Okay here is the FRST Scan
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Dorothy01 (administrator) on DOROTHY on 05-03-2015 08:18:02
Running from C:\Users\Dorothy01\Desktop
Loaded Profiles: Dorothy01 (Available profiles: Dorothy01)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-19] (AVAST Software)
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://g.msn.com/HPDSK13/1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Google Drive) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-19]
CHR Extension: (YouTube) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19]
CHR Extension: (Google Search) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19]
CHR Extension: (Google Sheets) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]
CHR Extension: (Norton Identity Safe) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-19]
CHR Extension: (Google Wallet) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]
CHR Extension: (Gmail) - C:\Users\Dorothy01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-19] (AVAST Software)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-14] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-02-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-19] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-02-20] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-05 08:18 - 2015-03-05 08:19 - 00012411 _____ () C:\Users\Dorothy01\Desktop\FRST.txt
2015-03-04 19:46 - 2015-03-04 19:46 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak
2015-03-04 19:45 - 2015-03-04 19:45 - 00302011 _____ () C:\Users\Dorothy01\Downloads\WindowsUpdateDiagnostic (2).diagcab
2015-03-04 19:35 - 2015-03-04 19:35 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-27 06:33 - 2015-02-27 06:33 - 00302011 _____ () C:\Users\Dorothy01\Downloads\WindowsUpdateDiagnostic (1).diagcab
2015-02-26 21:47 - 2015-02-26 21:47 - 00302011 _____ () C:\Users\Dorothy01\Downloads\WindowsUpdateDiagnostic.diagcab
2015-02-26 20:54 - 2015-03-04 17:29 - 00000000 ____D () C:\Users\Dorothy01\Desktop\FRST-OlderVersion
2015-02-25 21:44 - 2015-02-25 21:44 - 02347384 _____ (ESET) C:\Users\Dorothy01\Downloads\esetsmartinstaller_enu (3).exe
2015-02-25 20:35 - 2015-02-25 20:35 - 02347384 _____ (ESET) C:\Users\Dorothy01\Downloads\esetsmartinstaller_enu (2).exe
2015-02-25 20:29 - 2015-03-05 08:14 - 00197398 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-25 20:27 - 2014-02-14 04:38 - 00000000 ____D () C:\Users\Dorothy01\Downloads\Tweaking.com - Set Windows Services To Default Startup
2015-02-25 20:26 - 2015-02-25 20:26 - 01337256 _____ () C:\Users\Dorothy01\Downloads\Tweaking.com-SetWindowsServicesToDefaultStartup.exe
2015-02-25 01:42 - 2015-02-25 01:42 - 02126848 _____ () C:\Users\Dorothy01\Desktop\AdwCleaner.exe
2015-02-25 01:42 - 2015-02-25 01:42 - 00415232 _____ (Farbar) C:\Users\Dorothy01\Desktop\FSS.exe
2015-02-24 06:21 - 2015-02-24 06:21 - 00243440 _____ () C:\Users\Dorothy01\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-24 05:54 - 2015-02-24 05:54 - 00896048 _____ () C:\Users\Dorothy01\Downloads\Norton_Removal_Tool.exe
2015-02-21 22:39 - 2015-03-05 08:18 - 00000000 ____D () C:\FRST
2015-02-21 22:15 - 2015-03-04 17:29 - 02092544 _____ (Farbar) C:\Users\Dorothy01\Desktop\FRST64.exe
2015-02-21 22:12 - 2015-02-21 22:12 - 02745248 _____ () C:\Users\Dorothy01\Downloads\idtool.zip
2015-02-21 19:12 - 2015-02-21 19:12 - 00101120 _____ () C:\Users\Dorothy01\Downloads\Extras.Txt
2015-02-21 19:07 - 2015-02-21 19:14 - 00137792 _____ () C:\Users\Dorothy01\Downloads\OTL.Txt
2015-02-21 18:42 - 2015-02-21 18:42 - 00602112 _____ (OldTimer Tools) C:\Users\Dorothy01\Downloads\OTL.exe
2015-02-20 19:35 - 2015-02-20 19:35 - 02347384 _____ (ESET) C:\Users\Dorothy01\Downloads\esetsmartinstaller_enu.exe
2015-02-20 19:35 - 2015-02-20 19:35 - 02347384 _____ (ESET) C:\Users\Dorothy01\Downloads\esetsmartinstaller_enu (1).exe
2015-02-20 19:33 - 2015-02-20 19:33 - 00190152 _____ (ESET) C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner (2).exe
2015-02-20 19:33 - 2015-02-20 19:33 - 00190152 _____ (ESET) C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner (1).exe
2015-02-20 19:33 - 2015-02-20 19:33 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner (1).exe_20150220.193324.1664.log
2015-02-20 06:45 - 2015-03-04 19:36 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\CrashDumps
2015-02-20 06:41 - 2015-03-04 20:46 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-20 06:41 - 2015-02-20 06:41 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-20 06:41 - 2015-02-20 06:41 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-20 06:07 - 2015-02-20 19:18 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-20 06:07 - 2015-02-20 06:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-19 22:07 - 2015-02-19 22:09 - 18683992 _____ () C:\Users\Dorothy01\Downloads\RogueKillerX64.exe
2015-02-19 22:04 - 2015-02-19 22:04 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\AVAST Software
2015-02-19 21:41 - 2015-02-19 21:41 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe_20150219.214114.592.log
2015-02-19 21:33 - 2015-02-25 03:12 - 00000000 ____D () C:\AdwCleaner
2015-02-19 21:33 - 2015-02-19 21:33 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe_20150219.213330.1188.log
2015-02-19 21:33 - 2015-02-19 21:33 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe_20150219.213304.1212.log
2015-02-19 21:32 - 2015-02-19 21:33 - 02126848 _____ () C:\Users\Dorothy01\Downloads\adwcleaner_4.111.exe
2015-02-19 21:32 - 2015-02-19 21:32 - 00190152 _____ (ESET) C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe
2015-02-19 21:32 - 2015-02-19 21:32 - 00002814 _____ () C:\Users\Dorothy01\Downloads\ESETPoweliksCleaner.exe_20150219.213253.1128.log
2015-02-19 21:27 - 2015-02-19 21:27 - 00001982 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-19 21:27 - 2015-02-19 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-19 21:27 - 2015-02-19 21:17 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-19 21:23 - 2015-02-19 21:23 - 05006864 _____ (AVAST Software) C:\Users\Dorothy01\Downloads\avast_free_antivirus_setup_online.exe
2015-02-19 21:20 - 2015-02-19 21:27 - 00000350 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-02-19 21:20 - 2015-02-19 21:20 - 00002281 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 21:20 - 2015-02-19 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-19 21:20 - 2015-02-19 21:20 - 00000000 ____D () C:\ProgramData\Google
2015-02-19 21:20 - 2015-02-19 21:20 - 00000000 ____D () C:\Program Files\Google
2015-02-19 21:18 - 2015-03-04 20:07 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-19 21:18 - 2015-02-19 21:21 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\Google
2015-02-19 21:18 - 2015-02-19 21:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-19 21:17 - 2015-02-19 21:27 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-02-19 21:17 - 2015-02-19 21:27 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-02-19 21:17 - 2015-02-19 21:17 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-02-19 21:17 - 2015-02-19 21:17 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-02-19 21:17 - 2015-02-19 21:17 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-02-19 21:17 - 2015-02-19 21:17 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-02-19 21:17 - 2015-02-19 21:17 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-02-19 21:15 - 2015-02-19 21:15 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-19 21:15 - 2015-02-19 21:15 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-19 21:13 - 2015-02-19 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-19 18:15 - 2015-02-19 18:15 - 00003180 _____ () C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2015-02-18 16:53 - 2015-03-02 20:42 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-18 16:52 - 2015-02-18 16:52 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-18 16:52 - 2015-02-18 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-18 16:52 - 2015-02-18 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-18 16:52 - 2015-02-18 16:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-18 16:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-18 16:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-18 16:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-18 16:48 - 2015-02-18 16:48 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-18 16:48 - 2015-02-18 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-18 16:48 - 2015-02-18 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-18 16:39 - 2015-02-24 06:22 - 00000000 ____D () C:\WINDOWS\pss
2015-02-11 17:53 - 2015-02-11 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZTE Handset USB Driver
2015-02-11 17:53 - 2015-02-11 17:53 - 00000000 ____D () C:\Program Files\ZTE_Handset_USB_Driver
2015-02-11 17:53 - 2013-09-11 16:27 - 00134976 _____ (ZTE Corporation) C:\WINDOWS\system32\Drivers\zghsser.sys
2015-02-11 17:53 - 2013-09-11 16:26 - 00175808 _____ (ZTE Corporation) C:\WINDOWS\system32\Drivers\zghsnet.sys
2015-02-11 17:53 - 2013-03-19 18:38 - 00821544 _____ () C:\WINDOWS\adb.exe
2015-02-11 17:53 - 2012-11-09 17:14 - 00062728 _____ (VIA Telecom) C:\WINDOWS\system32\Drivers\viahsser.sys
2015-02-11 17:53 - 2012-10-31 18:02 - 00032136 _____ (Via Telecom, Inc.) C:\WINDOWS\system32\Drivers\viahsets.sys
2015-02-11 17:53 - 2012-06-20 13:51 - 00020232 _____ (HandSet Incorporated) C:\WINDOWS\system32\Drivers\massfilter_hs.sys
2015-02-11 17:53 - 2012-06-08 16:56 - 01721576 _____ () C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-02-11 17:53 - 2012-06-08 16:56 - 01002728 _____ () C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2015-02-11 17:53 - 2011-10-26 17:31 - 00067608 _____ (Google, inc) C:\WINDOWS\AdbWinUsbApi.dll
2015-02-11 17:53 - 2011-08-15 18:43 - 00102936 _____ (Google, inc) C:\WINDOWS\AdbWinApi.dll
2015-02-09 16:56 - 2015-02-09 16:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-05 08:14 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-04 20:36 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-04 20:12 - 2014-07-23 09:19 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1427692388-1042374531-2795145444-1001
2015-03-04 20:09 - 2012-08-31 22:56 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-03-04 20:06 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-04 19:14 - 2013-08-22 07:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-04 19:13 - 2014-10-14 09:44 - 00000000 ____D () C:\Users\Dorothy01
2015-03-04 02:50 - 2014-09-24 01:15 - 00006428 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-02 21:27 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PLA
2015-02-27 06:27 - 2014-09-07 12:01 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-26 20:55 - 2014-10-22 16:04 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\tmp11238
2015-02-26 20:55 - 2014-10-14 13:14 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\AMD
2015-02-26 20:55 - 2014-10-14 10:30 - 00000000 ____D () C:\Windows.old
2015-02-26 20:55 - 2014-08-11 11:56 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\Apple Computer
2015-02-26 20:55 - 2014-07-23 09:13 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\Adobe
2015-02-26 20:55 - 2014-07-23 09:09 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard
2015-02-26 20:54 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-02-25 03:12 - 2014-09-24 09:57 - 00000000 ___HD () C:\$Windows.~BT
2015-02-25 03:12 - 2014-07-23 16:07 - 00000000 ____D () C:\StarmIRC v3.0
2015-02-25 03:12 - 2014-07-23 16:05 - 00000000 ____D () C:\StarPircH
2015-02-25 03:12 - 2012-08-28 08:27 - 00000000 _RSHD () C:\hp
2015-02-25 03:12 - 2012-08-01 21:15 - 00000000 ____D () C:\SWSETUP
2015-02-25 03:12 - 2012-08-01 03:57 - 00000000 _RSHD () C:\SYSTEM.SAV
2015-02-25 02:39 - 2014-12-09 19:03 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-02-25 02:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Web
2015-02-24 05:58 - 2012-08-31 23:57 - 00000000 ____D () C:\ProgramData\Norton
2015-02-24 05:58 - 2012-08-31 23:57 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-02-24 05:57 - 2014-11-11 19:11 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-02-21 22:13 - 2014-10-23 11:14 - 04012982 _____ (NathanScott Apps) C:\Users\Dorothy01\Desktop\IDTool.exe
2015-02-20 06:09 - 2014-07-23 16:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-20 06:09 - 2014-07-23 15:56 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-20 06:07 - 2014-07-23 15:56 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-20 06:07 - 2014-07-23 15:56 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-20 06:07 - 2014-07-23 15:56 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-20 06:07 - 2014-07-23 15:56 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-19 23:23 - 2014-11-10 16:42 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\Ovics
2015-02-19 07:41 - 2015-01-24 16:45 - 00000000 ____D () C:\Users\Dorothy01\AppData\Local\{294523ef-b8b6-59cc-fe37-7cd365b2a599}
2015-02-19 07:40 - 2014-11-20 15:49 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\FrameworkUpdate
2015-02-19 07:40 - 2014-11-10 16:29 - 00000000 ____D () C:\Users\Dorothy01\AppData\Roaming\FrameworkUpdate7
2015-02-19 01:24 - 2014-10-14 10:31 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-19 01:18 - 2014-11-11 16:55 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-15 08:13 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
==================== Files in the root of some directories =======
2015-01-05 14:15 - 2015-01-05 14:15 - 0015872 _____ () C:\Users\Dorothy01\AppData\Roaming\cowitches.d
2014-11-13 18:51 - 2015-01-07 09:58 - 0009728 _____ () C:\Users\Dorothy01\AppData\Roaming\mcp.ico
2014-07-23 15:49 - 2014-07-23 15:49 - 0000043 _____ () C:\Users\Dorothy01\AppData\Roaming\WB.CFG
2014-11-10 16:30 - 2014-11-10 16:30 - 0000448 ____H () C:\Users\Dorothy01\AppData\Roaming\麽鎒駓覜
2012-09-01 00:08 - 2012-09-01 00:08 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-14 09:32
==================== End Of Log ============================
And here's the additional scan
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Dorothy01 at 2015-03-05 08:20:20
Running from C:\Users\Dorothy01\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4407 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1202 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iscsicli (HKLM\...\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb) (Version: - )
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
StarmIRC 3.0 (HKLM-x32\...\StarmIRC 3.0) (Version: - )
StarPircH v3.0 (HKLM-x32\...\StarPircH v3.0) (Version: - )
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.01B01 - ZTE Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1427692388-1042374531-2795145444-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\appmgr.dll No File
==================== Restore Points =========================
26-02-2015 20:54:31 Restore Point Created by FRST
27-02-2015 06:26:16 Restore Point Created by FRST
04-03-2015 18:44:11 Restore Point Created by FRST
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2015-02-24 05:57 - 00001515 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
89.163.213.140 www.google-analytics.com.
89.163.213.140 google-analytics.com.
89.163.213.140 connect.facebook.net.
136.243.254.251 www.google-analytics.com.
136.243.254.251 google-analytics.com.
136.243.254.251 connect.facebook.net.
162.247.13.85 www.google-analytics.com.
162.247.13.85 google-analytics.com.
162.247.13.85 connect.facebook.net.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10DBF29F-9C03-4CB6-9169-375E42E32964} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe
Task: {11313470-E7D3-43C8-A7F7-5F76D072D93D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe
Task: {14B872C9-ED54-4ACC-A2E9-1A45CAD02CCE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {348D35BE-0530-4438-9C00-FA4E457087F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-19] (Google Inc.)
Task: {45D84C00-2A3B-4698-945A-BD5F046DE8C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {56F27C26-0168-4504-889C-0EFBE85EE084} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {86C013A6-B536-4DF0-BEDC-656D87A1D6D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {A589DDED-A1E5-4832-A451-604AADF76C94} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe
Task: {D042FFB9-18A6-451E-A0B3-D8F8FDB41F2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D7DFAC78-DC9A-420F-9905-9654F37432EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-19] (Google Inc.)
Task: {D8A8741F-AFA1-45BC-8531-65E4136E8CD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F70673BE-9DA6-4FE7-93FB-32DE754FBB81} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-09-12] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-07-19 19:06 - 2012-07-19 19:06 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-07-19 19:06 - 2012-07-19 19:06 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-07-19 19:07 - 2012-07-19 19:07 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-10-14 13:10 - 2014-10-14 13:10 - 00120224 _____ () C:\Users\Dorothy01\AppData\Local\assembly\dl3\N1ZEJ5WT.E21\Y8VKR1P8.4QP\edb32bf5\0038bcf4_1366cd01\HPItunesModule.DLL
2014-09-24 00:59 - 2014-09-24 00:59 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-03-04 17:27 - 2015-03-04 17:27 - 02916352 _____ () C:\Program Files\AVAST Software\Avast\defs\15030403\algo.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-19 21:17 - 2015-02-19 21:17 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-19 21:20 - 2015-02-17 16:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-19 21:20 - 2015-02-17 16:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-19 21:20 - 2015-02-17 16:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.254
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "{30112b75-e574-a6db-560c-8103291a0838}"
HKLM\...\StartupApproved\Run32: => "CrashReportSaver"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\StartupFolder: => "HELP_DECRYPT.URL"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\StartupFolder: => "HELP_DECRYPT.TXT"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\StartupFolder: => "HELP_DECRYPT.PNG"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\StartupFolder: => "HELP_DECRYPT.HTML"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "acikmao"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "BluetoothS"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "dccwmote"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "Driver Support"
HKU\S-1-5-21-1427692388-1042374531-2795145444-1001\...\StartupApproved\Run: => "kycnage"
==================== Accounts: =============================
Administrator (S-1-5-21-1427692388-1042374531-2795145444-500 - Administrator - Disabled)
Dorothy01 (S-1-5-21-1427692388-1042374531-2795145444-1001 - Administrator - Enabled) => C:\Users\Dorothy01
Guest (S-1-5-21-1427692388-1042374531-2795145444-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1427692388-1042374531-2795145444-1006 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/04/2015 07:49:41 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (03/04/2015 02:50:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (03/04/2015 02:50:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (03/02/2015 09:31:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (03/02/2015 09:31:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2875
Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2875
Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/28/2015 09:36:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/28/2015 09:36:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
System errors:
=============
Error: (03/04/2015 06:46:10 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (03/04/2015 06:45:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (03/04/2015 06:45:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IconMan_R service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Connected Remote Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (03/04/2015 06:45:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office Sessions:
=========================
Error: (03/04/2015 07:49:41 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
Error: (03/04/2015 02:50:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000
Error: (03/04/2015 02:50:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000
Error: (03/02/2015 09:31:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000
Error: (03/02/2015 09:31:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000
Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2875
Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2875
Error: (02/28/2015 10:04:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/28/2015 09:36:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000
Error: (02/28/2015 09:36:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000
==================== Memory info ===========================
Processor: AMD E1-1200 APU with Radeon HD Graphics
Percentage of memory in use: 27%
Total physical RAM: 3660.08 MB
Available physical RAM: 2665.52 MB
Total Pagefile: 4060.08 MB
Available Pagefile: 2385.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:444.06 GB) (Free:384.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.78 GB) (Free:2.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D370BA94)
Partition: GPT Partition Type.
==================== End Of Log ============================