Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something is blocking my updates in Windows 7

Windows updates Adobe Air Microsoft Office problems

  • Please log in to reply

#1
Beetrix

Beetrix

    Member

  • Member
  • PipPipPip
  • 128 posts

Good morning,

 

For the last couple of weeks, Windows 7 keeps wanting to update, Adobe Air won't update. I tried removing it, because I don't need it, but I couldn't remove it.

 Microsoft Office opens a window that says it is preparing to install and then says "Fatal error during installation."

Also, When I put my computer in a Sleep mode, sometimes it shuts down.

 

I ran Avast, Malwarebytes, and SuperAntispyware. I ran OTL and here is the log.

 

Notice I have lots of files from photo's for a web site.

 

 

OTL logfile created on: 2/4/2015 5:23:28 AM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bee\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.91 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 50.08% Memory free
7.82 Gb Paging File | 5.79 Gb Available in Paging File | 73.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.84 Gb Total Space | 609.31 Gb Free Space | 88.97% Space Free | Partition Type: NTFS
Drive D: | 13.70 Gb Total Space | 0.27 Gb Free Space | 1.98% Space Free | Partition Type: NTFS
 
Computer Name: BEE | User Name: Bee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/04 05:23:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bee\Downloads\OTL.exe
PRC - [2015/02/04 04:42:09 | 005,225,064 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/02/04 04:42:09 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/12/02 22:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/10/01 13:32:41 | 000,643,584 | ---- | M] (Notably Good Ltd) -- C:\Program Files (x86)\Affixa\AffixaTray.exe
PRC - [2013/05/20 17:33:28 | 001,332,360 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/12/14 16:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2011/12/14 16:53:44 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/03/09 16:06:48 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/03/09 13:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2010/11/26 06:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/08/05 15:08:52 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2010/08/05 15:08:38 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2010/02/11 09:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2009/11/11 15:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/07/02 13:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/04 04:42:10 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/01/20 22:35:44 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/11/13 05:57:05 | 001,669,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bb21380c3d4870a81038f30e1a00bcd5\Microsoft.VisualBasic.ni.dll
MOD - [2014/11/13 05:53:16 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll
MOD - [2014/10/16 03:17:14 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll
MOD - [2014/10/16 03:17:11 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014/10/16 03:16:40 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\b8e72b75a31229c5ae9d34289305c52b\ReachFramework.ni.dll
MOD - [2014/10/16 03:14:35 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
MOD - [2014/10/16 03:11:19 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\75670ab8fe2a25bf165fafcc25be270e\System.Web.Services.ni.dll
MOD - [2014/10/16 03:11:18 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
MOD - [2014/10/16 03:11:13 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f45bc0251cceb599622f55cc1c7f4aba\System.Transactions.ni.dll
MOD - [2014/10/16 03:11:12 | 006,638,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\4b335bfaa07fc54f2d72213d33f53e97\System.Data.ni.dll
MOD - [2014/10/16 03:10:56 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/16 03:10:51 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/16 03:10:50 | 000,688,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\fc21baf1fd69ebbc21be4a9189951fc0\System.Security.ni.dll
MOD - [2014/10/16 03:10:48 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/16 03:10:45 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/16 03:10:29 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/10/15 20:32:15 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/15 20:32:06 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/15 20:32:05 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/15 20:32:02 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 20:32:02 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/15 20:31:59 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/15 20:31:59 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 20:31:58 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/15 20:31:58 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/15 20:31:57 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/15 20:31:56 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/10/01 13:35:18 | 000,047,192 | ---- | M] () -- C:\Program Files (x86)\Affixa\NotablyGoodClient.XmlSerializers.dll
MOD - [2014/09/12 03:44:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\0483c93466914f3fbd5b44454b0c8a98\Accessibility.ni.dll
MOD - [2014/09/12 03:44:24 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/03/20 14:49:19 | 002,952,704 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/03/03 21:57:21 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/26 15:03:00 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/12/26 14:40:33 | 000,637,952 | ---- | M] () -- C:\Program Files (x86)\Affixa\System.Data.SQLite.DLL
MOD - [2011/12/14 16:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2011/12/14 09:43:04 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
MOD - [2009/07/02 13:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/02/04 04:42:09 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/21 18:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/13 04:11:28 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 01:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2015/01/25 10:48:03 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/02 22:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 09:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/20 17:33:28 | 001,332,360 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2013/03/11 09:50:04 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\afasrv64.exe -- (AfaService)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/12/14 16:53:44 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)
SRV - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/03/09 16:06:48 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/03/09 13:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/11/26 06:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/05 15:08:38 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/02/04 04:43:13 | 000,087,912 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswmonflt.sys -- (aswMonFlt)
DRV:64bit: - [2015/02/04 04:43:12 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2015/02/04 04:42:11 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/02/04 04:42:11 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/02/04 04:42:11 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/02/04 04:42:11 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/02/04 04:42:11 | 000,065,776 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/02/04 04:42:11 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/01/17 08:14:32 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/08/15 22:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/02/05 21:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/05 13:21:30 | 001,874,016 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/04/24 20:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/12 16:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 09:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/21 18:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 08:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/03 09:04:10 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/13 04:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 15:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 10:20:32 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/02 09:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/21 00:43:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2009/09/21 00:43:52 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2009/09/21 00:43:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999/03/07 19:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\pmemnt.sys -- (PMEM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...?q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{47A5A5E7-3576-4944-B7E3-7BDB7A067DF9}: "URL" = http://www.amazon.co...ds={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.n...s=1418903708522
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{25322A63-C2B7-4514-9952-B29DA72188D1}: "URL" = http://isearch.shopa...&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...&iwk=277&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://www.bing.com/...079DF&PC=U079="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.YourVideoChat_86.com/Plugin: C:\Program Files (x86)\YourVideoChat_86EI\Installr\1.bin\NP86EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Bee\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Bee\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/thinkorswim: C:\Users\Bee\AppData\Local\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Users\Bee\AppData\Local\thinkorswim\nptossc.dll (TD Ameritrade)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/02/04 04:43:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/08/18 05:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bee\AppData\Roaming\Mozilla\Extensions
[2014/02/17 12:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bee\AppData\Roaming\Mozilla\Firefox\Profiles\51i3ljtx.default\extensions
[2014/06/21 17:25:24 | 000,006,057 | ---- | M] () -- C:\Users\Bee\AppData\Roaming\Mozilla\Firefox\Profiles\51i3ljtx.default\searchplugins\bingp.xml
[2013/08/18 05:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/31 10:26:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/02/19 05:48:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AffixaPersonalSettings] C:\Program Files (x86)\Affixa\AffixaHandler.exe (Notably Good Ltd)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [Affixa] C:\Program Files (x86)\Affixa\AffixaTray.exe (Notably Good Ltd)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe File not found
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe File not found
O4 - HKCU..\Run: [ShopAtHomeUpdater] C:\Users\Bee\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe File not found
O4 - HKCU..\Run: [ShopAtHomeWatcher] C:\Users\Bee\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1423050724 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Pin It - {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - C:\Program Files (x86)\Pinterest\Pin It\FrameScript.htm ()
O9 - Extra 'Tools' menuitem : &Pin It - {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - C:\Program Files (x86)\Pinterest\Pin It\FrameScript.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67BFE14F-B49D-407E-A7F2-CCB31337931D}: DhcpNameServer = 8.8.8.8 68.116.46.115 69.144.127.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99212497-8317-4BE1-9913-EEC8A506F3FE}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0C69C9F-4B9A-4025-889E-4003D7F700CE}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox64.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/04 04:43:30 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Roaming\AVAST Software
[2015/02/04 04:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/02/04 04:42:20 | 000,116,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/02/04 04:42:19 | 000,436,624 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2015/02/04 04:42:19 | 000,087,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswmonflt.sys
[2015/02/04 04:42:19 | 000,083,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswmonflt.sys.1423053793235
[2015/02/04 04:42:18 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/02/04 04:42:16 | 001,050,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1423053792580
[2015/02/04 04:42:16 | 001,050,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2015/02/04 04:42:13 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/02/04 04:42:10 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/02/04 04:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/01/27 04:33:01 | 000,000,000 | ---D | C] -- C:\64cabd91b2ff1ef5832766dcb2
[2015/01/16 12:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/01/16 12:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/01/16 12:33:40 | 005,317,104 | ---- | C] (Piriform Ltd) -- C:\Users\Bee\Desktop\ccsetup501.exe
[2013/11/13 04:34:27 | 007,454,064 | ---- | C] (Notably Good Ltd) -- C:\Users\Bee\AppData\Roaming\Affixa-Setup-Full.exe
[2012/10/12 10:38:53 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/04 04:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/04 04:43:20 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/02/04 04:43:13 | 000,087,912 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswmonflt.sys
[2015/02/04 04:43:12 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2015/02/04 04:42:11 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2015/02/04 04:42:11 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/02/04 04:42:11 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/02/04 04:42:11 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/02/04 04:42:11 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/02/04 04:42:11 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswmonflt.sys.1423053793235
[2015/02/04 04:42:11 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/02/04 04:42:11 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2015/02/04 04:42:10 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/02/04 04:42:07 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1423053792580
[2015/02/04 03:59:13 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/04 03:59:13 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/04 03:51:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/03 17:35:47 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/03 17:35:47 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/03 17:35:47 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/03 05:47:38 | 000,021,294 | ---- | M] () -- C:\Users\Bee\Documents\Faces 11.bak
[2015/02/03 05:47:38 | 000,021,272 | ---- | M] () -- C:\Users\Bee\Documents\Faces 11.htm
[2015/02/03 04:25:19 | 000,022,971 | ---- | M] () -- C:\Users\Bee\Documents\Bands A to Z.htm
[2015/02/03 04:25:19 | 000,022,971 | ---- | M] () -- C:\Users\Bee\Documents\Bands A to Z.bak
[2015/02/03 04:16:49 | 000,020,696 | ---- | M] () -- C:\Users\Bee\Documents\index.htm
[2015/02/03 04:16:49 | 000,020,695 | ---- | M] () -- C:\Users\Bee\Documents\index.bak
[2015/01/17 08:14:32 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/16 14:35:07 | 000,035,756 | ---- | M] () -- C:\Users\Bee\Documents\Faces 9.htm
[2015/01/16 14:35:07 | 000,035,756 | ---- | M] () -- C:\Users\Bee\Documents\Faces 9.bak
[2015/01/16 14:30:54 | 000,080,323 | ---- | M] () -- C:\Users\Bee\Documents\Faces 2.htm
[2015/01/16 14:30:54 | 000,080,323 | ---- | M] () -- C:\Users\Bee\Documents\Faces 2.bak
[2015/01/16 14:28:33 | 000,015,783 | ---- | M] () -- C:\Users\Bee\Documents\Across the Universe.htm
[2015/01/16 14:28:33 | 000,015,783 | ---- | M] () -- C:\Users\Bee\Documents\Across the Universe.bak
[2015/01/16 14:21:05 | 000,101,159 | ---- | M] () -- C:\Users\Bee\Documents\News 2.htm
[2015/01/16 14:21:05 | 000,100,984 | ---- | M] () -- C:\Users\Bee\Documents\News 2.bak
[2015/01/16 14:18:12 | 000,014,008 | ---- | M] () -- C:\Users\Bee\Documents\Fallen Stars RIP.htm
[2015/01/16 14:18:12 | 000,013,925 | ---- | M] () -- C:\Users\Bee\Documents\Fallen Stars RIP.bak
[2015/01/16 12:41:05 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/01/16 12:33:40 | 005,317,104 | ---- | M] (Piriform Ltd) -- C:\Users\Bee\Desktop\ccsetup501.exe
[2015/01/15 12:58:42 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBee.job
[2015/01/10 12:16:53 | 000,086,582 | ---- | M] () -- C:\Users\Bee\Documents\Faces 14.htm
[2015/01/10 12:16:52 | 000,086,549 | ---- | M] () -- C:\Users\Bee\Documents\Faces 14.bak
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/02/04 04:43:20 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/02/04 04:42:20 | 000,267,632 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/02/04 04:42:19 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/02/04 04:42:18 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2015/01/16 12:41:05 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/10/23 15:32:15 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2014/05/08 15:36:20 | 000,000,090 | ---- | C] () -- C:\Users\Bee\AppData\Roaming\mbam.context.scan
[2014/04/08 06:08:20 | 000,003,584 | ---- | C] () -- C:\Users\Bee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/25 16:31:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/25 16:31:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/25 16:31:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/25 16:31:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/25 16:31:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/13 10:28:42 | 000,000,632 | RHS- | C] () -- C:\Users\Bee\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/07/21 04:16:35 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Affixa
[2015/02/04 04:43:30 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\AVAST Software
[2012/11/20 04:19:48 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Blio
[2012/07/25 10:38:50 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/12/02 06:06:05 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Cyberduck
[2012/05/14 13:31:24 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\DisplayTune
[2014/10/20 10:05:43 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\DriverCure
[2013/08/17 06:12:15 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\eCyber
[2012/06/21 15:03:47 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\IBM
[2013/09/20 05:33:10 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Mapi2Xml
[2013/08/16 21:42:42 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Paltalk
[2014/09/22 11:36:58 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\ShopAtHome
[2014/10/20 10:05:43 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\SpeedyPC Software
[2013/08/12 04:19:25 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\TeamViewer
[2012/05/15 16:41:55 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\WinBatch
[2013/07/29 21:31:53 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Windows Live Writer
[2012/12/02 06:02:54 | 000,000,000 | -HSD | M] -- C:\Users\Bee\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >


Edited by Beetrix, 04 February 2015 - 08:25 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 

 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  

    • 0

    #3
    Beetrix

    Beetrix

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 128 posts

    Good morning,

     

    Thank you for your reply.

     

     

    On step one, I followed your instructions with Computer, C-drive, Windows, I found two System files, one was empty and the other had a wheel in front of the word System.

    I wasn't sure if this was the correct file, so I didn't delete it.

    Here are the contents: ; for 16-bit app support
    [386Enh]
    woafont=dosapp.fon
    EGA80WOA.FON=EGA80WOA.FON
    EGA40WOA.FON=EGA40WOA.FON
    CGA80WOA.FON=CGA80WOA.FON
    CGA40WOA.FON=CGA40WOA.FON
    [drivers]
    wave=mmdrv.dll
    timer=timer.drv
    [mci]

     

    I ran the scan, but it didn't find any integrity violations.

     

    I ran the Event Viewer. Here are the results for both

    ; for 16-bit app support
    [386Enh]
    woafont=dosapp.fon
    EGA80WOA.FON=EGA80WOA.FON
    EGA40WOA.FON=EGA40WOA.FON
    CGA80WOA.FON=CGA80WOA.FON
    CGA40WOA.FON=CGA40WOA.FON
    [drivers]
    wave=mmdrv.dll
    timer=timer.drv
    [mci]

     

     

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 06/02/2015 8:09:32 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 06/02/2015 2:27:54 PM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 06/02/2015 2:27:54 PM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 06/02/2015 2:27:06 PM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 06/02/2015 2:27:06 PM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 06/02/2015 2:24:58 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce79d93 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f Exception code: 0xc0000005 Fault offset: 0x00000000000035e1 Faulting process id: 0x176c Faulting application start time: 0x01d04217b45cb262 Faulting application path: C:\Windows\system32\msiexec.exe Faulting module path: C:\Windows\system32\msvcrt.dll Report Id: ed074a01-ae0b-11e4-a1f7-e89a8f14efb3

    Log: 'Application' Date/Time: 06/02/2015 1:56:31 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce79d93 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f Exception code: 0xc0000005 Fault offset: 0x00000000000035e1 Faulting process id: 0xa60 Faulting application start time: 0x01d04213adbf53db Faulting application path: C:\Windows\system32\msiexec.exe Faulting module path: C:\Windows\system32\msvcrt.dll Report Id: f3f5667a-ae07-11e4-a1f7-e89a8f14efb3

    Log: 'Application' Date/Time: 06/02/2015 12:54:03 PM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 06/02/2015 12:54:03 PM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 06/02/2015 12:53:16 PM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 06/02/2015 12:53:16 PM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 06/02/2015 3:15:36 AM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 06/02/2015 3:15:36 AM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 06/02/2015 3:14:48 AM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 06/02/2015 3:14:48 AM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 05/02/2015 9:30:59 PM
    Type: Error Category: 3
    Event: 455 Source: ESENT
    DllHost (2412) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Bee\AppData\Local\Microsoft\Windows\WebCache\V0100001.log.

    Log: 'Application' Date/Time: 05/02/2015 9:15:45 PM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 05/02/2015 9:15:45 PM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 05/02/2015 9:14:59 PM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 05/02/2015 9:14:59 PM
    Type: Error Category: 0
    Event: 11606 Source: MsiInstaller
    Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

    Log: 'Application' Date/Time: 05/02/2015 7:54:25 PM
    Type: Error Category: 3
    Event: 7010 Source: Microsoft-Windows-Search
    The index cannot be initialized.

    Details:
     The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 06/02/2015 2:17:57 PM
    Type: Warning Category: 0
    Event: 1001 Source: MsiInstaller
    Detection of product '{90140000-003D-0000-0000-0000000FF1CE}', feature 'WxpFiles' failed during request for component ''

    Log: 'Application' Date/Time: 06/02/2015 1:49:08 PM
    Type: Warning Category: 0
    Event: 1001 Source: MsiInstaller
    Detection of product '{90140000-003D-0000-0000-0000000FF1CE}', feature 'WORDFiles' failed during request for component '{019C826E-445A-4649-A5B0-0BF08FCC4EEE}'

    Log: 'Application' Date/Time: 06/02/2015 1:39:37 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-3969357861-245451301-220097965-1000:
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\Disallowed
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\Root
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\trust
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\My
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\CA
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2528 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\TrustedPeople

    Log: 'Application' Date/Time: 06/02/2015 12:52:08 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   12 user registry handles leaked from \Registry\User\S-1-5-21-3969357861-245451301-220097965-1000:
    Process 2608 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000
    Process 2608 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000
    Process 2608 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000
    Process 2608 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\Disallowed
    Process 2608 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\Root
    Process 2608 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\trust
    Process 2608 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 2608 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\My
    Process 2608 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\CA
    Process 2608 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2608 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2608 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Policies\Microsoft\SystemCertificates

    Log: 'Application' Date/Time: 06/02/2015 1:54:05 AM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <iehistory://{S-1-5-18}/> cannot be accessed.

    Context:  Application, SystemIndex Catalog

    Details:
     (HRESULT : 0x80004005) (0x80004005)

    Log: 'Application' Date/Time: 06/02/2015 1:54:05 AM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <iehistory://{S-1-5-21-3969357861-245451301-220097965-1004}/> cannot be accessed.

    Context:  Application, SystemIndex Catalog

    Details:
     (HRESULT : 0x80004005) (0x80004005)

    Log: 'Application' Date/Time: 05/02/2015 9:12:06 PM
    Type: Warning Category: 0
    Event: 0 Source: HP Client Services
    The event description cannot be found.

    Log: 'Application' Date/Time: 05/02/2015 9:12:06 PM
    Type: Warning Category: 0
    Event: 0 Source: HP Client Services
    The event description cannot be found.

    Log: 'Application' Date/Time: 05/02/2015 9:11:49 PM
    Type: Warning Category: 0
    Event: 0 Source: HP Client Services
    The event description cannot be found.

    Log: 'Application' Date/Time: 05/02/2015 9:11:48 PM
    Type: Warning Category: 0
    Event: 0 Source: HP Client Services
    The event description cannot be found.

    Log: 'Application' Date/Time: 05/02/2015 9:02:36 PM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <iehistory://{S-1-5-18}/> cannot be accessed.

    Context: Windows Application, SystemIndex Catalog

    Details:
     (HRESULT : 0x80004005) (0x80004005)

    Log: 'Application' Date/Time: 05/02/2015 9:02:36 PM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <iehistory://{S-1-5-21-3969357861-245451301-220097965-1004}/> cannot be accessed.

    Context: Windows Application, SystemIndex Catalog

    Details:
     (HRESULT : 0x80004005) (0x80004005)

    Log: 'Application' Date/Time: 05/02/2015 8:02:35 PM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <iehistory://{S-1-5-18}/> cannot be accessed.

    Context: Windows Application, SystemIndex Catalog

    Details:
     (HRESULT : 0x80004005) (0x80004005)

    Log: 'Application' Date/Time: 05/02/2015 8:02:35 PM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <iehistory://{S-1-5-18}/> cannot be accessed.

    Context: Windows Application, SystemIndex Catalog

    Details:
     (HRESULT : 0x80004005) (0x80004005)

    Log: 'Application' Date/Time: 05/02/2015 8:02:35 PM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <iehistory://{S-1-5-21-3969357861-245451301-220097965-1004}/> cannot be accessed.

    Context: Windows Application, SystemIndex Catalog

    Details:
     (HRESULT : 0x80004005) (0x80004005)

    Log: 'Application' Date/Time: 05/02/2015 8:02:35 PM
    Type: Warning Category: 3
    Event: 3036 Source: Microsoft-Windows-Search
    The content source <iehistory://{S-1-5-21-3969357861-245451301-220097965-1004}/> cannot be accessed.

    Context: Windows Application, SystemIndex Catalog

    Details:
     (HRESULT : 0x80004005) (0x80004005)

    Log: 'Application' Date/Time: 05/02/2015 7:55:18 PM
    Type: Warning Category: 1
    Event: 1008 Source: Microsoft-Windows-Search
    The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Corruption}.

    Log: 'Application' Date/Time: 05/02/2015 6:16:11 PM
    Type: Warning Category: 0
    Event: 1001 Source: MsiInstaller
    Detection of product '{90140000-003D-0000-0000-0000000FF1CE}', feature 'WORDFiles' failed during request for component '{019C826E-445A-4649-A5B0-0BF08FCC4EEE}'

    Log: 'Application' Date/Time: 05/02/2015 6:10:49 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-3969357861-245451301-220097965-1000:
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\Disallowed
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\Root
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\trust
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\My
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\CA
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2404 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\SystemCertificates\TrustedPeople

    Log: 'Application' Date/Time: 05/02/2015 3:54:12 PM
    Type: Warning Category: 1
    Event: 1020 Source: ASP.NET 4.0.30319.0
    Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /I.

     

     

     

    Farbar Recovery

    Here are the results.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
    Ran by Bee (administrator) on BEE on 06-02-2015 08:16:41
    Running from C:\Users\Bee\Desktop
    Loaded Profiles: Bee (Available profiles: Bee & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    () C:\Windows\SysWOW64\afasrv64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Notably Good Ltd) C:\Program Files (x86)\Affixa\AffixaTray.exe
    () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
    (Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-20] (Hewlett-Packard )
    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-05-20] (PDF Complete Inc)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [AffixaPersonalSettings] => C:\Program Files (x86)\Affixa\AffixaHandler.exe [209272 2014-10-01] (Notably Good Ltd)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-04] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-03] (SUPERAntiSpyware)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [ShopAtHomeWatcher] => C:\Users\Bee\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [ShopAtHomeUpdater] => C:\Users\Bee\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [Affixa] => C:\Program Files (x86)\Affixa\AffixaTray.exe [643584 2014-10-01] (Notably Good Ltd)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\RunOnce: [Adobe Speed Launcher] => 1423230085
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
    ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
    ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\Users\RYAN.Bee-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
    ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.n...s=1418903708522
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...?q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM -> {47A5A5E7-3576-4944-B7E3-7BDB7A067DF9} URL = http://www.amazon.co...ds={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...?q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...?q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {25322A63-C2B7-4514-9952-B29DA72188D1} URL = http://isearch.shopa...&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.co...&iwk=277&lng=en
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} ->  No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
    Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Bee\AppData\Roaming\Mozilla\Firefox\Profiles\51i3ljtx.default
    FF DefaultSearchEngine: Bing
    FF SearchEngineOrder.3: Bing
    FF SelectedSearchEngine: Bing
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @ei.YourVideoChat_86.com/Plugin -> C:\Program Files (x86)\YourVideoChat_86EI\Installr\1.bin\NP86EISB.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3969357861-245451301-220097965-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Bee\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-3969357861-245451301-220097965-1000: @hulu.com/Hulu Desktop -> C:\Users\Bee\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
    FF Plugin HKU\S-1-5-21-3969357861-245451301-220097965-1000: tdameritrade.com/thinkorswim -> C:\Users\Bee\AppData\Local\thinkorswim\npthinkorswim.dll (TD Ameritrade)
    FF Plugin HKU\S-1-5-21-3969357861-245451301-220097965-1000: tdameritrade.com/tossc -> C:\Users\Bee\AppData\Local\thinkorswim\nptossc.dll (TD Ameritrade)
    FF SearchPlugin: C:\Users\Bee\AppData\Roaming\Mozilla\Firefox\Profiles\51i3ljtx.default\searchplugins\bingp.xml
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-04]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    Chrome:
    =======
    CHR Profile: C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18]
    CHR Extension: (Google Drive) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]
    CHR Extension: (YouTube) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
    CHR Extension: (Google Search) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
    CHR Extension: (Avast Online Security) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-04]
    CHR Extension: (Google Wallet) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
    CHR Extension: (Gmail) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-04]
    StartMenuInternet: Google Chrome.RYAN - c:\users\ryan.bee-hp.000\appdata\local\google\chrome\application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
    R2 AfaService; C:\Windows\SysWOW64\afasrv64.exe [73728 2013-03-11] () [File not signed]
    S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-04] (AVAST Software)
    R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-05] (Hewlett-Packard) [File not signed]
    R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129648 2011-03-09] (Portrait Displays, Inc.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1332360 2013-05-20] (PDF Complete Inc)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-04] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-04] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-04] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-04] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-04] ()
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-17] (Malwarebytes Corporation)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    S4 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-07] (Microsoft Corporation) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 MHIKEY10; System32\Drivers\MHIKEY10x64.sys [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-06 08:16 - 2015-02-06 08:17 - 00022841 _____ () C:\Users\Bee\Desktop\FRST.txt
    2015-02-06 08:16 - 2015-02-06 08:16 - 00000000 ____D () C:\FRST
    2015-02-06 08:15 - 2015-02-06 08:15 - 02131968 _____ (Farbar) C:\Users\Bee\Desktop\FRST64.exe
    2015-02-06 08:10 - 2015-02-06 08:10 - 00020862 _____ () C:\Users\Bee\Desktop\VEW-application-2.txt
    2015-02-06 08:06 - 2015-02-06 08:06 - 00016763 _____ () C:\Users\Bee\Desktop\VEW-results in notepad.txt
    2015-02-06 08:05 - 2015-02-06 08:09 - 00020862 _____ () C:\VEW.txt
    2015-02-06 08:00 - 2015-02-06 08:00 - 00061440 _____ ( ) C:\Users\Bee\Desktop\VEW.exe
    2015-02-06 04:38 - 2015-02-06 04:38 - 00000000 ____D () C:\Windows\CheckSur
    2015-02-06 04:29 - 2015-02-06 04:50 - 564744309 _____ () C:\Users\Bee\Desktop\Windows6.1-KB947821-v34-x64.msu
    2015-02-05 13:22 - 2015-02-05 13:27 - 00000003 _____ () C:\Users\Bee\Documents\WindowsUpdate-copy just in case-dete later 2-5-15.txt
    2015-02-05 10:12 - 2015-02-05 10:12 - 00000000 ____D () C:\85dd5265ef77622edaf18b0b3222
    2015-02-05 08:32 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-02-05 08:32 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-02-05 08:32 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-02-05 08:20 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2015-02-05 08:19 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2015-02-05 08:19 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2015-02-05 08:19 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2015-02-05 08:19 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2015-02-05 08:19 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2015-02-05 08:19 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2015-02-05 08:19 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-02-05 08:19 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2015-02-05 08:19 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2015-02-05 08:19 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2015-02-05 08:19 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2015-02-05 08:19 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2015-02-05 08:19 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2015-02-05 08:19 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2015-02-04 14:35 - 2015-02-04 14:35 - 00053188 _____ () C:\Users\Bee\Desktop\otl-1.txt
    2015-02-04 05:29 - 2015-02-04 05:29 - 00106378 _____ () C:\Users\Bee\Downloads\OTL.Txt
    2015-02-04 05:23 - 2015-02-04 05:23 - 00602112 _____ (OldTimer Tools) C:\Users\Bee\Downloads\OTL.exe
    2015-02-04 04:43 - 2015-02-04 04:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-02-04 04:43 - 2015-02-04 04:43 - 00001926 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-02-04 04:43 - 2015-02-04 04:43 - 00000000 ____D () C:\Users\Bee\AppData\Roaming\AVAST Software
    2015-02-04 04:43 - 2015-02-04 04:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-02-04 04:42 - 2015-02-04 04:43 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2015-02-04 04:42 - 2015-02-04 04:43 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-02-04 04:42 - 2015-02-04 04:42 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2015-02-04 04:42 - 2015-02-04 04:42 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-02-04 04:41 - 2015-02-04 04:41 - 00000000 ____D () C:\Program Files\AVAST Software
    2015-02-04 04:40 - 2015-02-04 04:40 - 05006864 _____ (AVAST Software) C:\Users\Bee\Downloads\avast_free_antivirus_setup_online.exe
    2015-01-27 04:33 - 2015-01-27 04:33 - 00000000 ____D () C:\64cabd91b2ff1ef5832766dcb2
    2015-01-17 08:26 - 2015-01-17 08:27 - 132469808 _____ (AVAST Software) C:\Users\Bee\Downloads\avast_free_antivirus_setup (1).exe
    2015-01-16 12:41 - 2015-01-16 12:41 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-01-16 12:41 - 2015-01-16 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-01-16 12:41 - 2015-01-16 12:41 - 00000000 ____D () C:\Program Files\CCleaner
    2015-01-16 12:40 - 2015-01-16 12:40 - 05317104 _____ (Piriform Ltd) C:\Users\Bee\Downloads\ccsetup501.exe
    2015-01-16 12:33 - 2015-01-16 12:33 - 05317104 _____ (Piriform Ltd) C:\Users\Bee\Desktop\ccsetup501.exe
    2015-01-14 04:42 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 04:42 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 04:42 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 04:42 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 04:42 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 04:42 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 04:42 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 04:42 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 04:42 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 04:42 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 04:42 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 04:42 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-06 08:05 - 2014-11-17 14:48 - 01709507 _____ () C:\Windows\WindowsUpdate.log
    2015-02-06 08:02 - 2012-05-14 13:26 - 00000000 ____D () C:\Users\Bee\AppData\Local\VirtualStore
    2015-02-06 07:48 - 2013-09-13 05:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-06 06:26 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-06 06:26 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-06 06:17 - 2014-10-06 04:42 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-02-06 06:08 - 2013-08-18 05:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-06 05:42 - 2014-07-18 06:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-02-06 05:41 - 2011-04-21 18:47 - 00000000 ____D () C:\ProgramData\PDFC
    2015-02-06 05:41 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-05 17:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-05 08:22 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-02-05 07:54 - 2011-02-11 09:15 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-02-05 07:54 - 2009-07-13 21:13 - 00774592 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-05 05:48 - 2013-09-13 05:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-05 05:48 - 2012-05-15 09:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-05 05:48 - 2012-05-15 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-05 04:04 - 2014-01-25 17:39 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-02-05 04:04 - 2012-09-16 10:31 - 00000000 ____D () C:\Program Files\Bonjour
    2015-02-05 04:04 - 2012-09-16 10:31 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2015-02-04 04:47 - 2012-08-25 03:47 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-02-04 04:46 - 2014-06-21 17:25 - 00000000 ____D () C:\Program Files (x86)\Coupons
    2015-02-04 04:41 - 2012-11-24 06:38 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-02-03 19:03 - 2014-10-26 10:28 - 00000000 ____D () C:\Windows\Minidump
    2015-02-03 19:03 - 2012-06-06 16:25 - 00000000 ____D () C:\Users\Bee\AppData\Local\CrashDumps
    2015-02-03 17:23 - 2012-07-12 15:37 - 00000000 ____D () C:\Users\Guest
    2015-02-03 17:23 - 2012-07-09 18:44 - 00000000 ____D () C:\Users\RYAN.Bee-HP
    2015-02-03 17:23 - 2012-05-14 13:25 - 00000000 ____D () C:\Users\Bee
    2015-02-03 17:23 - 2011-04-21 18:37 - 00000000 ____D () C:\ProgramData\RoxioNow
    2015-02-03 17:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
    2015-02-03 05:47 - 2012-12-14 06:29 - 00021294 _____ () C:\Users\Bee\Documents\Faces 11.bak
    2015-02-03 05:47 - 2012-09-24 11:05 - 00021272 _____ () C:\Users\Bee\Documents\Faces 11.htm
    2015-02-03 04:25 - 2012-08-18 05:29 - 00022971 _____ () C:\Users\Bee\Documents\Bands A to Z.htm
    2015-02-03 04:25 - 2012-08-18 05:29 - 00022971 _____ () C:\Users\Bee\Documents\Bands A to Z.bak
    2015-02-03 04:16 - 2012-07-07 08:46 - 00020695 _____ () C:\Users\Bee\Documents\index.bak
    2015-02-03 04:16 - 2012-07-07 08:06 - 00020696 _____ () C:\Users\Bee\Documents\index.htm
    2015-01-22 18:40 - 2013-08-17 21:19 - 00003898 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{80A33008-1315-4857-840A-D50DD1C8A9ED}
    2015-01-17 13:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-17 09:14 - 2014-08-20 10:45 - 00000000 ____D () C:\Users\Bee\AppData\Local\Adobe
    2015-01-17 09:14 - 2013-01-12 05:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2015-01-17 08:14 - 2014-07-18 05:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-16 14:35 - 2012-09-24 10:15 - 00035756 _____ () C:\Users\Bee\Documents\Faces 9.htm
    2015-01-16 14:35 - 2012-09-24 10:15 - 00035756 _____ () C:\Users\Bee\Documents\Faces 9.bak
    2015-01-16 14:30 - 2012-09-21 12:11 - 00080323 _____ () C:\Users\Bee\Documents\Faces 2.bak
    2015-01-16 14:30 - 2012-09-21 12:09 - 00080323 _____ () C:\Users\Bee\Documents\Faces 2.htm
    2015-01-16 14:28 - 2012-10-05 11:49 - 00015783 _____ () C:\Users\Bee\Documents\Across the Universe.bak
    2015-01-16 14:28 - 2012-10-05 11:47 - 00015783 _____ () C:\Users\Bee\Documents\Across the Universe.htm
    2015-01-16 14:21 - 2012-08-17 11:39 - 00100984 _____ () C:\Users\Bee\Documents\News 2.bak
    2015-01-16 14:21 - 2012-08-17 11:36 - 00101159 _____ () C:\Users\Bee\Documents\News 2.htm
    2015-01-16 14:18 - 2012-10-09 06:25 - 00013925 _____ () C:\Users\Bee\Documents\Fallen Stars RIP.bak
    2015-01-16 14:18 - 2012-10-09 06:21 - 00014008 _____ () C:\Users\Bee\Documents\Fallen Stars RIP.htm
    2015-01-15 12:58 - 2014-06-08 15:56 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForBee.job
    2015-01-14 14:49 - 2013-08-12 17:22 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-14 14:45 - 2012-08-06 09:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-14 14:08 - 2014-01-29 06:51 - 00000000 ____D () C:\Users\Bee\Documents\Home and Medical 2014
    2015-01-10 12:16 - 2012-09-24 11:36 - 00086549 _____ () C:\Users\Bee\Documents\Faces 14.bak
    2015-01-10 12:16 - 2012-09-24 11:34 - 00086582 _____ () C:\Users\Bee\Documents\Faces 14.htm

    ==================== Files in the root of some directories =======

    2014-04-11 03:53 - 2014-04-11 04:06 - 38533120 _____ () C:\Program Files (x86)\GUTB66.tmp
    2012-10-12 10:38 - 2012-11-24 06:00 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    2013-11-13 04:34 - 2013-11-13 04:34 - 7454064 _____ (Notably Good Ltd) C:\Users\Bee\AppData\Roaming\Affixa-Setup-Full.exe
    2014-05-08 15:36 - 2014-05-08 15:36 - 0000090 _____ () C:\Users\Bee\AppData\Roaming\mbam.context.scan
    2014-04-08 06:08 - 2014-04-08 06:08 - 0003584 _____ () C:\Users\Bee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2013-07-03 05:51

    ==================== End Of Log ============================

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
    Ran by Bee at 2015-02-06 08:17:31
    Running from C:\Users\Bee\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version:  - )
    7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
    7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Affixa (x32 Version: 3.14.1001 - Notably Good Ltd) Hidden
    Affixa 3.2014.10.1 (HKLM-x32\...\Affixa 3.14.1001) (Version: 3.11.1127 - Notably Good Ltd)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
    Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Azteca (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Citrix Online Launcher (HKLM-x32\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
    DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
    Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
    Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fast Free Converter (HKLM-x32\...\Fast Free Converter) (Version: 4.1 - Fast Free Converter)
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
    Google Talk Plugin (HKLM-x32\...\{975C3A93-2491-3D44-A071-F6CBF153E46D}) (Version: 3.1.4.8140 - Google)
    Google Talk Plugin (HKLM-x32\...\{EAC98582-5ED4-3BCA-BCD5-9E1A328BD7BE}) (Version: 3.15.2.12038 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GoToMeeting 6.4.2.1669 (HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\GoToMeeting) (Version: 6.4.2.1669 - CitrixOnline)
    Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
    HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.03.021 - Portrait Displays, Inc.)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP TouchSmart (HKLM-x32\...\{1502291B-3C1B-4781-99F8-9D6D8C650588}) (Version: 4.0.41.0 - Hewlett-Packard)
    HP TouchSmart Apps Center (HKLM-x32\...\{8317485C-067B-4B5B-A2A3-9D36B7B0399E}) (Version: 4.0.0.1 - Hewlett-Packard)
    HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
    HP TouchSmart Browser (HKLM-x32\...\{4ACC9E9C-12D6-4A9D-8FBC-3FD469B9FD34}) (Version: 4.1.0012 - Hewlett-Packard)
    HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
    HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
    HP TouchSmart Clock (HKLM-x32\...\{97AA232A-58CB-41A2-A258-0593F98AB1E0}) (Version: 3.1.3881.29051 - Hewlett-Packard)
    HP TouchSmart eBay (HKLM-x32\...\{3D5771E2-EF71-4765-A96F-B80E9DFA3FE9}) (Version: 1.0.4025.15222 - Hewlett-Packard)
    HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4913 - Hewlett-Packard)
    HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
    HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.2.4913 - Hewlett-Packard)
    HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
    HP TouchSmart RSS (HKLM-x32\...\{608D7847-39B7-4D1D-AF6D-7DCC38C77615}) (Version: 4.1.0009 - Hewlett-Packard)
    HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
    HP TouchSmart Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1513D}) (Version: 3.0.4024.33750 - Hewlett-Packard)
    HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.2.4928 - Hewlett-Packard)
    HP TouchSmart Weather (HKLM-x32\...\{554D4753-4637-477E-BB52-901A819C798D}) (Version: 4.0.4.0 - Hewlett-Packard)
    HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.3603 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
    Hulu Desktop (HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
    IBM WebSphere Studio Homepage Builder V6.0 (HKLM-x32\...\{61F2F47F-9328-4726-B4BA-1F1A93648EB1}) (Version:  - )
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6308.0 - IDT)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
    LessTabs (HKLM-x32\...\LessTabs) (Version: 1.7.1.0 - LessTabs)
    LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft DirectX Transform optional components (HKLM-x32\...\DXTXTRA) (Version:  - )
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
    Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
    NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
    PDF Complete Office Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.46 - PDF Complete, Inc)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.3 - Pinterest)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
    SDK (x32 Version: 2.26.005 - Portrait Displays, Inc.) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
    Trusted Saver (HKLM-x32\...\Trusted Saver) (Version: 1.27.153.5 - Trusted Saver)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3969357861-245451301-220097965-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Bee\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Restore Points  =========================

    05-02-2015 03:53:46 Windows Update
    05-02-2015 05:06:31 Installed Microsoft Fix it 50123
    05-02-2015 05:08:54 Windows Update
    05-02-2015 05:13:50 Installed Microsoft Office Single Image 2010
    05-02-2015 07:45:35 Windows Update
    05-02-2015 07:48:03 Windows Update
    05-02-2015 07:58:23 Windows Update
    05-02-2015 07:59:13 Windows Update
    05-02-2015 08:04:43 Windows Update
    05-02-2015 08:08:40 Windows Update
    05-02-2015 08:10:54 Windows Update
    05-02-2015 08:11:42 Windows Update
    05-02-2015 08:13:17 Windows Update
    05-02-2015 08:15:32 Windows Update
    05-02-2015 08:17:20 Windows Update
    05-02-2015 08:19:32 Windows Update
    05-02-2015 08:27:07 Windows Update
    05-02-2015 08:32:07 Windows Update
    05-02-2015 08:35:28 Windows Update
    05-02-2015 08:36:28 Windows Update
    05-02-2015 08:37:45 Windows Update
    05-02-2015 08:39:49 Windows Update
    05-02-2015 08:41:36 Windows Update
    05-02-2015 08:43:37 Windows Update
    05-02-2015 10:04:08 Windows Update
    05-02-2015 10:08:20 Windows Update
    05-02-2015 10:10:50 Windows Update
    05-02-2015 10:16:18 Installed Microsoft Office Single Image 2010
    05-02-2015 13:13:50 Windows Update
    05-02-2015 13:16:10 Windows Update
    05-02-2015 13:17:45 Windows Update
    05-02-2015 19:13:37 Windows Update
    06-02-2015 04:37:38 Windows Update
    06-02-2015 04:52:09 Windows Update
    06-02-2015 05:49:14 Installed Microsoft Office Single Image 2010

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2014-02-19 05:48 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
    ::1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0C04AFA5-3C0D-4F1D-BD52-E58C994F7D87} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {13F25E47-EDDC-49A4-94B6-BF7472658DCE} - System32\Tasks\HPCeeScheduleForBee => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
    Task: {171AC34F-1A2D-4AD7-AD58-53563D73149E} - \AmiUpdXp No Task File <==== ATTENTION
    Task: {2324FA8F-3751-4D56-975E-067B4FEFCE5A} - System32\Tasks\G2MUpdateTask-S-1-5-21-3969357861-245451301-220097965-1000 => C:\Users\Bee\AppData\Local\Citrix\GoToMeeting\1669\g2mupdate.exe [2014-09-28] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {2641E35A-6810-417D-ACAB-EE083D9F2EFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {26AA8EA6-2E40-4CEC-A455-8F8D99F5EFBB} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask2
    Task: {34C3D2B3-09E1-4B58-AF3C-CB2012A9D252} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {4B6EFAF2-043F-4A96-A7A1-9B6E253AC92E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-11] (Google Inc.)
    Task: {501E5312-190F-44B7-A5B8-CA384E689D22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
    Task: {5A0CA9AB-9A4E-4748-9157-596D3D8FD89E} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTrack
    Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION
    Task: {626625D3-5666-486B-A7FE-7B45BBEB1C17} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-04] (AVAST Software)
    Task: {690A6D23-1C1D-4019-B01A-592B094E34E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-07-09] (Microsoft)
    Task: {75710F58-384C-47D7-8555-003468465487} - System32\Tasks\{07F04E62-E8B5-41A6-9114-7EAC8CC8BBB3} => Iexplore.exe http://ui.skype.com/...ffered;disabled
    Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION
    Task: {7B5B5BB3-31C9-4CFA-8DCB-755022B38707} - System32\Tasks\SpeedyPC Update Version3_triggeronce => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
    Task: {884626AB-3637-439A-8CD5-AFFF66B1B843} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-05] (Hewlett-Packard)
    Task: {8D23D0C9-F84D-4D4B-8D60-CAACFC9BB21D} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
    Task: {BD84B78D-E2E5-4655-8460-B490DFD5A768} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
    Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled No Task File <==== ATTENTION
    Task: {CB172FD3-EADF-47C7-979D-260FBB835029} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2013-07-09] (Hewlett-Packard)
    Task: {CBBF198E-BABA-422F-BB2B-FBAE18D80EF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-11] (Google Inc.)
    Task: {E29E6AD0-952A-4F2D-83B5-FD5B248598B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {E40AA2B3-27D9-493F-8DF4-46954CA3731F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
    Task: {ECA7ECD5-A4FA-4161-B897-756B1598AD13} - System32\Tasks\SpeedyPC Update Version3 => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
    Task: {F9555551-6A72-472B-B1BD-0E5236ED9FB1} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3969357861-245451301-220097965-1000.job => C:\Users\Bee\AppData\Local\Citrix\GoToMeeting\1669\g2mupdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForBee.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) ==============

    2012-05-27 14:38 - 2013-03-11 09:50 - 00073728 _____ () C:\Windows\SysWOW64\afasrv64.exe
    2014-10-23 15:32 - 2011-12-14 16:55 - 08453376 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    2011-04-21 18:38 - 2009-07-02 13:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    2014-10-23 15:32 - 2011-12-14 16:53 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
    2015-02-05 13:32 - 2015-02-05 13:32 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020501\algo.dll
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-12-26 14:40 - 2011-12-26 14:40 - 00637952 _____ () C:\Program Files (x86)\Affixa\System.Data.SQLite.dll
    2014-10-01 13:35 - 2014-10-01 13:35 - 00047192 _____ () C:\Program Files (x86)\Affixa\NotablyGoodClient.XmlSerializers.dll
    2014-10-23 15:32 - 2011-12-14 09:43 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
    2015-02-04 04:42 - 2015-02-04 04:42 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-10-23 15:32 - 2011-12-14 09:22 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:5C321E34

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3969357861-245451301-220097965-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: FontCache => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: seclogon => 2
    MSCONFIG\Services: YahooAUService => 2
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: Badoo Desktop => C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3969357861-245451301-220097965-500 - Administrator - Disabled)
    Bee (S-1-5-21-3969357861-245451301-220097965-1000 - Administrator - Enabled) => C:\Users\Bee
    Guest (S-1-5-21-3969357861-245451301-220097965-501 - Limited - Enabled) => C:\Users\Guest

    ==================== Faulty Device Manager Devices =============

    Name: Programmable interrupt controller
    Description: Programmable interrupt controller
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard system devices)
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/06/2015 06:27:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.

    Error: (02/06/2015 06:27:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.

    Error: (02/06/2015 06:27:06 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

    Error: (02/06/2015 06:27:06 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

    Error: (02/06/2015 06:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce79d93
    Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
    Exception code: 0xc0000005
    Fault offset: 0x00000000000035e1
    Faulting process id: 0x176c
    Faulting application start time: 0xmsiexec.exe0
    Faulting application path: msiexec.exe1
    Faulting module path: msiexec.exe2
    Report Id: msiexec.exe3

    Error: (02/06/2015 05:56:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce79d93
    Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
    Exception code: 0xc0000005
    Fault offset: 0x00000000000035e1
    Faulting process id: 0xa60
    Faulting application start time: 0xmsiexec.exe0
    Faulting application path: msiexec.exe1
    Faulting module path: msiexec.exe2
    Report Id: msiexec.exe3

    Error: (02/06/2015 04:54:03 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.

    Error: (02/06/2015 04:54:03 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.

    Error: (02/06/2015 04:53:16 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

    Error: (02/06/2015 04:53:16 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

    System errors:
    =============
    Error: (02/06/2015 06:29:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

    Error: (02/06/2015 06:28:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

    Error: (02/06/2015 06:28:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

    Error: (02/06/2015 06:26:58 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error:
    %%1056

    Error: (02/06/2015 06:24:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (02/06/2015 05:56:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (02/06/2015 05:41:16 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Error: (02/06/2015 05:41:16 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Error: (02/06/2015 04:55:30 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Error: (02/06/2015 04:55:30 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Microsoft Office Sessions:
    =========================
    Error: (02/06/2015 06:27:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (02/06/2015 06:27:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (02/06/2015 06:27:06 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (02/06/2015 06:27:06 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (02/06/2015 06:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: msiexec.exe5.0.7601.175144ce79d93msvcrt.dll7.0.7601.177444eeb033fc000000500000000000035e1176c01d04217b45cb262C:\Windows\system32\msiexec.exeC:\Windows\system32\msvcrt.dlled074a01-ae0b-11e4-a1f7-e89a8f14efb3

    Error: (02/06/2015 05:56:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: msiexec.exe5.0.7601.175144ce79d93msvcrt.dll7.0.7601.177444eeb033fc000000500000000000035e1a6001d04213adbf53dbC:\Windows\system32\msiexec.exeC:\Windows\system32\msvcrt.dllf3f5667a-ae07-11e4-a1f7-e89a8f14efb3

    Error: (02/06/2015 04:54:03 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (02/06/2015 04:54:03 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (02/06/2015 04:53:16 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (02/06/2015 04:53:16 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

    CodeIntegrity Errors:
    ===================================
      Date: 2012-11-24 06:21:03.791
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2012-11-24 06:21:03.760
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
    Percentage of memory in use: 54%
    Total physical RAM: 4006.76 MB
    Available physical RAM: 1842 MB
    Total Pagefile: 8011.71 MB
    Available Pagefile: 5772.91 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:684.84 GB) (Free:607.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:13.7 GB) (Free:0.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 8ACAE336)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=684.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

     

    Thank you, Beetrix

     

     

     


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    The installer is having a problem accessing a folder.  Let's see if we can figure out why:

     

    Copy the next lines:

     

     

    set > \junk.txt

    dir %appdata% >> \junk.txt

    notepad \junk.txt

     

     

    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.

     

    dir /a /s %appdata% > \junk.txt

     

    (If the command window is not still available.  Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.)  Right click in the command window and Paste or Edit then Paste and the copied line should appear.Open a reply (or use the previous one if you haven't posted it yet) and attach the \junk.txt file:  Click on More Replay Options, Then Choose File, C:\junk.txt, Open.  Attach File.  Add Reply.


    • 0

    #5
    Beetrix

    Beetrix

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 128 posts

    Here it is!

     

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Bee\AppData\Roaming
    asl.log=Destination=file
    CommonProgramFiles=C:\Program Files\Common Files
    CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
    CommonProgramW6432=C:\Program Files\Common Files
    COMPUTERNAME=BEE
    ComSpec=C:\Windows\system32\cmd.exe
    FPPUILang=en-US
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Bee
    HuluDesktopPath=C:\Users\Bee\AppData\Local\HuluDesktop\instances\0.9.14.1\HuluDesktop.exe
    LOCALAPPDATA=C:\Users\Bee\AppData\Local
    LOGONSERVER=\\BEE
    NUMBER_OF_PROCESSORS=4
    OnlineServices=Online Services
    OOBEUILang=en-US
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\System32\WindowsPowerShell\v1.0;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;c:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared;C:\Program Files (x86)\Windows Live\Shared
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PCBRAND=Pavilion
    Platform=HPD
    PROCESSOR_ARCHITECTURE=AMD64
    PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=2a07
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    ProgramFiles(x86)=C:\Program Files (x86)
    ProgramW6432=C:\Program Files
    PROMPT=$P$G
    PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
    PUBLIC=C:\Users\Public
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Bee\AppData\Local\Temp
    TMP=C:\Users\Bee\AppData\Local\Temp
    TouchAppsTargetDir=c:\Program Files (x86)\Microsoft Touch Pack for Windows 7\
    USERDOMAIN=BEE
    USERNAME=Bee
    USERPROFILE=C:\Users\Bee
    windir=C:\Windows
    windows_tracing_flags=3
    windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
     Volume in drive C is OS
     Volume Serial Number is 2697-460D

     Directory of C:\Users\Bee\AppData\Roaming

    02/04/2015  04:43 AM    <DIR>          .
    02/04/2015  04:43 AM    <DIR>          ..
    10/19/2013  05:28 PM    <DIR>          Adobe
    07/21/2012  04:16 AM    <DIR>          Affixa
    11/13/2013  04:34 AM         7,454,064 Affixa-Setup-Full.exe
    10/24/2014  04:27 AM    <DIR>          Apple Computer
    02/04/2015  04:43 AM    <DIR>          AVAST Software
    11/20/2012  04:19 AM    <DIR>          Blio
    07/25/2012  10:38 AM    <DIR>          chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    12/02/2012  06:06 AM    <DIR>          Cyberduck
    07/14/2013  01:11 PM    <DIR>          CyberLink
    05/14/2012  01:31 PM    <DIR>          DisplayTune
    10/20/2014  10:05 AM    <DIR>          DriverCure
    08/17/2013  06:12 AM    <DIR>          eCyber
    12/01/2012  12:37 PM    <DIR>          Google
    07/05/2013  11:39 PM    <DIR>          Hewlett-Packard
    07/10/2013  11:58 AM    <DIR>          HP Support Assistant
    01/02/2013  05:47 PM    <DIR>          hpqLog
    07/10/2013  11:58 AM    <DIR>          HpUpdate
    06/21/2012  03:03 PM    <DIR>          IBM
    05/14/2012  01:31 PM    <DIR>          Identities
    10/23/2014  03:31 PM    <DIR>          InstallShield
    04/21/2011  06:46 PM    <DIR>          Macromedia
    07/10/2014  05:04 AM    <DIR>          Malwarebytes
    09/20/2013  05:33 AM    <DIR>          Mapi2Xml
    05/08/2014  03:36 PM                90 mbam.context.scan
    11/20/2010  11:16 PM    <DIR>          Media Center Programs
    08/18/2013  05:43 AM    <DIR>          Mozilla
    08/16/2013  09:42 PM    <DIR>          Paltalk
    01/12/2013  05:44 AM    <DIR>          Roxio Log Files
    09/22/2014  11:36 AM    <DIR>          ShopAtHome
    08/11/2013  03:53 AM    <DIR>          Skype
    10/20/2014  10:05 AM    <DIR>          SpeedyPC Software
    07/18/2014  06:46 AM    <DIR>          SUPERAntiSpyware.com
    08/12/2013  04:19 AM    <DIR>          TeamViewer
    05/15/2012  04:41 PM    <DIR>          WinBatch
    07/29/2013  09:31 PM    <DIR>          Windows Live Writer
    07/19/2012  11:49 AM    <DIR>          Yahoo!
                   2 File(s)      7,454,154 bytes
                  36 Dir(s)  652,257,312,768 bytes free


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    I don't see the attachment.

     

    See if you can get the Windows Readiness tool to download and run:

     

    http://www.microsoft...s.aspx?id=20858


    • 0

    #7
    Beetrix

    Beetrix

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 128 posts

    Good morning,

    I am sorry for the delay. I didn't receive a notice that you replied.

    I am a little confused. I followed your instructions and the junk.txt is the one above.

    I tried to copy and paste the second information, but it said no File was found.

    I ran the Windows Readiness tool and it didn't update.

    :no:


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    There were actually two \junk.txt files.  The first one we copied and pasted then we made a second one which should be a lot bigger.

     

    Let's do a FRST scan and see if it see anything:

     

     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #9
    Beetrix

    Beetrix

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 128 posts

    I read your post again, because I had seen the one above and first posted that, so here are the ones I ran this morning.


     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
    Ran by Bee (administrator) on BEE on 10-02-2015 11:04:41
    Running from C:\Users\Bee\Desktop
    Loaded Profiles: Bee (Available profiles: Bee & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    () C:\Windows\SysWOW64\afasrv64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Notably Good Ltd) C:\Program Files (x86)\Affixa\AffixaTray.exe
    () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
    (Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
    Failed to access process -> SearchFilterHost.exe
    Failed to access process -> dllhost.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-20] (Hewlett-Packard )
    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-05-20] (PDF Complete Inc)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [AffixaPersonalSettings] => C:\Program Files (x86)\Affixa\AffixaHandler.exe [209272 2014-10-01] (Notably Good Ltd)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-04] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-03] (SUPERAntiSpyware)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [ShopAtHomeWatcher] => C:\Users\Bee\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [ShopAtHomeUpdater] => C:\Users\Bee\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [Affixa] => C:\Program Files (x86)\Affixa\AffixaTray.exe [643584 2014-10-01] (Notably Good Ltd)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\RunOnce: [Adobe Speed Launcher] => 1423570709
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
    ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
    ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\Users\RYAN.Bee-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
    ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.n...s=1418903708522
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...?q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM -> {47A5A5E7-3576-4944-B7E3-7BDB7A067DF9} URL = http://www.amazon.co...ds={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...?q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...?q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {25322A63-C2B7-4514-9952-B29DA72188D1} URL = http://isearch.shopa...&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.co...&iwk=277&lng=en
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} ->  No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
    Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Bee\AppData\Roaming\Mozilla\Firefox\Profiles\51i3ljtx.default
    FF DefaultSearchEngine: Bing
    FF SearchEngineOrder.3: Bing
    FF SelectedSearchEngine: Bing
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @ei.YourVideoChat_86.com/Plugin -> C:\Program Files (x86)\YourVideoChat_86EI\Installr\1.bin\NP86EISB.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3969357861-245451301-220097965-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Bee\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-3969357861-245451301-220097965-1000: @hulu.com/Hulu Desktop -> C:\Users\Bee\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
    FF Plugin HKU\S-1-5-21-3969357861-245451301-220097965-1000: tdameritrade.com/thinkorswim -> C:\Users\Bee\AppData\Local\thinkorswim\npthinkorswim.dll (TD Ameritrade)
    FF Plugin HKU\S-1-5-21-3969357861-245451301-220097965-1000: tdameritrade.com/tossc -> C:\Users\Bee\AppData\Local\thinkorswim\nptossc.dll (TD Ameritrade)
    FF SearchPlugin: C:\Users\Bee\AppData\Roaming\Mozilla\Firefox\Profiles\51i3ljtx.default\searchplugins\bingp.xml
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-04]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    Chrome:
    =======
    CHR Profile: C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18]
    CHR Extension: (Google Drive) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]
    CHR Extension: (YouTube) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
    CHR Extension: (Google Search) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
    CHR Extension: (Avast Online Security) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-04]
    CHR Extension: (Google Wallet) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
    CHR Extension: (Gmail) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-04]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-04]
    StartMenuInternet: Google Chrome.RYAN - c:\users\ryan.bee-hp.000\appdata\local\google\chrome\application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
    R2 AfaService; C:\Windows\SysWOW64\afasrv64.exe [73728 2013-03-11] () [File not signed]
    S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-04] (AVAST Software)
    R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-05] (Hewlett-Packard) [File not signed]
    R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129648 2011-03-09] (Portrait Displays, Inc.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1332360 2013-05-20] (PDF Complete Inc)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-04] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-04] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-04] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-04] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-04] ()
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-17] (Malwarebytes Corporation)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    S4 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-07] (Microsoft Corporation) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 MHIKEY10; System32\Drivers\MHIKEY10x64.sys [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-10 11:04 - 2015-02-10 11:05 - 00022890 _____ () C:\Users\Bee\Desktop\FRST.txt
    2015-02-10 04:24 - 2015-02-10 04:24 - 00000000 ____D () C:\421ba6c46fc05324959b00
    2015-02-09 11:18 - 2015-02-09 11:18 - 00000000 ____D () C:\Users\Bee\Desktop\FRST-OlderVersion
    2015-02-09 05:45 - 2015-02-09 05:45 - 00000062 _____ () C:\jink.txt
    2015-02-06 10:39 - 2015-02-06 10:39 - 00004062 _____ () C:\Users\Bee\Desktop\junk-1.txt
    2015-02-06 10:38 - 2015-02-09 05:47 - 00175098 _____ () C:\junk.txt
    2015-02-06 08:17 - 2015-02-06 08:17 - 00038662 _____ () C:\Users\Bee\Desktop\Addition-6215.txt
    2015-02-06 08:16 - 2015-02-10 11:04 - 00000000 ____D () C:\FRST
    2015-02-06 08:16 - 2015-02-06 08:17 - 00037515 _____ () C:\Users\Bee\Desktop\FRST-6215.txt
    2015-02-06 08:15 - 2015-02-09 11:18 - 02132992 _____ (Farbar) C:\Users\Bee\Desktop\FRST64.exe
    2015-02-06 08:10 - 2015-02-06 08:10 - 00020862 _____ () C:\Users\Bee\Desktop\VEW-application-2.txt
    2015-02-06 08:06 - 2015-02-06 08:06 - 00016763 _____ () C:\Users\Bee\Desktop\VEW-results in notepad.txt
    2015-02-06 08:05 - 2015-02-06 08:09 - 00020862 _____ () C:\VEW.txt
    2015-02-06 08:00 - 2015-02-06 08:00 - 00061440 _____ ( ) C:\Users\Bee\Desktop\VEW.exe
    2015-02-06 04:38 - 2015-02-06 04:38 - 00000000 ____D () C:\Windows\CheckSur
    2015-02-05 13:22 - 2015-02-05 13:27 - 00000003 _____ () C:\Users\Bee\Documents\WindowsUpdate-copy just in case-dete later 2-5-15.txt
    2015-02-05 10:12 - 2015-02-05 10:12 - 00000000 ____D () C:\85dd5265ef77622edaf18b0b3222
    2015-02-05 08:32 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-02-05 08:32 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-02-05 08:32 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-02-05 08:20 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2015-02-05 08:19 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2015-02-05 08:19 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2015-02-05 08:19 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2015-02-05 08:19 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2015-02-05 08:19 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2015-02-05 08:19 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2015-02-05 08:19 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-02-05 08:19 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2015-02-05 08:19 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2015-02-05 08:19 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2015-02-05 08:19 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2015-02-05 08:19 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2015-02-05 08:19 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2015-02-05 08:19 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2015-02-04 14:35 - 2015-02-04 14:35 - 00053188 _____ () C:\Users\Bee\Desktop\otl-1.txt
    2015-02-04 05:29 - 2015-02-04 05:29 - 00106378 _____ () C:\Users\Bee\Downloads\OTL.Txt
    2015-02-04 05:23 - 2015-02-04 05:23 - 00602112 _____ (OldTimer Tools) C:\Users\Bee\Downloads\OTL.exe
    2015-02-04 04:43 - 2015-02-08 06:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-02-04 04:43 - 2015-02-04 04:43 - 00001926 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-02-04 04:43 - 2015-02-04 04:43 - 00000000 ____D () C:\Users\Bee\AppData\Roaming\AVAST Software
    2015-02-04 04:43 - 2015-02-04 04:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-02-04 04:42 - 2015-02-04 04:43 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2015-02-04 04:42 - 2015-02-04 04:43 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-02-04 04:42 - 2015-02-04 04:42 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2015-02-04 04:42 - 2015-02-04 04:42 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-02-04 04:41 - 2015-02-04 04:41 - 00000000 ____D () C:\Program Files\AVAST Software
    2015-02-04 04:40 - 2015-02-04 04:40 - 05006864 _____ (AVAST Software) C:\Users\Bee\Downloads\avast_free_antivirus_setup_online.exe
    2015-01-27 04:33 - 2015-01-27 04:33 - 00000000 ____D () C:\64cabd91b2ff1ef5832766dcb2
    2015-01-17 08:26 - 2015-01-17 08:27 - 132469808 _____ (AVAST Software) C:\Users\Bee\Downloads\avast_free_antivirus_setup (1).exe
    2015-01-16 12:41 - 2015-01-16 12:41 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-01-16 12:41 - 2015-01-16 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-01-16 12:41 - 2015-01-16 12:41 - 00000000 ____D () C:\Program Files\CCleaner
    2015-01-16 12:40 - 2015-01-16 12:40 - 05317104 _____ (Piriform Ltd) C:\Users\Bee\Downloads\ccsetup501.exe
    2015-01-16 12:33 - 2015-01-16 12:33 - 05317104 _____ (Piriform Ltd) C:\Users\Bee\Desktop\ccsetup501.exe
    2015-01-14 04:42 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 04:42 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 04:42 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 04:42 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 04:42 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 04:42 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 04:42 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 04:42 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 04:42 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 04:42 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 04:42 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 04:42 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-10 10:53 - 2014-11-17 14:48 - 01052061 _____ () C:\Windows\WindowsUpdate.log
    2015-02-10 10:53 - 2013-09-13 05:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-10 07:35 - 2014-10-06 04:42 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-02-10 07:35 - 2012-06-06 16:25 - 00000000 ____D () C:\Users\Bee\AppData\Local\CrashDumps
    2015-02-10 04:25 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-10 04:25 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-10 04:19 - 2014-07-18 06:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-02-10 04:18 - 2011-04-21 18:47 - 00000000 ____D () C:\ProgramData\PDFC
    2015-02-10 04:18 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-09 05:54 - 2014-01-20 11:32 - 00000000 ____D () C:\Users\Bee\Documents\My Ancestry
    2015-02-07 11:30 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-07 05:08 - 2014-12-11 04:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-07 05:03 - 2014-12-11 04:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-07 05:03 - 2014-12-11 04:11 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-07 05:03 - 2014-12-11 04:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-06 08:02 - 2012-05-14 13:26 - 00000000 ____D () C:\Users\Bee\AppData\Local\VirtualStore
    2015-02-06 06:08 - 2013-08-18 05:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-05 17:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-05 08:22 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-02-05 07:54 - 2011-02-11 09:15 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-02-05 05:48 - 2013-09-13 05:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-05 05:48 - 2012-05-15 09:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-05 05:48 - 2012-05-15 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-05 04:04 - 2014-01-25 17:39 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-02-05 04:04 - 2012-09-16 10:31 - 00000000 ____D () C:\Program Files\Bonjour
    2015-02-05 04:04 - 2012-09-16 10:31 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2015-02-04 04:47 - 2012-08-25 03:47 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-02-04 04:46 - 2014-06-21 17:25 - 00000000 ____D () C:\Program Files (x86)\Coupons
    2015-02-04 04:41 - 2012-11-24 06:38 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-02-03 19:03 - 2014-10-26 10:28 - 00000000 ____D () C:\Windows\Minidump
    2015-02-03 17:23 - 2012-07-12 15:37 - 00000000 ____D () C:\Users\Guest
    2015-02-03 17:23 - 2012-07-09 18:44 - 00000000 ____D () C:\Users\RYAN.Bee-HP
    2015-02-03 17:23 - 2012-05-14 13:25 - 00000000 ____D () C:\Users\Bee
    2015-02-03 17:23 - 2011-04-21 18:37 - 00000000 ____D () C:\ProgramData\RoxioNow
    2015-02-03 17:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
    2015-02-03 05:47 - 2012-12-14 06:29 - 00021294 _____ () C:\Users\Bee\Documents\Faces 11.bak
    2015-02-03 05:47 - 2012-09-24 11:05 - 00021272 _____ () C:\Users\Bee\Documents\Faces 11.htm
    2015-02-03 04:25 - 2012-08-18 05:29 - 00022971 _____ () C:\Users\Bee\Documents\Bands A to Z.htm
    2015-02-03 04:25 - 2012-08-18 05:29 - 00022971 _____ () C:\Users\Bee\Documents\Bands A to Z.bak
    2015-02-03 04:16 - 2012-07-07 08:46 - 00020695 _____ () C:\Users\Bee\Documents\index.bak
    2015-02-03 04:16 - 2012-07-07 08:06 - 00020696 _____ () C:\Users\Bee\Documents\index.htm
    2015-01-22 18:40 - 2013-08-17 21:19 - 00003898 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{80A33008-1315-4857-840A-D50DD1C8A9ED}
    2015-01-17 13:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-17 09:14 - 2014-08-20 10:45 - 00000000 ____D () C:\Users\Bee\AppData\Local\Adobe
    2015-01-17 09:14 - 2013-01-12 05:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2015-01-17 08:14 - 2014-07-18 05:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-16 14:35 - 2012-09-24 10:15 - 00035756 _____ () C:\Users\Bee\Documents\Faces 9.htm
    2015-01-16 14:35 - 2012-09-24 10:15 - 00035756 _____ () C:\Users\Bee\Documents\Faces 9.bak
    2015-01-16 14:30 - 2012-09-21 12:11 - 00080323 _____ () C:\Users\Bee\Documents\Faces 2.bak
    2015-01-16 14:30 - 2012-09-21 12:09 - 00080323 _____ () C:\Users\Bee\Documents\Faces 2.htm
    2015-01-16 14:28 - 2012-10-05 11:49 - 00015783 _____ () C:\Users\Bee\Documents\Across the Universe.bak
    2015-01-16 14:28 - 2012-10-05 11:47 - 00015783 _____ () C:\Users\Bee\Documents\Across the Universe.htm
    2015-01-16 14:21 - 2012-08-17 11:39 - 00100984 _____ () C:\Users\Bee\Documents\News 2.bak
    2015-01-16 14:21 - 2012-08-17 11:36 - 00101159 _____ () C:\Users\Bee\Documents\News 2.htm
    2015-01-16 14:18 - 2012-10-09 06:25 - 00013925 _____ () C:\Users\Bee\Documents\Fallen Stars RIP.bak
    2015-01-16 14:18 - 2012-10-09 06:21 - 00014008 _____ () C:\Users\Bee\Documents\Fallen Stars RIP.htm
    2015-01-15 12:58 - 2014-06-08 15:56 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForBee.job
    2015-01-14 14:49 - 2013-08-12 17:22 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-14 14:45 - 2012-08-06 09:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-14 14:08 - 2014-01-29 06:51 - 00000000 ____D () C:\Users\Bee\Documents\Home and Medical 2014

    ==================== Files in the root of some directories =======

    2014-04-11 03:53 - 2014-04-11 04:06 - 38533120 _____ () C:\Program Files (x86)\GUTB66.tmp
    2012-10-12 10:38 - 2012-11-24 06:00 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    2013-11-13 04:34 - 2013-11-13 04:34 - 7454064 _____ (Notably Good Ltd) C:\Users\Bee\AppData\Roaming\Affixa-Setup-Full.exe
    2014-05-08 15:36 - 2014-05-08 15:36 - 0000090 _____ () C:\Users\Bee\AppData\Roaming\mbam.context.scan
    2014-04-08 06:08 - 2014-04-08 06:08 - 0003584 _____ () C:\Users\Bee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2013-07-03 05:51

    ==================== End Of Log ============================

     

    Addition
     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
    Ran by Bee (administrator) on BEE on 10-02-2015 11:04:41
    Running from C:\Users\Bee\Desktop
    Loaded Profiles: Bee (Available profiles: Bee & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    () C:\Windows\SysWOW64\afasrv64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Notably Good Ltd) C:\Program Files (x86)\Affixa\AffixaTray.exe
    () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
    (Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
    Failed to access process -> SearchFilterHost.exe
    Failed to access process -> dllhost.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-20] (Hewlett-Packard )
    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-05-20] (PDF Complete Inc)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [AffixaPersonalSettings] => C:\Program Files (x86)\Affixa\AffixaHandler.exe [209272 2014-10-01] (Notably Good Ltd)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-04] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-03] (SUPERAntiSpyware)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [ShopAtHomeWatcher] => C:\Users\Bee\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [ShopAtHomeUpdater] => C:\Users\Bee\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [Affixa] => C:\Program Files (x86)\Affixa\AffixaTray.exe [643584 2014-10-01] (Notably Good Ltd)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\RunOnce: [Adobe Speed Launcher] => 1423570709
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
    ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
    ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\Users\RYAN.Bee-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
    ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.n...s=1418903708522
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...?q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM -> {47A5A5E7-3576-4944-B7E3-7BDB7A067DF9} URL = http://www.amazon.co...ds={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...?q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...?q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {25322A63-C2B7-4514-9952-B29DA72188D1} URL = http://isearch.shopa...&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.co...&iwk=277&lng=en
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} ->  No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
    Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Bee\AppData\Roaming\Mozilla\Firefox\Profiles\51i3ljtx.default
    FF DefaultSearchEngine: Bing
    FF SearchEngineOrder.3: Bing
    FF SelectedSearchEngine: Bing
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @ei.YourVideoChat_86.com/Plugin -> C:\Program Files (x86)\YourVideoChat_86EI\Installr\1.bin\NP86EISB.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3969357861-245451301-220097965-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Bee\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-3969357861-245451301-220097965-1000: @hulu.com/Hulu Desktop -> C:\Users\Bee\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
    FF Plugin HKU\S-1-5-21-3969357861-245451301-220097965-1000: tdameritrade.com/thinkorswim -> C:\Users\Bee\AppData\Local\thinkorswim\npthinkorswim.dll (TD Ameritrade)
    FF Plugin HKU\S-1-5-21-3969357861-245451301-220097965-1000: tdameritrade.com/tossc -> C:\Users\Bee\AppData\Local\thinkorswim\nptossc.dll (TD Ameritrade)
    FF SearchPlugin: C:\Users\Bee\AppData\Roaming\Mozilla\Firefox\Profiles\51i3ljtx.default\searchplugins\bingp.xml
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-04]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    Chrome:
    =======
    CHR Profile: C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18]
    CHR Extension: (Google Drive) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]
    CHR Extension: (YouTube) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
    CHR Extension: (Google Search) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
    CHR Extension: (Avast Online Security) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-04]
    CHR Extension: (Google Wallet) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
    CHR Extension: (Gmail) - C:\Users\Bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-04]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-04]
    StartMenuInternet: Google Chrome.RYAN - c:\users\ryan.bee-hp.000\appdata\local\google\chrome\application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
    R2 AfaService; C:\Windows\SysWOW64\afasrv64.exe [73728 2013-03-11] () [File not signed]
    S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-04] (AVAST Software)
    R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-05] (Hewlett-Packard) [File not signed]
    R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129648 2011-03-09] (Portrait Displays, Inc.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1332360 2013-05-20] (PDF Complete Inc)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-04] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-04] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-04] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-04] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-04] ()
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-17] (Malwarebytes Corporation)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    S4 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-07] (Microsoft Corporation) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 MHIKEY10; System32\Drivers\MHIKEY10x64.sys [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-10 11:04 - 2015-02-10 11:05 - 00022890 _____ () C:\Users\Bee\Desktop\FRST.txt
    2015-02-10 04:24 - 2015-02-10 04:24 - 00000000 ____D () C:\421ba6c46fc05324959b00
    2015-02-09 11:18 - 2015-02-09 11:18 - 00000000 ____D () C:\Users\Bee\Desktop\FRST-OlderVersion
    2015-02-09 05:45 - 2015-02-09 05:45 - 00000062 _____ () C:\jink.txt
    2015-02-06 10:39 - 2015-02-06 10:39 - 00004062 _____ () C:\Users\Bee\Desktop\junk-1.txt
    2015-02-06 10:38 - 2015-02-09 05:47 - 00175098 _____ () C:\junk.txt
    2015-02-06 08:17 - 2015-02-06 08:17 - 00038662 _____ () C:\Users\Bee\Desktop\Addition-6215.txt
    2015-02-06 08:16 - 2015-02-10 11:04 - 00000000 ____D () C:\FRST
    2015-02-06 08:16 - 2015-02-06 08:17 - 00037515 _____ () C:\Users\Bee\Desktop\FRST-6215.txt
    2015-02-06 08:15 - 2015-02-09 11:18 - 02132992 _____ (Farbar) C:\Users\Bee\Desktop\FRST64.exe
    2015-02-06 08:10 - 2015-02-06 08:10 - 00020862 _____ () C:\Users\Bee\Desktop\VEW-application-2.txt
    2015-02-06 08:06 - 2015-02-06 08:06 - 00016763 _____ () C:\Users\Bee\Desktop\VEW-results in notepad.txt
    2015-02-06 08:05 - 2015-02-06 08:09 - 00020862 _____ () C:\VEW.txt
    2015-02-06 08:00 - 2015-02-06 08:00 - 00061440 _____ ( ) C:\Users\Bee\Desktop\VEW.exe
    2015-02-06 04:38 - 2015-02-06 04:38 - 00000000 ____D () C:\Windows\CheckSur
    2015-02-05 13:22 - 2015-02-05 13:27 - 00000003 _____ () C:\Users\Bee\Documents\WindowsUpdate-copy just in case-dete later 2-5-15.txt
    2015-02-05 10:12 - 2015-02-05 10:12 - 00000000 ____D () C:\85dd5265ef77622edaf18b0b3222
    2015-02-05 08:32 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-02-05 08:32 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-02-05 08:32 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-02-05 08:20 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2015-02-05 08:19 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2015-02-05 08:19 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2015-02-05 08:19 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2015-02-05 08:19 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2015-02-05 08:19 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2015-02-05 08:19 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2015-02-05 08:19 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-02-05 08:19 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2015-02-05 08:19 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2015-02-05 08:19 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2015-02-05 08:19 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2015-02-05 08:19 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2015-02-05 08:19 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2015-02-05 08:19 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2015-02-04 14:35 - 2015-02-04 14:35 - 00053188 _____ () C:\Users\Bee\Desktop\otl-1.txt
    2015-02-04 05:29 - 2015-02-04 05:29 - 00106378 _____ () C:\Users\Bee\Downloads\OTL.Txt
    2015-02-04 05:23 - 2015-02-04 05:23 - 00602112 _____ (OldTimer Tools) C:\Users\Bee\Downloads\OTL.exe
    2015-02-04 04:43 - 2015-02-08 06:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-02-04 04:43 - 2015-02-04 04:43 - 00001926 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-02-04 04:43 - 2015-02-04 04:43 - 00000000 ____D () C:\Users\Bee\AppData\Roaming\AVAST Software
    2015-02-04 04:43 - 2015-02-04 04:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-02-04 04:42 - 2015-02-04 04:43 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2015-02-04 04:42 - 2015-02-04 04:43 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-02-04 04:42 - 2015-02-04 04:42 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-02-04 04:42 - 2015-02-04 04:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2015-02-04 04:42 - 2015-02-04 04:42 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-02-04 04:41 - 2015-02-04 04:41 - 00000000 ____D () C:\Program Files\AVAST Software
    2015-02-04 04:40 - 2015-02-04 04:40 - 05006864 _____ (AVAST Software) C:\Users\Bee\Downloads\avast_free_antivirus_setup_online.exe
    2015-01-27 04:33 - 2015-01-27 04:33 - 00000000 ____D () C:\64cabd91b2ff1ef5832766dcb2
    2015-01-17 08:26 - 2015-01-17 08:27 - 132469808 _____ (AVAST Software) C:\Users\Bee\Downloads\avast_free_antivirus_setup (1).exe
    2015-01-16 12:41 - 2015-01-16 12:41 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-01-16 12:41 - 2015-01-16 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-01-16 12:41 - 2015-01-16 12:41 - 00000000 ____D () C:\Program Files\CCleaner
    2015-01-16 12:40 - 2015-01-16 12:40 - 05317104 _____ (Piriform Ltd) C:\Users\Bee\Downloads\ccsetup501.exe
    2015-01-16 12:33 - 2015-01-16 12:33 - 05317104 _____ (Piriform Ltd) C:\Users\Bee\Desktop\ccsetup501.exe
    2015-01-14 04:42 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 04:42 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 04:42 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 04:42 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 04:42 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 04:42 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 04:42 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 04:42 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 04:42 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 04:42 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 04:42 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 04:42 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-10 10:53 - 2014-11-17 14:48 - 01052061 _____ () C:\Windows\WindowsUpdate.log
    2015-02-10 10:53 - 2013-09-13 05:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-10 07:35 - 2014-10-06 04:42 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-02-10 07:35 - 2012-06-06 16:25 - 00000000 ____D () C:\Users\Bee\AppData\Local\CrashDumps
    2015-02-10 04:25 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-10 04:25 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-10 04:19 - 2014-07-18 06:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-02-10 04:18 - 2011-04-21 18:47 - 00000000 ____D () C:\ProgramData\PDFC
    2015-02-10 04:18 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-09 05:54 - 2014-01-20 11:32 - 00000000 ____D () C:\Users\Bee\Documents\My Ancestry
    2015-02-07 11:30 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-07 05:08 - 2014-12-11 04:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-07 05:03 - 2014-12-11 04:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-07 05:03 - 2014-12-11 04:11 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-07 05:03 - 2014-12-11 04:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-06 08:02 - 2012-05-14 13:26 - 00000000 ____D () C:\Users\Bee\AppData\Local\VirtualStore
    2015-02-06 06:08 - 2013-08-18 05:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-05 17:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-05 08:22 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-02-05 07:54 - 2011-02-11 09:15 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-02-05 05:48 - 2013-09-13 05:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-05 05:48 - 2012-05-15 09:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-05 05:48 - 2012-05-15 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-05 04:04 - 2014-01-25 17:39 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-02-05 04:04 - 2012-09-16 10:31 - 00000000 ____D () C:\Program Files\Bonjour
    2015-02-05 04:04 - 2012-09-16 10:31 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2015-02-04 04:47 - 2012-08-25 03:47 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-02-04 04:46 - 2014-06-21 17:25 - 00000000 ____D () C:\Program Files (x86)\Coupons
    2015-02-04 04:41 - 2012-11-24 06:38 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-02-03 19:03 - 2014-10-26 10:28 - 00000000 ____D () C:\Windows\Minidump
    2015-02-03 17:23 - 2012-07-12 15:37 - 00000000 ____D () C:\Users\Guest
    2015-02-03 17:23 - 2012-07-09 18:44 - 00000000 ____D () C:\Users\RYAN.Bee-HP
    2015-02-03 17:23 - 2012-05-14 13:25 - 00000000 ____D () C:\Users\Bee
    2015-02-03 17:23 - 2011-04-21 18:37 - 00000000 ____D () C:\ProgramData\RoxioNow
    2015-02-03 17:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
    2015-02-03 05:47 - 2012-12-14 06:29 - 00021294 _____ () C:\Users\Bee\Documents\Faces 11.bak
    2015-02-03 05:47 - 2012-09-24 11:05 - 00021272 _____ () C:\Users\Bee\Documents\Faces 11.htm
    2015-02-03 04:25 - 2012-08-18 05:29 - 00022971 _____ () C:\Users\Bee\Documents\Bands A to Z.htm
    2015-02-03 04:25 - 2012-08-18 05:29 - 00022971 _____ () C:\Users\Bee\Documents\Bands A to Z.bak
    2015-02-03 04:16 - 2012-07-07 08:46 - 00020695 _____ () C:\Users\Bee\Documents\index.bak
    2015-02-03 04:16 - 2012-07-07 08:06 - 00020696 _____ () C:\Users\Bee\Documents\index.htm
    2015-01-22 18:40 - 2013-08-17 21:19 - 00003898 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{80A33008-1315-4857-840A-D50DD1C8A9ED}
    2015-01-17 13:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-17 09:14 - 2014-08-20 10:45 - 00000000 ____D () C:\Users\Bee\AppData\Local\Adobe
    2015-01-17 09:14 - 2013-01-12 05:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2015-01-17 08:14 - 2014-07-18 05:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-16 14:35 - 2012-09-24 10:15 - 00035756 _____ () C:\Users\Bee\Documents\Faces 9.htm
    2015-01-16 14:35 - 2012-09-24 10:15 - 00035756 _____ () C:\Users\Bee\Documents\Faces 9.bak
    2015-01-16 14:30 - 2012-09-21 12:11 - 00080323 _____ () C:\Users\Bee\Documents\Faces 2.bak
    2015-01-16 14:30 - 2012-09-21 12:09 - 00080323 _____ () C:\Users\Bee\Documents\Faces 2.htm
    2015-01-16 14:28 - 2012-10-05 11:49 - 00015783 _____ () C:\Users\Bee\Documents\Across the Universe.bak
    2015-01-16 14:28 - 2012-10-05 11:47 - 00015783 _____ () C:\Users\Bee\Documents\Across the Universe.htm
    2015-01-16 14:21 - 2012-08-17 11:39 - 00100984 _____ () C:\Users\Bee\Documents\News 2.bak
    2015-01-16 14:21 - 2012-08-17 11:36 - 00101159 _____ () C:\Users\Bee\Documents\News 2.htm
    2015-01-16 14:18 - 2012-10-09 06:25 - 00013925 _____ () C:\Users\Bee\Documents\Fallen Stars RIP.bak
    2015-01-16 14:18 - 2012-10-09 06:21 - 00014008 _____ () C:\Users\Bee\Documents\Fallen Stars RIP.htm
    2015-01-15 12:58 - 2014-06-08 15:56 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForBee.job
    2015-01-14 14:49 - 2013-08-12 17:22 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-14 14:45 - 2012-08-06 09:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-14 14:08 - 2014-01-29 06:51 - 00000000 ____D () C:\Users\Bee\Documents\Home and Medical 2014

    ==================== Files in the root of some directories =======

    2014-04-11 03:53 - 2014-04-11 04:06 - 38533120 _____ () C:\Program Files (x86)\GUTB66.tmp
    2012-10-12 10:38 - 2012-11-24 06:00 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    2013-11-13 04:34 - 2013-11-13 04:34 - 7454064 _____ (Notably Good Ltd) C:\Users\Bee\AppData\Roaming\Affixa-Setup-Full.exe
    2014-05-08 15:36 - 2014-05-08 15:36 - 0000090 _____ () C:\Users\Bee\AppData\Roaming\mbam.context.scan
    2014-04-08 06:08 - 2014-04-08 06:08 - 0003584 _____ () C:\Users\Bee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2013-07-03 05:51

    ==================== End Of Log ============================

     

    Thank again! Beetrix

     


    Edited by Beetrix, 10 February 2015 - 01:13 PM.

    • 0

    #10
    Beetrix

    Beetrix

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 128 posts

    I am sorry, I just misunderstood the last instruction. Thought I was running the same thing again.

    As far as the the junk/txt/file. goes, I had run that before and it said there was no file.

    Sometimes it can be confusing. If you decide you don't want to help me, please just let me know.

    Thanks, Beetrix


    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    Don't worry.  If I don't explain something well enough just ask.  I won't cut you off.

     

    Step 1:

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.
     
    Step 2:
     
    Download the attached sched.zip file.  Save it and Right click on it and Extract All.  Note where the files are.
     
    Now in the Search box type:
     
    task scheduler
     
    It will find: task scheduler.exe.  Right click on it and Run As Admin.  Task Scheduler should open.  Click on 
     
     
    Task Scheduler Library
     
    then on Microsoft
     
    then on Windows.
     
    Right click and Import then point it at one of the files you just unzipped (System.xml).  Open.  Repeat for the second file (User.xml).
    Report any errors.
     
    Close Task Scheduler.
     
     
    Step 3:
     
    (Start) Right click on Computer and select Manage then Device Manager.  In the right pane click on the arrow in front of System devices and it should open up to show you the sub-devices.  Look for Programmable Interrupt Controller.  Right click on it and Enable.  
     
    Reboot and go back into Device Manager, System Devices.  Are there any flags (yellow or red marks) by Programmable Interrupt Controller?  
     
     
     
    Step 4:
    Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
     
     
     
     
     
     
     

    • 0

    #12
    Beetrix

    Beetrix

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 128 posts
    Ok, here is my fixlog.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2015
    Ran by Bee at 2015-02-13 06:55:27 Run:1
    Running from C:\Users\Bee\Desktop
    Loaded Profiles: Bee (Available profiles: Bee & Guest)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [ShopAtHomeWatcher] => C:\Users\Bee\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Run: [ShopAtHomeUpdater] => C:\Users\Bee\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\RunOnce: [Adobe Speed Launcher] => 1423570709
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
    ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\Users\RYAN.Bee-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
    ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {25322A63-C2B7-4514-9952-B29DA72188D1} URL = http://isearch.shopa...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3969357861-245451301-220097965-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> No File
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
    S3 MHIKEY10; System32\Drivers\MHIKEY10x64.sys [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
    Task: {171AC34F-1A2D-4AD7-AD58-53563D73149E} - \AmiUpdXp No Task File <==== ATTENTION
    Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION
    Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION
    Task: {7B5B5BB3-31C9-4CFA-8DCB-755022B38707} - System32\Tasks\SpeedyPC Update Version3_triggeronce => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
    Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled No Task File <==== ATTENTION
    Task: {ECA7ECD5-A4FA-4161-B897-756B1598AD13} - System32\Tasks\SpeedyPC Update Version3 => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
    Task: {F9555551-6A72-472B-B1BD-0E5236ED9FB1} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"


    *****************

    HKU\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher => value deleted successfully.
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeUpdater => value deleted successfully.
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully.
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value deleted successfully.
    HKU\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value deleted successfully.
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk => Moved successfully.
    C:\Program Files (x86)\Common Files\wruninstall.exe => Moved successfully.
    C:\Users\RYAN.Bee-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk => Moved successfully.
    C:\Program Files (x86)\Common Files\wruninstall.exe not found.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-3969357861-245451301-220097965-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKU\S-1-5-21-3969357861-245451301-220097965-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{25322A63-C2B7-4514-9952-B29DA72188D1}" => Key deleted successfully.
    HKCR\CLSID\{25322A63-C2B7-4514-9952-B29DA72188D1} => Key not found.
    "HKU\S-1-5-21-3969357861-245451301-220097965-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
    HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} => Key not found.
    "HKCR\PROTOCOLS\Handler\inbox" => Key deleted successfully.
    "HKCR\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}" => Key deleted successfully.
    MHIKEY10 => Service deleted successfully.
    usbbus => Service deleted successfully.
    UsbDiag => Service deleted successfully.
    USBModem => Service deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{171AC34F-1A2D-4AD7-AD58-53563D73149E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{171AC34F-1A2D-4AD7-AD58-53563D73149E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5F5A18EB-DC73-4E45-A11C-B59043598412}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5A18EB-DC73-4E45-A11C-B59043598412}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\SystemTask => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B5B5BB3-31C9-4CFA-8DCB-755022B38707}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B5B5BB3-31C9-4CFA-8DCB-755022B38707}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SpeedyPC Update Version3_triggeronce => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Update Version3_triggeronce" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE669C13-8165-4536-96D0-6D6C39292AAE}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE669C13-8165-4536-96D0-6D6C39292AAE}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Diagnosis\Scheduled" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECA7ECD5-A4FA-4161-B897-756B1598AD13}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECA7ECD5-A4FA-4161-B897-756B1598AD13}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SpeedyPC Update Version3 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Update Version3" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9555551-6A72-472B-B1BD-0E5236ED9FB1}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9555551-6A72-472B-B1BD-0E5236ED9FB1}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SpeedyPC Registration3 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Registration3" => Key deleted successfully.
    C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRkrn" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRSVC" => Key deleted successfully.

    ==== End of Fixlog 06:55:28 ====


    On step 2 there is no attached sched.zip file
    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    sorry.


    • 0

    #14
    Beetrix

    Beetrix

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 128 posts
    I'm lost! When I got to Windows, then I Imported?

    (Right clicked and Imported then point it at one of the files you just unzipped (System.xml). Open. Repeat for the second file (User.xml).)

    Report any errors
    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    Once you get here:

     

    [attachment=75496:task.jpg]

     

    Then right click on Windows  and Import Task.  It should open a window to let you choose the task.  Choose System.xml from the folder where you extracted the files to.


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: Windows updates, Adobe Air, Microsoft Office problems

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP