Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Got a Virus now computer does crazy things [Closed]


  • This topic is locked This topic is locked

#1
momsutton3

momsutton3

    New Member

  • Member
  • Pip
  • 7 posts

I got a virus on my computer recently and had it professionally "cleaned" - but my computer continues to do "crazy" things - when I open a website - if I click on anything on that page it opens another window to websites that will either lock up my internet or it's some type of pc fix or something with a terdir in it.

It's several types.

 

I am religious about cleaning my computer daily - with Avast - Malwarebytes - Adwcleaner

 

 

It's a work computer - we share a router but do not share a network - we've had two of our 4 cleaned - no other computer is having issues but mine.

When I take it back to the guy who cleaned it - the computer won't do it for him.

 

It does it on IE - Chrome - but on Firefox - whenever I open the browser and for example go to cbs.com - it will start playing videos in the background and they are never visible - and as far as I know I've block pop-ups - but still get them - I've blocked videos - but still get them.

 

HELP - please it is DRIVING me crazy.


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets have a quick look see :)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.
THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
momsutton3

momsutton3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

OK - but I will admit - I'm SOOOO nervous to do anymore to it. 


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem, I will guide you through this step by step. The initial scans are just to show me what the problem is and nothing will be changed :)
  • 0

#5
momsutton3

momsutton3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Mine doesn't look like that but I will attach

 an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(UniPrint) C:\Users\Kelly_2\AppData\Roaming\UniPrint Suite\Client\UPCRelay.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Dropbox, Inc.) C:\Users\Kelly_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [PocketCloud Location] => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [933776 2012-10-24] (Wyse Technology Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [UniPrint Client Init] => C:\Users\Kelly_2\AppData\Roaming\UniPrint Suite\Client\UPCInit.exe [203624 2011-11-28] (UniPrint)
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [ZedgeToneSync] => C:\Users\Kelly_2\AppData\Local\Apps\2.0\Data\807PJGLX.9LE\NZ43PBRZ.VLW\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
Startup: C:\Users\Kelly_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kelly_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [HKLM] => http=127.0.0.1:49760;https=127.0.0.1:49760
ProxyServer: [HKLM-x32] => http=127.0.0.1:49760;https=127.0.0.1:49760
HKU\S-1-5-21-997144382-660941887-3055067781-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> {6B929129-C045-4FE4-A674-C7DFF8FAA1A1} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: getsav-in 5.0 -> {E9B2B03C-352E-4D9C-BE84-37D216F65D7C} -> C:\Users\Kelly\AppData\Local\getsav-in\ie\getsav-in_1374006301.dll No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...ols/pcmatic.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5F189EAF-9E2E-4A88-A848-A800EA3D0048}: [NameServer] 31.168.228.244,82.166.96.242
 
FireFox:
========
FF ProfilePath: C:\Users\Kelly_2\AppData\Roaming\Mozilla\Firefox\Profiles\cihlzrl6.default-1421334768923
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-997144382-660941887-3055067781-1004: @citrixonline.com/appdetectorplugin -> C:\Users\Kelly_2\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-14]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M5D223A17-4801-4A5B-8D1C-80AFDE530ACB&SearchSource=55&CUI=&UM=8&UP=SP9655F24F-7BA0-4A03-8480-B7D1ED28E37D&SSPV=", "hxxp://groovorio.com/?f=7&a=grv_keyd4_14_24&cd=2XzuyEtN2Y1L1Qzu0B0CzzyDyDyCyCtCyDtByCtD0Dzz0F0DtN0D0Tzu0SzyzyyCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1QyE1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StByBtDtD0E0EtBtBtGzz0D0C0CtG0DtDtA0FtG0AtAyCzztGyBzz0DtB0F0F0CtDyD0CtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0BtCtA0BtAyB0DtGtCyEtDyBtGyEyB0E0DtG0BtCzz0EtGtBzztB0CyCtAyCzytA0AzytD2Q&cr=1746549697&ir=", "hxxp://vosteran.com/?f=7&a=vst_coinis_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0B0CzzyDyDyCyCtCyDtByCtD0Dzz0F0DtN0D0Tzu0StCtDyDtBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CtAtC0D0AyEzytGyEyB0A0EtGyC0CyD0FtG0CyCtDyBtGtA0FyE0AtA0A0FyBtAyDtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyEtA0EtCtCzytG0DyE0FyBtGyE0F0EzytG0B0A0AyEtGtDyByCtC0FyD0AtCtCyCyD0E2Q&cr=933912415&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-08]
CHR Extension: (Google Drive) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-08]
CHR Extension: (Google Search) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-08]
CHR Extension: (Avast Online Security) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-14]
CHR Extension: (PlusHD Q-9.1V14.01) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdeaofcapijfmeopimkgcepdpbdepnb [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR Extension: (Gmail) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-14] (AVAST Software)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-25] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [188928 2012-10-24] () [File not signed]
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-10-24] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-14] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 09:08 - 2015-01-30 09:09 - 00021348 _____ () C:\Users\Kelly_2\Downloads\FRST.txt
2015-01-30 09:08 - 2015-01-30 09:08 - 00000000 ____D () C:\FRST
2015-01-30 09:07 - 2015-01-30 09:07 - 02130432 _____ (Farbar) C:\Users\Kelly_2\Downloads\FRST64.exe
2015-01-30 09:00 - 2015-01-30 09:00 - 01121792 _____ (Farbar) C:\Users\Kelly_2\Downloads\FRST.exe
2015-01-30 07:56 - 2015-01-30 07:56 - 02194432 _____ () C:\Users\Kelly_2\Downloads\adwcleaner_4.109.exe
2015-01-29 08:08 - 2015-01-29 08:08 - 00056487 _____ () C:\Users\Kelly_2\Downloads\ashleys quote.xlsx
2015-01-27 15:51 - 2015-01-27 15:51 - 00022245 _____ () C:\Users\Kelly_2\Desktop\2014 unregistered.xlsx
2015-01-27 11:02 - 2015-01-27 11:02 - 00571904 _____ () C:\Users\Kelly_2\Desktop\Parish mission 1.pub
2015-01-26 07:58 - 2015-01-26 07:58 - 04070576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-01-20 16:28 - 2015-01-30 07:59 - 00000539 _____ () C:\WINDOWS\setupact.log
2015-01-20 16:28 - 2015-01-30 07:58 - 00002674 _____ () C:\WINDOWS\PFRO.log
2015-01-20 16:28 - 2015-01-20 16:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-19 15:15 - 2015-01-30 07:58 - 01463005 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-19 14:46 - 2015-01-19 14:46 - 05317104 _____ (Piriform Ltd) C:\Users\Kelly_2\Downloads\ccsetup501.exe
2015-01-19 14:46 - 2015-01-19 14:46 - 00002776 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-01-19 14:46 - 2015-01-19 14:46 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-19 14:46 - 2015-01-19 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-19 14:46 - 2015-01-19 14:46 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-19 14:31 - 2015-01-19 14:31 - 02186752 _____ () C:\Users\Kelly_2\Desktop\AdwCleaner.exe
2015-01-19 13:24 - 2015-01-19 13:24 - 00000000 ____D () C:\Users\Kelly_2\AppData\Roaming\LavasoftStatistics
2015-01-19 13:23 - 2015-01-19 13:23 - 00004688 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpService.ini
2015-01-19 13:23 - 2015-01-19 13:23 - 00002520 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-19 13:23 - 2015-01-19 13:23 - 00002520 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-01-19 13:23 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-01-19 13:23 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-01-19 13:19 - 2015-01-19 14:18 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-19 13:15 - 2015-01-19 13:15 - 00108966 _____ () C:\Users\Kelly_2\Downloads\flashblock-1.5.18-fx.xpi
2015-01-19 08:18 - 2015-01-19 08:18 - 00005172 _____ () C:\Users\Kelly_2\Downloads\weight loss 1.jpe
2015-01-15 09:44 - 2015-01-15 09:49 - 132469808 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup (1).exe
2015-01-15 09:44 - 2015-01-15 09:49 - 132469808 _____ (AVAST Software) C:\Users\Kelly_2\Downloads\avast_free_antivirus_setup (1).exe
2015-01-14 20:14 - 2015-01-14 20:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-14 20:14 - 2015-01-14 20:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-14 20:09 - 2015-01-14 20:09 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2015-01-14 19:08 - 2015-01-14 19:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\TrayIcons
2015-01-14 19:08 - 2015-01-14 19:08 - 00000000 ____D () C:\cache
2015-01-14 17:34 - 2015-01-29 11:09 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 17:34 - 2015-01-14 17:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kelly_2\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 17:34 - 2015-01-14 17:34 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 17:34 - 2015-01-14 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 17:34 - 2015-01-14 17:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 17:34 - 2015-01-14 17:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 17:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-14 17:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-14 17:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-14 16:12 - 2015-01-14 16:12 - 00000000 ____D () C:\Users\Kelly_2\AppData\Roaming\AVAST Software
2015-01-14 16:05 - 2015-01-14 16:05 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-14 16:05 - 2015-01-14 16:05 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-01-14 16:05 - 2015-01-14 16:05 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00001982 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-14 16:05 - 2015-01-14 16:05 - 00000350 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-14 16:05 - 2015-01-14 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-14 16:04 - 2015-01-14 16:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-14 16:04 - 2015-01-14 16:04 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-14 16:01 - 2015-01-14 16:04 - 132469808 _____ (AVAST Software) C:\Users\Kelly_2\Downloads\avast_free_antivirus_setup.exe
2015-01-14 15:27 - 2015-01-30 07:58 - 00000000 ____D () C:\AdwCleaner
2015-01-14 10:24 - 2015-01-14 10:29 - 00000000 ____D () C:\Program Files (x86)\CloudMAGWALT
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILCA6E.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILCA00.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC9A3.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC964.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC916.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC8B8.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC84B.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC82C.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC7ED.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC7BE.tmp
2015-01-14 10:22 - 2015-01-14 10:22 - 00370040 _____ () C:\Users\Kelly_2\Downloads\Setup.exe
2015-01-14 10:22 - 2015-01-14 10:22 - 00000000 ____D () C:\f77dde0f-c8cf-4d4f-a3ec-e64c5750ef87
2015-01-14 10:20 - 2015-01-14 20:19 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-14 10:20 - 2015-01-14 20:18 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-14 10:20 - 2015-01-14 20:18 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-14 10:20 - 2015-01-14 10:20 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-01-14 10:20 - 2015-01-14 10:20 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-01-14 10:20 - 2015-01-14 10:20 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-01-14 10:20 - 2015-01-14 10:20 - 00000000 ____D () C:\ProgramData\Sun
2015-01-14 10:20 - 2015-01-14 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-14 10:18 - 2015-01-14 10:18 - 29419944 _____ (Oracle Corporation) C:\Users\Kelly_2\Desktop\jre-7u60-windows-i586.exe
2015-01-14 10:17 - 2015-01-14 10:17 - 00004478 _____ () C:\WINDOWS\System32\Tasks\Validate Installation
2015-01-14 10:17 - 2015-01-14 10:17 - 00004270 _____ () C:\WINDOWS\System32\Tasks\Check Updates
2015-01-14 10:17 - 2015-01-14 10:17 - 00003862 _____ () C:\WINDOWS\System32\Tasks\GeniusBox
2015-01-14 10:17 - 2015-01-14 10:17 - 00000064 _____ () C:\Users\Kelly_2\AppData\Local\b593f0a9ac6db3b88eb8330a1bcbdd16
2015-01-14 08:01 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 08:01 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 08:01 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 08:01 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 08:01 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 08:01 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 08:01 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 08:01 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 08:01 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 08:01 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 08:01 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 08:01 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 08:01 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 08:01 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 08:01 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 08:01 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 08:01 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 08:01 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 08:01 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 08:01 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 08:01 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 08:01 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 08:01 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 08:01 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-08 13:10 - 2015-01-08 13:10 - 00030166 _____ () C:\Users\Kelly_2\Downloads\After Prom Businesses.xlsx
2015-01-06 08:31 - 2015-01-06 08:31 - 00131513 _____ () C:\Users\Kelly_2\Downloads\10737214_10206300051126644_1695463701_n.xlsx
2014-12-31 14:24 - 2014-12-31 14:24 - 00030946 _____ () C:\Users\Kelly_2\Desktop\update for 2014 to diocese.xlsx
2014-12-31 10:59 - 2014-12-31 10:59 - 02146552 _____ () C:\Users\Kelly_2\Downloads\ShowMyPC3160.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 09:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-30 08:58 - 2014-01-07 12:03 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-30 08:49 - 2014-11-11 15:43 - 00000586 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-997144382-660941887-3055067781-1004.job
2015-01-30 08:37 - 2013-08-12 12:59 - 00000000 ____D () C:\Users\Kelly_2\Documents\Baptismal Requests
2015-01-30 08:22 - 2013-12-05 08:35 - 00000000 ____D () C:\Users\Kelly_2\AppData\Local\05989C88-F05F-412A-B195-5F81B25818B7.aplzod
2015-01-30 08:21 - 2013-07-22 16:30 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 08:06 - 2013-06-05 17:46 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-30 08:00 - 2014-01-22 14:38 - 00000000 ___DO () C:\Users\Kelly_2\SkyDrive
2015-01-30 08:00 - 2013-08-05 16:22 - 00000000 ___RD () C:\Users\Kelly_2\Dropbox
2015-01-30 08:00 - 2013-08-05 16:11 - 00000000 ____D () C:\Users\Kelly_2\AppData\Roaming\Dropbox
2015-01-30 07:59 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-30 07:59 - 2013-07-22 16:30 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 07:58 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-30 07:50 - 2014-01-22 15:40 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{13958464-48E6-4599-ADCE-406C005CFFCF}
2015-01-29 15:07 - 2013-07-23 07:40 - 00002270 ____H () C:\Users\Kelly_2\Documents\Default.rdp
2015-01-29 14:50 - 2013-08-05 07:52 - 00000000 ____D () C:\Users\Kelly_2\Documents\Kelly
2015-01-29 10:35 - 2014-03-05 18:41 - 00000000 ____D () C:\Users\Kelly_2\Documents\Auction
2015-01-28 14:31 - 2014-01-20 08:33 - 00292864 ___SH () C:\Users\Kelly_2\Desktop\Thumbs.db
2015-01-28 12:59 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-27 15:07 - 2013-12-18 16:20 - 00149504 ___SH () C:\Users\Kelly_2\Documents\Thumbs.db
2015-01-27 15:06 - 2014-03-13 10:01 - 00000000 ____D () C:\Users\Kelly_2\Documents\New members for Living Waters
2015-01-27 13:15 - 2014-03-13 10:02 - 00000000 ____D () C:\Users\Kelly_2\Documents\New Members for Diocese
2015-01-27 11:54 - 2013-09-03 12:18 - 00000000 ____D () C:\Users\Kelly_2\Documents\Bulletin
2015-01-27 10:40 - 2013-07-17 15:32 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-997144382-660941887-3055067781-1004
2015-01-27 09:07 - 2014-11-11 15:43 - 00003584 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-997144382-660941887-3055067781-1004
2015-01-27 08:21 - 2013-12-31 13:32 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 16:19 - 2014-06-20 08:24 - 00000000 ____D () C:\Users\Kelly_2\Documents\Alumni Information
2015-01-26 13:07 - 2014-10-29 13:31 - 00022556 _____ () C:\Users\Kelly_2\Desktop\pledge school drive.xlsx
2015-01-26 08:08 - 2013-08-16 13:06 - 02187776 ___SH () C:\Users\Kelly_2\Downloads\Thumbs.db
2015-01-26 07:58 - 2014-01-07 12:03 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-24 14:20 - 2013-08-22 09:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 14:20 - 2013-08-22 09:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 15:49 - 2014-09-11 09:12 - 00000000 ____D () C:\Users\Kelly_2\Desktop\Lighthouse Media
2015-01-22 14:03 - 2013-08-21 09:19 - 00000000 ____D () C:\Users\Kelly_2\Documents\Forms
2015-01-21 16:26 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-01-21 11:06 - 2013-08-07 09:22 - 00000000 ____D () C:\Users\Kelly_2\Documents\Letters
2015-01-21 08:01 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-19 14:47 - 2014-03-29 11:21 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-19 14:47 - 2014-01-22 16:14 - 00000000 ___DC () C:\WINDOWS\Panther
2015-01-19 12:17 - 2014-09-11 09:12 - 00000000 ____D () C:\Users\Kelly_2\Desktop\Re-Sale Items
2015-01-15 09:28 - 2012-07-26 02:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-15 09:27 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-15 09:27 - 2012-07-25 23:37 - 00000000 ____D () C:\Users\Default.migrated
2015-01-15 09:12 - 2014-11-19 14:40 - 00000000 ____D () C:\Users\Kelly_2\Desktop\Old Firefox Data
2015-01-14 20:15 - 2013-07-22 16:29 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 20:15 - 2013-07-17 15:24 - 00000000 ____D () C:\Users\Kelly_2\AppData\Roaming\Adobe
2015-01-14 20:14 - 2013-07-22 16:29 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-14 20:05 - 2013-07-22 17:02 - 00000000 ____D () C:\Users\Kelly_2\AppData\Local\Adobe
2015-01-14 15:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-14 11:50 - 2013-08-17 14:15 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 11:46 - 2013-07-18 13:26 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 10:19 - 2012-07-25 23:26 - 00000301 _____ () C:\WINDOWS\win.ini
2014-12-31 16:29 - 2013-10-14 13:34 - 00000000 ____D () C:\Users\Kelly_2\Documents\Memorial information
2014-12-31 14:42 - 2013-11-14 01:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2014-09-22 12:24 - 2014-09-22 12:24 - 0000043 _____ () C:\Users\Kelly_2\AppData\Roaming\WB.CFG
2015-01-14 10:17 - 2015-01-14 10:17 - 0000064 _____ () C:\Users\Kelly_2\AppData\Local\b593f0a9ac6db3b88eb8330a1bcbdd16
2013-06-05 17:45 - 2013-06-05 17:45 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-06-05 17:42 - 2013-06-05 17:43 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-06-05 17:43 - 2013-06-05 17:44 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-06-05 17:42 - 2013-06-05 17:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-06-05 17:44 - 2013-06-05 17:45 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some content of TEMP:
====================
C:\Users\Kelly_2\AppData\Local\Temp\7cb56eb3-4f4e-4a8b-bfb2-705036569558.exe
C:\Users\Kelly_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj4x_9e.dll
C:\Users\Kelly_2\AppData\Local\Temp\Quarantine.exe
C:\Users\Kelly_2\AppData\Local\Temp\SpOrder.dll
C:\Users\Kelly_2\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-27 10:41
 
==================== End Of Log ============================ an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(UniPrint) C:\Users\Kelly_2\AppData\Roaming\UniPrint Suite\Client\UPCRelay.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Dropbox, Inc.) C:\Users\Kelly_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [PocketCloud Location] => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [933776 2012-10-24] (Wyse Technology Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [UniPrint Client Init] => C:\Users\Kelly_2\AppData\Roaming\UniPrint Suite\Client\UPCInit.exe [203624 2011-11-28] (UniPrint)
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [ZedgeToneSync] => C:\Users\Kelly_2\AppData\Local\Apps\2.0\Data\807PJGLX.9LE\NZ43PBRZ.VLW\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-997144382-660941887-3055067781-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
Startup: C:\Users\Kelly_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kelly_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [HKLM] => http=127.0.0.1:49760;https=127.0.0.1:49760
ProxyServer: [HKLM-x32] => http=127.0.0.1:49760;https=127.0.0.1:49760
HKU\S-1-5-21-997144382-660941887-3055067781-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> {6B929129-C045-4FE4-A674-C7DFF8FAA1A1} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: getsav-in 5.0 -> {E9B2B03C-352E-4D9C-BE84-37D216F65D7C} -> C:\Users\Kelly\AppData\Local\getsav-in\ie\getsav-in_1374006301.dll No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...ols/pcmatic.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5F189EAF-9E2E-4A88-A848-A800EA3D0048}: [NameServer] 31.168.228.244,82.166.96.242
 
FireFox:
========
FF ProfilePath: C:\Users\Kelly_2\AppData\Roaming\Mozilla\Firefox\Profiles\cihlzrl6.default-1421334768923
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-997144382-660941887-3055067781-1004: @citrixonline.com/appdetectorplugin -> C:\Users\Kelly_2\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-14]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M5D223A17-4801-4A5B-8D1C-80AFDE530ACB&SearchSource=55&CUI=&UM=8&UP=SP9655F24F-7BA0-4A03-8480-B7D1ED28E37D&SSPV=", "hxxp://groovorio.com/?f=7&a=grv_keyd4_14_24&cd=2XzuyEtN2Y1L1Qzu0B0CzzyDyDyCyCtCyDtByCtD0Dzz0F0DtN0D0Tzu0SzyzyyCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1QyE1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StByBtDtD0E0EtBtBtGzz0D0C0CtG0DtDtA0FtG0AtAyCzztGyBzz0DtB0F0F0CtDyD0CtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0BtCtA0BtAyB0DtGtCyEtDyBtGyEyB0E0DtG0BtCzz0EtGtBzztB0CyCtAyCzytA0AzytD2Q&cr=1746549697&ir=", "hxxp://vosteran.com/?f=7&a=vst_coinis_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0B0CzzyDyDyCyCtCyDtByCtD0Dzz0F0DtN0D0Tzu0StCtDyDtBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CtAtC0D0AyEzytGyEyB0A0EtGyC0CyD0FtG0CyCtDyBtGtA0FyE0AtA0A0FyBtAyDtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyEtA0EtCtCzytG0DyE0FyBtGyE0F0EzytG0B0A0AyEtGtDyByCtC0FyD0AtCtCyCyD0E2Q&cr=933912415&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-08]
CHR Extension: (Google Drive) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-08]
CHR Extension: (Google Search) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-08]
CHR Extension: (Avast Online Security) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-14]
CHR Extension: (PlusHD Q-9.1V14.01) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdeaofcapijfmeopimkgcepdpbdepnb [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR Extension: (Gmail) - C:\Users\Kelly_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-14] (AVAST Software)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-25] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [188928 2012-10-24] () [File not signed]
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-10-24] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-14] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 09:08 - 2015-01-30 09:09 - 00021348 _____ () C:\Users\Kelly_2\Downloads\FRST.txt
2015-01-30 09:08 - 2015-01-30 09:08 - 00000000 ____D () C:\FRST
2015-01-30 09:07 - 2015-01-30 09:07 - 02130432 _____ (Farbar) C:\Users\Kelly_2\Downloads\FRST64.exe
2015-01-30 09:00 - 2015-01-30 09:00 - 01121792 _____ (Farbar) C:\Users\Kelly_2\Downloads\FRST.exe
2015-01-30 07:56 - 2015-01-30 07:56 - 02194432 _____ () C:\Users\Kelly_2\Downloads\adwcleaner_4.109.exe
2015-01-29 08:08 - 2015-01-29 08:08 - 00056487 _____ () C:\Users\Kelly_2\Downloads\ashleys quote.xlsx
2015-01-27 15:51 - 2015-01-27 15:51 - 00022245 _____ () C:\Users\Kelly_2\Desktop\2014 unregistered.xlsx
2015-01-27 11:02 - 2015-01-27 11:02 - 00571904 _____ () C:\Users\Kelly_2\Desktop\Parish mission 1.pub
2015-01-26 07:58 - 2015-01-26 07:58 - 04070576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-01-20 16:28 - 2015-01-30 07:59 - 00000539 _____ () C:\WINDOWS\setupact.log
2015-01-20 16:28 - 2015-01-30 07:58 - 00002674 _____ () C:\WINDOWS\PFRO.log
2015-01-20 16:28 - 2015-01-20 16:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-19 15:15 - 2015-01-30 07:58 - 01463005 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-19 14:46 - 2015-01-19 14:46 - 05317104 _____ (Piriform Ltd) C:\Users\Kelly_2\Downloads\ccsetup501.exe
2015-01-19 14:46 - 2015-01-19 14:46 - 00002776 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-01-19 14:46 - 2015-01-19 14:46 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-19 14:46 - 2015-01-19 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-19 14:46 - 2015-01-19 14:46 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-19 14:31 - 2015-01-19 14:31 - 02186752 _____ () C:\Users\Kelly_2\Desktop\AdwCleaner.exe
2015-01-19 13:24 - 2015-01-19 13:24 - 00000000 ____D () C:\Users\Kelly_2\AppData\Roaming\LavasoftStatistics
2015-01-19 13:23 - 2015-01-19 13:23 - 00004688 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpService.ini
2015-01-19 13:23 - 2015-01-19 13:23 - 00002520 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-19 13:23 - 2015-01-19 13:23 - 00002520 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-01-19 13:23 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-01-19 13:23 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-01-19 13:19 - 2015-01-19 14:18 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-19 13:15 - 2015-01-19 13:15 - 00108966 _____ () C:\Users\Kelly_2\Downloads\flashblock-1.5.18-fx.xpi
2015-01-19 08:18 - 2015-01-19 08:18 - 00005172 _____ () C:\Users\Kelly_2\Downloads\weight loss 1.jpe
2015-01-15 09:44 - 2015-01-15 09:49 - 132469808 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup (1).exe
2015-01-15 09:44 - 2015-01-15 09:49 - 132469808 _____ (AVAST Software) C:\Users\Kelly_2\Downloads\avast_free_antivirus_setup (1).exe
2015-01-14 20:14 - 2015-01-14 20:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-14 20:14 - 2015-01-14 20:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-14 20:09 - 2015-01-14 20:09 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2015-01-14 19:08 - 2015-01-14 19:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\TrayIcons
2015-01-14 19:08 - 2015-01-14 19:08 - 00000000 ____D () C:\cache
2015-01-14 17:34 - 2015-01-29 11:09 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 17:34 - 2015-01-14 17:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kelly_2\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 17:34 - 2015-01-14 17:34 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 17:34 - 2015-01-14 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 17:34 - 2015-01-14 17:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 17:34 - 2015-01-14 17:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 17:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-14 17:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-14 17:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-14 16:12 - 2015-01-14 16:12 - 00000000 ____D () C:\Users\Kelly_2\AppData\Roaming\AVAST Software
2015-01-14 16:05 - 2015-01-14 16:05 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-14 16:05 - 2015-01-14 16:05 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-01-14 16:05 - 2015-01-14 16:05 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-14 16:05 - 2015-01-14 16:05 - 00001982 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-14 16:05 - 2015-01-14 16:05 - 00000350 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-14 16:05 - 2015-01-14 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-14 16:04 - 2015-01-14 16:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-14 16:04 - 2015-01-14 16:04 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-14 16:01 - 2015-01-14 16:04 - 132469808 _____ (AVAST Software) C:\Users\Kelly_2\Downloads\avast_free_antivirus_setup.exe
2015-01-14 15:27 - 2015-01-30 07:58 - 00000000 ____D () C:\AdwCleaner
2015-01-14 10:24 - 2015-01-14 10:29 - 00000000 ____D () C:\Program Files (x86)\CloudMAGWALT
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILCA6E.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILCA00.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC9A3.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC964.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC916.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC8B8.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC84B.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC82C.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC7ED.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC7BE.tmp
2015-01-14 10:22 - 2015-01-14 10:22 - 00370040 _____ () C:\Users\Kelly_2\Downloads\Setup.exe
2015-01-14 10:22 - 2015-01-14 10:22 - 00000000 ____D () C:\f77dde0f-c8cf-4d4f-a3ec-e64c5750ef87
2015-01-14 10:20 - 2015-01-14 20:19 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-14 10:20 - 2015-01-14 20:18 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-14 10:20 - 2015-01-14 20:18 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-14 10:20 - 2015-01-14 10:20 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-01-14 10:20 - 2015-01-14 10:20 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-01-14 10:20 - 2015-01-14 10:20 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-01-14 10:20 - 2015-01-14 10:20 - 00000000 ____D () C:\ProgramData\Sun
2015-01-14 10:20 - 2015-01-14 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-14 10:18 - 2015-01-14 10:18 - 29419944 _____ (Oracle Corporation) C:\Users\Kelly_2\Desktop\jre-7u60-windows-i586.exe
2015-01-14 10:17 - 2015-01-14 10:17 - 00004478 _____ () C:\WINDOWS\System32\Tasks\Validate Installation
2015-01-14 10:17 - 2015-01-14 10:17 - 00004270 _____ () C:\WINDOWS\System32\Tasks\Check Updates
2015-01-14 10:17 - 2015-01-14 10:17 - 00003862 _____ () C:\WINDOWS\System32\Tasks\GeniusBox
2015-01-14 10:17 - 2015-01-14 10:17 - 00000064 _____ () C:\Users\Kelly_2\AppData\Local\b593f0a9ac6db3b88eb8330a1bcbdd16
2015-01-14 08:01 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 08:01 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 08:01 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 08:01 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 08:01 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 08:01 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 08:01 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 08:01 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 08:01 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 08:01 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 08:01 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 08:01 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 08:01 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 08:01 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 08:01 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 08:01 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 08:01 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 08:01 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 08:01 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 08:01 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 08:01 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 08:01 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 08:01 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 08:01 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 08:01 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-08 13:10 - 2015-01-08 13:10 - 00030166 _____ () C:\Users\Kelly_2\Downloads\After Prom Businesses.xlsx
2015-01-06 08:31 - 2015-01-06 08:31 - 00131513 _____ () C:\Users\Kelly_2\Downloads\10737214_10206300051126644_1695463701_n.xlsx
2014-12-31 14:24 - 2014-12-31 14:24 - 00030946 _____ () C:\Users\Kelly_2\Desktop\update for 2014 to diocese.xlsx
2014-12-31 10:59 - 2014-12-31 10:59 - 02146552 _____ () C:\Users\Kelly_2\Downloads\ShowMyPC3160.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 09:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-30 08:58 - 2014-01-07 12:03 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-30 08:49 - 2014-11-11 15:43 - 00000586 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-997144382-660941887-3055067781-1004.job
2015-01-30 08:37 - 2013-08-12 12:59 - 00000000 ____D () C:\Users\Kelly_2\Documents\Baptismal Requests
2015-01-30 08:22 - 2013-12-05 08:35 - 00000000 ____D () C:\Users\Kelly_2\AppData\Local\05989C88-F05F-412A-B195-5F81B25818B7.aplzod
2015-01-30 08:21 - 2013-07-22 16:30 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 08:06 - 2013-06-05 17:46 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-30 08:00 - 2014-01-22 14:38 - 00000000 ___DO () C:\Users\Kelly_2\SkyDrive
2015-01-30 08:00 - 2013-08-05 16:22 - 00000000 ___RD () C:\Users\Kelly_2\Dropbox
2015-01-30 08:00 - 2013-08-05 16:11 - 00000000 ____D () C:\Users\Kelly_2\AppData\Roaming\Dropbox
2015-01-30 07:59 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-30 07:59 - 2013-07-22 16:30 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 07:58 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-30 07:50 - 2014-01-22 15:40 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{13958464-48E6-4599-ADCE-406C005CFFCF}
2015-01-29 15:07 - 2013-07-23 07:40 - 00002270 ____H () C:\Users\Kelly_2\Documents\Default.rdp
2015-01-29 14:50 - 2013-08-05 07:52 - 00000000 ____D () C:\Users\Kelly_2\Documents\Kelly
2015-01-29 10:35 - 2014-03-05 18:41 - 00000000 ____D () C:\Users\Kelly_2\Documents\Auction
2015-01-28 14:31 - 2014-01-20 08:33 - 00292864 ___SH () C:\Users\Kelly_2\Desktop\Thumbs.db
2015-01-28 12:59 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-27 15:07 - 2013-12-18 16:20 - 00149504 ___SH () C:\Users\Kelly_2\Documents\Thumbs.db
2015-01-27 15:06 - 2014-03-13 10:01 - 00000000 ____D () C:\Users\Kelly_2\Documents\New members for Living Waters
2015-01-27 13:15 - 2014-03-13 10:02 - 00000000 ____D () C:\Users\Kelly_2\Documents\New Members for Diocese
2015-01-27 11:54 - 2013-09-03 12:18 - 00000000 ____D () C:\Users\Kelly_2\Documents\Bulletin
2015-01-27 10:40 - 2013-07-17 15:32 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-997144382-660941887-3055067781-1004
2015-01-27 09:07 - 2014-11-11 15:43 - 00003584 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-997144382-660941887-3055067781-1004
2015-01-27 08:21 - 2013-12-31 13:32 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 16:19 - 2014-06-20 08:24 - 00000000 ____D () C:\Users\Kelly_2\Documents\Alumni Information
2015-01-26 13:07 - 2014-10-29 13:31 - 00022556 _____ () C:\Users\Kelly_2\Desktop\pledge school drive.xlsx
2015-01-26 08:08 - 2013-08-16 13:06 - 02187776 ___SH () C:\Users\Kelly_2\Downloads\Thumbs.db
2015-01-26 07:58 - 2014-01-07 12:03 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-24 14:20 - 2013-08-22 09:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 14:20 - 2013-08-22 09:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 15:49 - 2014-09-11 09:12 - 00000000 ____D () C:\Users\Kelly_2\Desktop\Lighthouse Media
2015-01-22 14:03 - 2013-08-21 09:19 - 00000000 ____D () C:\Users\Kelly_2\Documents\Forms
2015-01-21 16:26 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-01-21 11:06 - 2013-08-07 09:22 - 00000000 ____D () C:\Users\Kelly_2\Documents\Letters
2015-01-21 08:01 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-19 14:47 - 2014-03-29 11:21 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-19 14:47 - 2014-01-22 16:14 - 00000000 ___DC () C:\WINDOWS\Panther
2015-01-19 12:17 - 2014-09-11 09:12 - 00000000 ____D () C:\Users\Kelly_2\Desktop\Re-Sale Items
2015-01-15 09:28 - 2012-07-26 02:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-15 09:27 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-15 09:27 - 2012-07-25 23:37 - 00000000 ____D () C:\Users\Default.migrated
2015-01-15 09:12 - 2014-11-19 14:40 - 00000000 ____D () C:\Users\Kelly_2\Desktop\Old Firefox Data
2015-01-14 20:15 - 2013-07-22 16:29 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 20:15 - 2013-07-17 15:24 - 00000000 ____D () C:\Users\Kelly_2\AppData\Roaming\Adobe
2015-01-14 20:14 - 2013-07-22 16:29 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-14 20:05 - 2013-07-22 17:02 - 00000000 ____D () C:\Users\Kelly_2\AppData\Local\Adobe
2015-01-14 15:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-14 11:50 - 2013-08-17 14:15 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 11:46 - 2013-07-18 13:26 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 10:19 - 2012-07-25 23:26 - 00000301 _____ () C:\WINDOWS\win.ini
2014-12-31 16:29 - 2013-10-14 13:34 - 00000000 ____D () C:\Users\Kelly_2\Documents\Memorial information
2014-12-31 14:42 - 2013-11-14 01:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2014-09-22 12:24 - 2014-09-22 12:24 - 0000043 _____ () C:\Users\Kelly_2\AppData\Roaming\WB.CFG
2015-01-14 10:17 - 2015-01-14 10:17 - 0000064 _____ () C:\Users\Kelly_2\AppData\Local\b593f0a9ac6db3b88eb8330a1bcbdd16
2013-06-05 17:45 - 2013-06-05 17:45 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-06-05 17:42 - 2013-06-05 17:43 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-06-05 17:43 - 2013-06-05 17:44 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-06-05 17:42 - 2013-06-05 17:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-06-05 17:44 - 2013-06-05 17:45 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some content of TEMP:
====================
C:\Users\Kelly_2\AppData\Local\Temp\7cb56eb3-4f4e-4a8b-bfb2-705036569558.exe
C:\Users\Kelly_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj4x_9e.dll
C:\Users\Kelly_2\AppData\Local\Temp\Quarantine.exe
C:\Users\Kelly_2\AppData\Local\Temp\SpOrder.dll
C:\Users\Kelly_2\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-27 10:41
 
==================== End Of Log ============================

  • 0

#6
momsutton3

momsutton3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

I hope I did it right.


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Close :) Did you run AswMBR ?

OK this fix will now remove some adware and reset the firefox start pages, it will also reset the proxy so if you use one you may need to reset it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyServer: [HKLM] => http=127.0.0.1:49760;https=127.0.0.1:49760
ProxyServer: [HKLM-x32] => http=127.0.0.1:49760;https=127.0.0.1:49760
SearchScopes: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
BHO-x32: getsav-in 5.0 -> {E9B2B03C-352E-4D9C-BE84-37D216F65D7C} -> C:\Users\Kelly\AppData\Local\getsav-in\ie\getsav-in_1374006301.dll No File
Toolbar: HKU\S-1-5-21-997144382-660941887-3055067781-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Tcpip\..\Interfaces\{5F189EAF-9E2E-4A88-A848-A800EA3D0048}: [NameServer] 31.168.228.244,82.166.96.242
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=M5D223A17-4801-4A5B-8D1C-80AFDE530ACB&SearchSource=55&CUI=&UM=8&UP=SP9655F24F-7BA0-4A03-8480-B7D1ED28E37D&SSPV=", "hxxp://groovorio.com/?f=7&a=grv_keyd4_14_24&cd=2XzuyEtN2Y1L1Qzu0B0CzzyDyDyCyCtCyDtByCtD0Dzz0F0DtN0D0Tzu0SzyzyyCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1QyE1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StByBtDtD0E0EtBtBtGzz0D0C0CtG0DtDtA0FtG0AtAyCzztGyBzz0DtB0F0F0CtDyD0CtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0BtCtA0BtAyB0DtGtCyEtDyBtGyEyB0E0DtG0BtCzz0EtGtBzztB0CyCtAyCzytA0AzytD2Q&cr=1746549697&ir=", "hxxp://vosteran.com/?f=7&a=vst_coinis_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0B0CzzyDyDyCyCtCyDtByCtD0Dzz0F0DtN0D0Tzu0StCtDyDtBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0CtAtC0D0AyEzytGyEyB0A0EtGyC0CyD0FtG0CyCtDyBtGtA0FyE0AtA0A0FyBtAyDtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyEtA0EtCtCzytG0DyE0FyBtGyE0F0EzytG0B0A0AyEtGtDyByCtC0FyD0AtCtCyCyD0E2Q&cr=933912415&ir="
2015-01-15 09:44 - 2015-01-15 09:49 - 132469808 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup (1).exe
2015-01-15 09:44 - 2015-01-15 09:49 - 132469808 _____ (AVAST Software) C:\Users\Kelly_2\Downloads\avast_free_antivirus_setup (1).exe
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILCA6E.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILCA00.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC9A3.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC964.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC916.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC8B8.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC84B.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC82C.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC7ED.tmp
2015-01-14 10:24 - 2015-01-14 10:24 - 00000000 _____ () C:\LILC7BE.tmp
2015-01-14 10:22 - 2015-01-14 10:22 - 00370040 _____ () C:\Users\Kelly_2\Downloads\Setup.exe
2015-01-14 10:22 - 2015-01-14 10:22 - 00000000 ____D () C:\f77dde0f-c8cf-4d4f-a3ec-e64c5750ef87
2015-01-14 10:17 - 2015-01-14 10:17 - 00004478 _____ () C:\WINDOWS\System32\Tasks\Validate Installation
2015-01-14 10:17 - 2015-01-14 10:17 - 00004270 _____ () C:\WINDOWS\System32\Tasks\Check Updates
2015-01-14 10:17 - 2015-01-14 10:17 - 00003862 _____ () C:\WINDOWS\System32\Tasks\GeniusBox
2015-01-14 10:17 - 2015-01-14 10:17 - 00000064 _____ () C:\Users\Kelly_2\AppData\Local\b593f0a9ac6db3b88eb8330a1bcbdd16
2014-12-31 10:59 - 2014-12-31 10:59 - 02146552 _____ () C:\Users\Kelly_2\Downloads\ShowMyPC3160.exe
2015-01-14 10:17 - 2015-01-14 10:17 - 0000064 _____ () C:\Users\Kelly_2\AppData\Local\b593f0a9ac6db3b88eb8330a1bcbdd16
C:\Users\Kelly\AppData\Local\getsav-in
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#8
momsutton3

momsutton3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Oops missed that part doing it now.


Edited by momsutton3, 30 January 2015 - 10:09 AM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:)
  • 0

#10
momsutton3

momsutton3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

ok here is the other scan results.

 

wMBR version 1.0.1.2252 Copyright© 2014 AVAST Software

Run date: 2015-01-30 10:08:16

-----------------------------

10:08:16.638    OS Version: Windows x64 6.2.9200

10:08:16.639    Number of processors: 2 586 0x3A09

10:08:16.640    ComputerName: KELLY  UserName:

10:08:20.396    Initialize success

10:08:20.411    VM: initialized successfully

10:08:20.411    VM: Intel CPU supported virtualized

10:08:22.523    VM: disk I/O iaStorA.sys

10:08:26.262    AVAST engine defs: 14110700

10:08:29.360    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002a

10:08:29.362    Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11

10:08:29.457    Disk 0 MBR read successfully

10:08:29.459    Disk 0 MBR scan

10:08:29.732    Disk 0 unknown MBR code

10:08:29.740    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1

10:08:30.069    Disk 0 scanning C:\WINDOWS\system32\drivers

10:08:39.363    Service scanning

10:08:59.602    Modules scanning

10:08:59.608    Disk 0 trace - called modules:

10:08:59.624    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys

10:08:59.628    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000597f2060]

10:08:59.631    3 CLASSPNP.SYS[fffff801e39a227b] -> nt!IofCallDriver -> [0xffffe0005852ade0]

10:08:59.634    5 ACPI.sys[fffff801e340c7aa] -> nt!IofCallDriver -> \Device\0000002a[0xffffe00058fff060]

10:09:07.869    AVAST engine scan C:\WINDOWS

10:09:19.367    AVAST engine scan C:\WINDOWS\system32

10:12:21.462    AVAST engine scan C:\WINDOWS\system32\drivers

10:12:37.004    AVAST engine scan C:\Users\Kelly_2

10:13:36.923    Disk 0 MBR has been saved successfully to "C:\Users\Kelly_2\Desktop\MBR.dat"

10:13:36.932    The log file has been saved successfully to "C:\Users\Kelly_2\Desktop\aswMBR.txt"


  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could now run the FRST fix from my previous post, and once it has run and rebooted could you try the internet and let me know of any problems
  • 0

#12
momsutton3

momsutton3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

OH MY - fingers crossed - so far so good. Not doing it.

THANK YOU!!!!!!!!!!!!


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the fixlog.txt, it should be on your desktop :)
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP