 21:29 - 00045568 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\_socket.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 01160704 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\_ssl.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00320512 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32com.shell.shell.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00713216 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\_hashlib.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 01175040 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\wx._core_.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00805888 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\wx._gdi_.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00811008 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\wx._windows_.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 01062400 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\wx._controls_.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00735232 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\wx._misc_.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00128512 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\_elementtree.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00127488 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\pyexpat.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00557056 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\pysqlite2._sqlite.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00087552 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\_ctypes.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00119808 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32file.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00108544 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32security.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00007168 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\hashobjs_ext.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00167936 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32gui.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00018432 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32event.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00038912 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32inet.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00011264 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32crypt.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00070656 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\wx._html2.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00027136 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\_multiprocessing.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00035840 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32process.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00686080 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\unicodedata.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00122368 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\wx._wizard.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00024064 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32pipe.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00025600 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32pdh.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00525640 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\windows._lib_cacheinvalidation.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00010240 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\select.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00017408 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32profile.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00022528 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\win32ts.pyd

    2014-12-01 21:29 - 2014-12-01 21:29 - 00078336 _____ () C:\Users\Livsie\AppData\Local\Temp\_MEI24922\wx._animate.pyd

    2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

    2014-11-25 20:40 - 2014-11-24 22:39 - 01077064 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.71\libglesv2.dll

    2014-11-25 20:40 - 2014-11-24 22:39 - 00211272 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.71\libegl.dll

    2014-11-25 20:40 - 2014-11-24 22:39 - 09009480 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll

    2014-11-25 20:40 - 2014-11-24 22:39 - 01677128 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll

    2014-11-25 20:40 - 2014-11-24 22:39 - 14910280 _____ () C:\Users\Livsie\AppData\Local\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll

     

    ==================== Alternate Data Streams (whitelisted) =========

     

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

     

     

    ==================== Safe Mode (whitelisted) ===================

     

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

     

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

     

    ==================== EXE Association (whitelisted) =============

     

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

     

     

    ==================== MSCONFIG/TASK MANAGER disabled items =========

     

    (Currently there is no automatic fix for this section.)

     

    MSCONFIG\startupreg: DellComms => "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms

    MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

    MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

    MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

     

    ========================= Accounts: ==========================

     

    Administrator (S-1-5-21-171093069-540651395-608262162-500 - Administrator - Disabled)

    Guest (S-1-5-21-171093069-540651395-608262162-501 - Limited - Disabled)

    HomeGroupUser$ (S-1-5-21-171093069-540651395-608262162-1002 - Limited - Enabled)

    Livsie (S-1-5-21-171093069-540651395-608262162-1001 - Administrator - Enabled) => C:\Users\Livsie

     

    ==================== Faulty Device Manager Devices =============

     

    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

    Manufacturer: Cisco Systems

    Service: vpnva

    Problem: : This device is disabled. (Code 22)

    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

     

     

    ==================== Event log errors: =========================

     

    Application errors:

    ==================

     

    System errors:

    =============

    Error: (12/02/2014 05:55:04 PM) (Source: DCOM) (EventID: 10010) (User: )

    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

     

    Error: (12/02/2014 02:59:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

    Description: WLAN Extensibility Module has failed to start.

     

    Module Path: C:\Windows\System32\bcmihvsrv64.dll

    Error Code: 21

     

    Error: (12/01/2014 09:30:53 PM) (Source: DCOM) (EventID: 10010) (User: )

    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

     

    Error: (12/01/2014 09:30:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

     

    Error: (12/01/2014 09:30:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

     

    Error: (12/01/2014 09:25:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

     

    Error: (12/01/2014 09:24:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

     

    Error: (12/01/2014 05:47:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

     

    Error: (12/01/2014 05:47:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

     

     

    Microsoft Office Sessions:

    =========================

    Error: (11/07/2014 07:46:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33656 seconds with 6660 seconds of active time.  This session ended with a crash.

     

    Error: (06/28/2013 07:21:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 355485 seconds with 6480 seconds of active time.  This session ended with a crash.

     

    Error: (09/24/2012 11:03:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 28866 seconds with 0 seconds of active time.  This session ended with a crash.

     

    Error: (09/20/2012 11:26:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 12239 seconds with 300 seconds of active time.  This session ended with a crash.

     

     

    CodeIntegrity Errors:

    ===================================

      Date: 2012-12-18 08:35:31.516

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2012-12-18 08:35:31.329

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

     

    ==================== Memory info ===========================

     

    Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz

    Percentage of memory in use: 67%

    Total physical RAM: 3892.52 MB

    Available physical RAM: 1246.14 MB

    Total Pagefile: 7783.23 MB

    Available Pagefile: 3966.66 MB

    Total Virtual: 8192 MB

    Available Virtual: 8191.85 MB

     

    ==================== Drives ================================

     

    Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:3.39 GB) NTFS

    Drive d: () (Fixed) (Total:397.3 GB) (Free:46.43 GB) NTFS

     

    ==================== MBR & Partition Table ==================

     

    ========================================================

    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CCDD77FD)

    Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)

    Partition 2: (Active) - (Size=9.8 GB) - (Type=07 NTFS)

    Partition 3: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)

    Partition 4: (Not Active) - (Size=397.3 GB) - (Type=OF Extended)

     

    ==================== End Of Log ============================


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Looks like you did the right thing with the fixlist.txt file.  Just download and save to the same folder where FRST is.  Then run FRST (right click and run as admin) then hit the Fix button.

     

    I see the AVG remover is set up as a task.  Probably triggers on a reboot.    Have you rebooted since you ran it?  If not please do so.

    There are several files associated with AVG that it is supposed to remove:

     

     
    avguidx.dll  (5267677dc5d2dfef3dbcdc5c4b7048b069fbbf6c)
    0 / 68
    avgsysx.dll  (e2091557da1dd280216f6d1cd32e6b01d87e0d7d)
    0 / 68
    avgntopensslx.dll  (2b4f4cff973193314e3ebc9066505c2072246ef7)
    0 / 68
    avgopensslx.dll  (5212297afce9fe1593269a26989910bd331e2a44)
    0 / 68
    avgchclx.dll  (bacbc8c0a6b7fc0724ec38e05df4dcf7dc3ab0fe)
    0 / 68
    avgcsrvx.exe  (bd09bc5765f3d0aea1738c3c08413880e4dc953f)
    0 / 68
    avgcclix.dll  (ba936451804e31882b7cd1a49470c24fe07519ec)
    0 / 68
    avglogx.dll  (32f236cfadc1751b0757aef0c10218932083115c)
    0 / 68
    avglngx.dll  (5fb16b5885ffa3f088e8468cf15be0bf2ee14edd)
    0 / 68
    avgidpsdkx.dll  (13670553950b81ba3b9901b92b6fc3b6b720588d)
    0 / 68
    avguires.dll  (477306b037de3156473a0111dea8af463e4ec61e)
    0 / 68
    avgsrmx.dll  (b2b2db40fde6cab55dd6c623d1e79cab3366a475)
    0 / 68
    avgnsx.exe  (0de9b1b75ec73a0247b4d61d078b8786e52f3cef)
    0 / 68
    avgrsx.exe  (8f487ca09057024585ac4785d6369ab4ba9f1f3f)
    0 / 68
    avgse.dll  (c1da2f7b3dad29f5543eb552d52a358d7ecd3fc5)
    0 / 68
    AVGIDSAgent.exe  (96459fcb28fa0ce70036e24d0c517534526eedd9)
     
     
     
     
     
     
     
     
     
    These are probably in C:\Windows\System32 or C:\Windows\System32\Drivers but you may not be able to see them unless you change the Folder Options in Control panel"
    Open the Control Panel menu and click Folder Options.
        After the new window appears select the View tab.
        Put a checkmark in the checkbox labeled Display the contents of system folders.
        Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
        Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
        Remove the checkmark from the checkbox labeled Hide protected operating system files.
        Press the Apply button and then the OK button
     
    Look in each folder and see if you see any files that start with AVG.  AVG has often been the cause of downloads not working.  Wish I knew what they did wrong.
     
    I have another fixlist for you to run since some new entries showed up after you took them out of msconfig:
     
    The WD program is no longer causing an error so that is good.  Perhaps if you reinstall it from a fresh download it will behave itself.  (If you use it)
     
     

    If you can't use Avast then I would uninstall it as even when turned off a lot of its files are loaded.

     

     


    • 0

    #15
    Liv Scott

    Liv Scott

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Hi Ron,

     

    I have restarted my computer a few times since running the AVG remover, but I did it again! I still got the same error message-HOWEVER, AVG no longer start when I restart my computer, which it had begun doing after you had me check the AVG boxes a few posts ago.

     

    I also uninstalled Avast, Speccy, and Opera (mostly to make room on my C:/ drive).

     

    I did what I could in terms of the File Folder, there were a few that weren't labeled the same but I think I did it right-I've attached a screenshot of what my current options are selected/unselected as. I also did a search for everything starting with AVG and could not find anything-I'm not sure how to search every folder, do you mean every system folder, and if so, how might I go about that in the most efficient way?

     

    Here is the log from the new fixlist!

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
    Ran by Livsie at 2014-12-03 13:26:39 Run:2
    Running from C:\Users\Livsie\Desktop
    Loaded Profile: Livsie (Available profiles: Livsie)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    HKLM-x32\...\Run: [AVG9_TRAY] => D:\PROGRA~2\avgtray.exe
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    C:\Windows\System32\Tasks\{14C0EDF0-2C5C-4C0C-ABF6-33E4F4F85EB4}
    *****************
     
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_TRAY => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG9_TRAY => value deleted successfully.
    catchme => Service deleted successfully.
    C:\Windows\System32\Tasks\{14C0EDF0-2C5C-4C0C-ABF6-33E4F4F85EB4} => Moved successfully.
     
    ==== End of Fixlog ====

    • 0






    Similar Topics


    Also tagged with one or more of these keywords: Chrome, Windows 7, Mozilla Firefox

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP