Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Not sure whats wrong or where to start [Solved]


  • This topic is locked This topic is locked

#31
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/28/2015
Scan Time: 7:50:14 PM
Logfile: mal.txt
Administrator: No
 
Version: 2.00.4.1028
Malware Database: v2015.03.01.01
Rootkit Database: v2015.02.25.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: jeff
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328817
Time Elapsed: 47 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

Advertisements


#32
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

do i need to disable firewall (AVG)


  • 0

#33
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

It shouldn't be any problem to leave it on.


  • 0

#34
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
it didn't scan archives I;ll rescan
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1c0c321540dd6e46b04051f09b8e2c4f
# engine=22695
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-01 05:53:43
# local_time=2015-02-28 09:53:43 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='AVG Internet Security 2015'
# compatibility_mode=1053 16777213 100 100 0 111369207 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 947292 49984116 0 0
# scanned=188554
# found=0
# cleaned=0
# scan_time=3202

  • 0

#35
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1c0c321540dd6e46b04051f09b8e2c4f
# engine=22695
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-01 05:53:43
# local_time=2015-02-28 09:53:43 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='AVG Internet Security 2015'
# compatibility_mode=1053 16777213 100 100 0 111369207 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 947292 49984116 0 0
# scanned=188554
# found=0
# cleaned=0
# scan_time=3202

  • 0

#36
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, jeffwj12.

Everything looks good so far. Two more scans to do.

Step #1
FRST Scan
  • Right click FRST64.exe on your Desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Step #2
Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content
  • Checkup.txt log content

  • 0

#37
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
(there's a post above this one, please read it)

Also, please tell me what problems you currently have with your computer.
  • 0

#38
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by jeff (administrator) on JWJ-ROBOT on 02-03-2015 23:22:00
Running from C:\Users\jeff\Desktop
Loaded Profiles: jeff (Available profiles: jeff)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoUpdateCheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3792397004-3726139591-2730438546-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3792397004-3726139591-2730438546-1002\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3792397004-3726139591-2730438546-1002\...\Run: [GoogleChromeAutoLaunch_7006BB24EAB940430C8CD96F5EFEA593] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-3792397004-3726139591-2730438546-1002\...\MountPoints2: {6dd8977d-b206-11e4-826c-a01d48fe15cc} - "F:\AutoRun.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3792397004-3726139591-2730438546-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3792397004-3726139591-2730438546-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/", "https://www.gmail.com/", "hxxp://thepiratebay.com/"
CHR DefaultSuggestURL: Default -> https://toolbar.avg....earchTerms}&o=1
CHR Profile: C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-15]
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2015-01-18]
CHR Extension: (Google Drive) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-15]
CHR Extension: (WOT) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-15]
CHR Extension: (YouTube) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-15]
CHR Extension: (Adblock Plus) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-15]
CHR Extension: (Google Search) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-15]
CHR Extension: (Chrome Connectivity Diagnostics) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemlkeanncmjljgehlbplemhmdmalhdc [2015-01-15]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-01-18]
CHR Extension: (Disconnect) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-01-15]
CHR Extension: (Google Wallet) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-15]
CHR Extension: (Memo Notepad) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmoihkoninaoanjobiiknmgenhpaecec [2015-01-15]
CHR Extension: (Gmail) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-15]
CHR Profile: C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-28]
CHR Extension: (Google Docs) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-28]
CHR Extension: (Google Drive) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-28]
CHR Extension: (YouTube) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-28]
CHR Extension: (Google Search) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-28]
CHR Extension: (Google Sheets) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-28]
CHR Extension: (Google Wallet) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-28]
CHR Extension: (Gmail) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-04] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-04] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604344 2015-01-30] (AVG Technologies)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2015-01-17] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [18456 2012-01-10] (HandSet Incorporated)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-08-19] (Realtek Semiconductor Corp.)
R3 RTL8168; C:\Windows\system32\DRIVERS\rtlh64.sys [681688 2015-01-21] (Inventec                                            )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-11] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-11] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-02 23:22 - 2015-03-02 23:24 - 00019091 _____ () C:\Users\jeff\Desktop\FRST.txt
2015-03-02 23:22 - 2015-03-02 23:22 - 00852604 _____ () C:\Users\jeff\Desktop\SecurityCheck.exe
2015-03-02 23:20 - 2015-03-02 23:20 - 02092544 _____ (Farbar) C:\Users\jeff\Desktop\FRST64.exe
2015-03-01 01:58 - 2015-03-01 02:02 - 1073741824 _____ () C:\Users\jeff\Documents\Data Safe.avgfv
2015-02-28 20:51 - 2015-02-28 20:51 - 02347384 _____ (ESET) C:\Users\jeff\Desktop\esetsmartinstaller_enu.exe
2015-02-28 20:51 - 2015-02-28 20:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-28 20:43 - 2015-02-28 20:43 - 00001039 _____ () C:\Users\jeff\Desktop\mal.txt
2015-02-26 17:04 - 2015-02-26 17:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-26 16:52 - 2015-02-26 17:02 - 00000000 ____D () C:\AdwCleaner
2015-02-26 16:02 - 2015-02-26 16:02 - 02126848 _____ () C:\Users\jeff\Desktop\AdwCleaner.exe
2015-02-26 15:58 - 2015-02-26 15:58 - 00000938 _____ () C:\Users\jeff\Desktop\JRT.txt
2015-02-26 15:44 - 2015-02-26 15:44 - 01388274 _____ (Thisisu) C:\Users\jeff\Desktop\JRT.exe
2015-02-26 09:12 - 2015-02-26 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-02-26 09:12 - 2015-02-26 09:12 - 00000000 ____D () C:\Program Files (x86)\MCShield
2015-02-26 09:05 - 2015-02-26 17:07 - 00000000 ____D () C:\ProgramData\MCShield
2015-02-26 01:22 - 2014-12-13 13:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 01:22 - 2014-12-13 13:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-20 20:28 - 2015-02-20 23:25 - 00000000 __SHD () C:\Users\jeff\AppData\Local\EmieUserList
2015-02-20 20:28 - 2015-02-20 23:25 - 00000000 __SHD () C:\Users\jeff\AppData\Local\EmieSiteList
2015-02-17 00:06 - 2015-02-17 00:06 - 04775752 _____ (Google) C:\Users\jeff\Downloads\software_removal_tool.exe
2015-02-16 00:55 - 2015-02-26 17:04 - 00002186 _____ () C:\Windows\setupact.log
2015-02-14 07:26 - 2015-02-14 07:27 - 00030862 _____ () C:\Users\jeff\Downloads\Addition.txt
2015-02-14 07:15 - 2015-03-02 23:22 - 00000000 ____D () C:\FRST
2015-02-13 07:49 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 07:49 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 21:18 - 2015-01-15 14:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 21:18 - 2015-01-15 14:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 21:18 - 2015-01-13 20:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-10 21:18 - 2015-01-13 19:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-10 21:18 - 2015-01-13 14:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 21:18 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 21:18 - 2015-01-10 01:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 21:18 - 2015-01-10 01:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 21:18 - 2015-01-10 00:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-10 21:18 - 2015-01-09 23:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 21:18 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 21:18 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 21:18 - 2014-12-08 17:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 21:17 - 2015-02-03 15:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 21:17 - 2015-02-03 15:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 21:17 - 2015-02-03 15:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 21:17 - 2015-02-02 15:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 21:17 - 2015-02-02 15:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 21:17 - 2015-02-02 15:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 21:17 - 2015-01-19 10:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 21:17 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 21:17 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 21:17 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 21:17 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 21:17 - 2015-01-11 18:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 21:17 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 21:17 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 21:17 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 21:17 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 21:17 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 21:17 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 21:17 - 2015-01-11 17:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 21:17 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-10 21:17 - 2015-01-11 17:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 21:17 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 21:17 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 21:17 - 2015-01-11 17:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 21:17 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 21:17 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 21:17 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 21:17 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-10 21:17 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-10 21:17 - 2015-01-11 17:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-10 21:17 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 21:17 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-10 21:17 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 21:17 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 21:17 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 21:17 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 21:17 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 21:17 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 21:17 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 21:17 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 21:17 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 21:17 - 2015-01-10 00:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 21:17 - 2014-12-19 00:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 21:17 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 21:17 - 2014-12-08 15:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-08 21:42 - 2015-02-08 21:42 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-02-07 00:36 - 2015-01-30 17:23 - 00041784 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
2015-02-07 00:36 - 2015-01-30 17:22 - 00030520 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll
2015-02-07 00:36 - 2015-01-30 17:22 - 00025912 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll
2015-02-07 00:35 - 2015-02-07 00:35 - 00002198 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2015-02-07 00:34 - 2015-02-07 00:34 - 00000000 ____D () C:\Users\jeff\AppData\Roaming\AVG
2015-02-07 00:32 - 2015-02-07 00:32 - 00000000 ____D () C:\Users\jeff\AppData\Local\Avg
2015-02-07 00:30 - 2015-02-07 00:36 - 00000000 ____D () C:\ProgramData\AVG
2015-02-07 00:28 - 2015-02-07 00:30 - 113392440 _____ (AVG Technologies) C:\Users\jeff\Downloads\avg_tuh_stf_all_2015_373_24c4.exe
2015-02-06 20:16 - 2015-02-06 20:16 - 00085450 _____ () C:\Users\jeff\Downloads\manualRequestForm.action
2015-02-05 22:59 - 2015-02-14 06:56 - 00000000 ____D () C:\Windows\Minidump
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-02 23:23 - 2015-01-16 17:59 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-02 23:23 - 2015-01-15 19:12 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-02 23:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-02 22:44 - 2015-01-15 18:36 - 01946426 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 22:35 - 2015-01-15 18:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3792397004-3726139591-2730438546-1002
2015-03-02 22:30 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-02 22:23 - 2015-01-15 18:47 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2DE0847F-986B-45BF-A2E7-DE2B7AD5E9E8}
2015-03-02 22:20 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-01 23:37 - 2015-01-17 23:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 07:02 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-26 17:07 - 2015-01-15 19:12 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 17:07 - 2015-01-15 18:46 - 00000000 ___DO () C:\Users\jeff\SkyDrive
2015-02-26 17:04 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 17:03 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-26 15:36 - 2015-01-15 18:40 - 00000000 ___RD () C:\Users\jeff\Documents\Youcam
2015-02-26 15:31 - 2015-01-15 18:38 - 00000000 ____D () C:\Users\jeff
2015-02-26 05:04 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-21 06:10 - 2015-01-18 22:46 - 00007616 _____ () C:\Users\jeff\AppData\Local\Resmon.ResmonCfg
2015-02-20 20:26 - 2013-08-25 22:01 - 00028542 _____ () C:\Windows\PFRO.log
2015-02-17 20:46 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2015-02-17 00:30 - 2015-01-14 22:37 - 00000000 ____D () C:\ProgramData\Temp
2015-02-17 00:22 - 2015-01-15 20:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-17 00:10 - 2015-01-15 20:47 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-16 00:58 - 2013-08-25 22:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-14 06:56 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-02-14 01:44 - 2013-11-08 17:52 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2015-02-11 07:57 - 2013-08-22 06:44 - 00337920 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 07:52 - 2015-01-18 07:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 07:52 - 2015-01-18 07:26 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-08 23:28 - 2015-01-15 18:39 - 00000000 ____D () C:\Users\jeff\AppData\Local\VirtualStore
2015-02-07 07:45 - 2015-01-23 03:15 - 00000000 ____D () C:\Users\jeff\AppData\Roaming\WildTangent
2015-02-07 07:45 - 2015-01-15 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-07 07:45 - 2013-08-22 11:12 - 00000000 ____D () C:\Program Files\Windows Journal
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\IME
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Globalization
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\FileManager
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Camera
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-02-07 07:45 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-02-07 07:44 - 2013-08-22 11:12 - 00000000 ____D () C:\Windows\ShellNew
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 __RSD () C:\Windows\Media
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ___SD () C:\Windows\system32\Configuration
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ToastData
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\WinStore
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\ras
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\IME
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\icsxml
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SystemResources
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\WinMetadata
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\WindowsInternal.Inbox.Shared
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\WindowsInternal.Inbox.Media.Shared
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\th-TH
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sppui
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\setup
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\ras
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\MSDRM
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\InputMethod
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\IME
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\icsxml
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\ias
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\he-IL
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\et-EE
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\en-GB
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\Com
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\schemas
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\PLA
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-02-07 07:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\L2Schemas
2015-02-07 07:44 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-02-07 07:44 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-02-07 07:44 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-02-07 07:44 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-02-07 07:44 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\servicing
2015-02-07 07:25 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\registration
2015-02-07 00:34 - 2015-01-16 18:02 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-02-07 00:01 - 2013-11-08 17:58 - 00000000 ____D () C:\ProgramData\WildTangent
2015-02-07 00:01 - 2013-11-08 17:58 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-02-05 19:42 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-05 12:20 - 2015-01-14 22:27 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-05 12:18 - 2015-01-15 19:12 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 12:18 - 2015-01-15 19:12 - 00003662 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 11:31 - 2015-01-28 12:37 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2015-01-28 12:37 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-01-18 22:46 - 2015-02-21 06:10 - 0007616 _____ () C:\Users\jeff\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\jeff\AppData\Local\Temp\Quarantine.exe
C:\Users\jeff\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-01 20:12
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by jeff at 2015-03-02 23:25:26
Running from C:\Users\jeff\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{301D3AA1-5DCC-FCFD-622E-3C7CBA87C80F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.373 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.373 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.373 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{CA132762-533D-4EA4-81A9-DCB1D5B2B169}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A54CD4B8-3110-4B25-965A-4085D693B887}) (Version: 2.2.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.1 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
13-02-2015 23:39:22 ???heres to hoping
17-02-2015 00:08:44 Windows Update
20-02-2015 20:21:36 Restore Point Created by FRST
26-02-2015 05:02:12 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0E94DA62-6B64-413F-8B88-7368C5DA5B81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {0F24E2A4-3986-471E-B47E-037C9EE1336C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
Task: {1263C35B-8CA0-439C-A193-D934DD9C44CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {27E827E0-06B1-483B-86AB-AD1088FA6AC8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-04] (CyberLink)
Task: {2BB9B2D5-6375-4519-B057-EEE895CF6FE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {4128F1DD-FBF7-420C-95A9-683148A97C28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {4AD96814-53B5-41E6-B98A-2E31C8958F14} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {50DADD68-0B95-4A8A-9DAE-5072612EFF16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {5B9535ED-E0EA-40AA-9593-88BA9744545F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-11] (Synaptics Incorporated)
Task: {A32D55EF-7469-4F2D-B23C-0697E3BDDE7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
Task: {B6BD2C8B-EA0B-4438-8D22-D5AE506F99AA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-10-22] (Realtek Semiconductor)
Task: {C436830E-65B1-448F-9F14-EBC8BD713612} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-17] (Microsoft Corporation)
Task: {D690AFDA-2205-4B13-B07D-3220F4176777} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-01-30] (AVG Technologies)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-09-26 11:26 - 2013-09-26 11:26 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-26 11:32 - 2013-09-26 11:32 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-26 11:28 - 2013-09-26 11:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 11:25 - 2013-09-26 11:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-26 11:25 - 2013-09-26 11:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-26 11:25 - 2013-09-26 11:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-26 11:39 - 2013-09-26 11:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-26 11:39 - 2013-09-26 11:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-25 06:49 - 2013-09-25 06:49 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-09-25 06:48 - 2013-09-25 06:48 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-30 17:23 - 2015-01-30 17:23 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2013-09-26 11:34 - 2013-09-26 11:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-01-30 17:23 - 2015-01-30 17:23 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2013-09-25 06:48 - 2013-09-25 06:48 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-09-25 06:49 - 2013-09-25 06:49 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2015-01-17 23:58 - 2015-01-17 23:58 - 01686552 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2015-02-19 23:25 - 2015-02-17 14:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-19 23:25 - 2015-02-17 14:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-19 23:25 - 2015-02-17 14:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-01-14 22:44 - 2013-08-04 23:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-30 17:16 - 2015-01-30 17:16 - 00173368 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUBasic.bpl
2015-01-30 17:16 - 2015-01-30 17:16 - 00726328 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUKernel.bpl
2015-01-30 17:16 - 2015-01-30 17:16 - 00096056 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUTransl.bpl
2015-01-30 17:17 - 2015-01-30 17:17 - 10215736 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUComponents.bpl
2015-01-30 17:16 - 2015-01-30 17:16 - 00559416 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\GR32_D6.bpl
2015-01-30 17:16 - 2015-01-30 17:16 - 00260408 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\XMLComponents.bpl
2015-01-30 17:16 - 2015-01-30 17:16 - 00054072 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\dxCoreD12.bpl
2015-01-30 17:17 - 2015-01-30 17:17 - 00089400 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\dxGDIPlusD12.bpl
2015-01-30 17:16 - 2015-01-30 17:16 - 00170296 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\PerlRegEx.bpl
2015-01-30 17:16 - 2015-01-30 17:16 - 00101688 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUShell.bpl
2015-01-30 17:16 - 2015-01-30 17:16 - 00069944 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\dxThemeD12.bpl
2015-01-30 17:17 - 2015-01-30 17:17 - 01076536 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\cxLibraryD12.bpl
2015-01-30 17:17 - 2015-01-30 17:17 - 01374520 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\dxBarD12.bpl
2015-01-30 17:16 - 2015-01-30 17:16 - 00063288 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TURar.bpl
2015-01-30 17:16 - 2015-01-30 17:16 - 00021304 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\dxComnD12.bpl
2015-01-30 17:23 - 2015-01-30 17:23 - 00728888 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulngx.dll
2015-02-19 23:25 - 2015-02-17 14:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\jeff\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3792397004-3726139591-2730438546-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img5.jpg
DNS Servers: 192.168.0.1 - 205.171.2.65
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3792397004-3726139591-2730438546-500 - Administrator - Disabled)
Guest (S-1-5-21-3792397004-3726139591-2730438546-501 - Limited - Disabled)
jeff (S-1-5-21-3792397004-3726139591-2730438546-1002 - Administrator - Enabled) => C:\Users\jeff
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/02/2015 00:15:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1516
 
Error: (03/02/2015 00:15:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1516
 
Error: (03/02/2015 00:15:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/01/2015 07:21:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61802031
 
Error: (03/01/2015 07:21:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61802031
 
Error: (03/01/2015 07:21:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/01/2015 07:21:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61800313
 
Error: (03/01/2015 07:21:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61800313
 
Error: (03/01/2015 07:21:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/28/2015 11:22:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
 
System errors:
=============
Error: (03/02/2015 00:15:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 7 time(s).
 
Error: (03/01/2015 08:35:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 6 time(s).
 
Error: (03/01/2015 02:10:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 5 time(s).
 
Error: (03/01/2015 02:02:42 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume Data Safe encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (03/01/2015 02:02:00 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume Data Safe encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (02/28/2015 07:55:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (02/28/2015 07:28:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (02/27/2015 04:23:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (02/27/2015 02:18:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/26/2015 07:09:38 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on G: cannot be read.
 
 
Microsoft Office Sessions:
=========================
Error: (03/02/2015 00:15:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1516
 
Error: (03/02/2015 00:15:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1516
 
Error: (03/02/2015 00:15:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/01/2015 07:21:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61802031
 
Error: (03/01/2015 07:21:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61802031
 
Error: (03/01/2015 07:21:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/01/2015 07:21:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61800313
 
Error: (03/01/2015 07:21:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61800313
 
Error: (03/01/2015 07:21:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/28/2015 11:22:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-26 17:06:11.512
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-20 20:27:07.628
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-20 20:08:45.195
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-17 00:32:33.448
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-11 07:57:22.718
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-07 07:55:08.887
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-07 02:38:02.574
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-07 01:33:23.946
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-05 23:02:28.996
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-05 20:06:00.913
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-5200 APU with Radeon™ HD Graphics 
Percentage of memory in use: 90%
Total physical RAM: 3554.26 MB
Available physical RAM: 330.03 MB
Total Pagefile: 7394.26 MB
Available Pagefile: 1843.45 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:678.91 GB) (Free:637.75 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.96 GB) (Free:1.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: D0D30292)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 Results of screen317's Security Check version 0.99.97  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG Internet Security 2015   
Windows Defender             
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 AVG PC TuneUp 2015  
 AVG Web TuneUp   
 AVG PC TuneUp 2015 (en-US) 
 AVG PC TuneUp 2015  
  Java 64-bit 8 Update 31  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

  • 0

#39
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Could you please do that:

 

please tell me what problems you currently have with your computer.

  • 0

#40
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Good news. Your system looks clean and we can delete the tools that we've used. I've also prepared some tips for you to stay safe in the future.

 
DelFix
Now that your system looks clean, we can clear system restore points and malware removal tools that we've used. To do that, download and run Delfix.
  • Note: Make sure that the following options are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset System Settings
k0dPuvD.png

Also, delete any other .exe .txt, .bat .reg or .zip files that we used and are remaining and empty the Recycle bin.

 
Uninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove ESET Online Scanner v3

 
Preventing Re-Infection

As prevention is better than cure, I have listed some tips for you to stay safe on the internet in the future. Make a good use of them.

 
WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
Read this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
  • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.
 
Adobe products have to always be updated, because they also are being used to infect your computer.
  • If you want to update Adobe Flash Player, visit this site.
  • If you want to update Adobe Reader, visit this site.
  • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.
 
Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.
  • Click Start > Control Panel > System and Security > Windows Update
  • Under Windows Update click Turn automatic updating on or off
  • Make sure that your settings are set so that you will receive updates automatically and click OK.
 
Heimdal Free is one of programs that can check for out-of-date programs on your computer. You can get it here.

 
Recommendations for security programs
  • Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
  • WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • NoScript is a Firefox add-on that increases safety during surfing online by blocking malicious scripts.
  • Unchecky will help you to avoid adware and PUPs by automatically removing checkmarks for these during installing programs.
  • Web of Trust is an add-on for multiple browsers that warns you before entering websites with bad reputation.
 
Cryptolocker prevention
Cryptolocker is a new ransomware that heavily encrypts your important files. At the moment there are no programs that can decrypt these files. You can read how to protect against it here.

 
For some good tips about how to prevent infection in the future, visit this site.
  • 0

Advertisements


#41
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP