Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Possible Proxy Problem

Started by CharleeBrown , Mar 24 2015 12:05 PM

This topic is locked

#1
CharleeBrown

Posted 24 March 2015 - 12:05 PM

New Member

Member
2 posts

On my laptop, the internet will slow down or not work at all. I've done some searching and I've seen that it may be a virus, because when I go into the internet settings, the proxy box is checked, and it is set to 127.0.0.1 and port 5050. I've unchecked it, ok'd it out went back out and it is right there again.

From my reading, i've downloaded Malwarebytes, and I had a whopping 3,700 items identified and deleted from that alone. I have just run RFST and here are the logs.

Attached Files

FRST_24-03-2015_13-04-46.txt 39.6KB 226 downloads
Addition_24-03-2015_13-04-44.txt 29.6KB 230 downloads

#2
zep516

Posted 24 March 2015 - 02:17 PM

Trusted Helper

Malware Removal
8,090 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Please do not attach logs it causes additional work. I'm pasting yours in now.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Vickie (administrator) on HOME on 24-03-2015 13:01:19
Running from C:\Users\Vickie\Downloads
Loaded Profiles: Vickie (Available profiles: Vickie)
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-622835846-1608901083-3201074063-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-23] (CyberLink Corp.)
HKU\S-1-5-21-622835846-1608901083-3201074063-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2014-12-02] (SEIKO EPSON CORPORATION)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-622835846-1608901083-3201074063-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM -> {EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-622835846-1608901083-3201074063-1001 -> {EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1} URL = http://www.amazon.co...s={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Vickie\AppData\Roaming\Mozilla\Firefox\Profiles\oey2jyhr.default
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2014-12-08] ()
FF user.js: detected! => C:\Users\Vickie\AppData\Roaming\Mozilla\Firefox\Profiles\oey2jyhr.default\user.js [2015-03-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-02-16]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-15]
CHR Extension: (Google Docs) - C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-15]
CHR Extension: (Google Drive) - C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-15]
CHR Extension: (YouTube) - C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-15]
CHR Extension: (Google Search) - C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-15]
CHR Extension: (TidyNetwork) - C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmidaiabaeipgkcooijbikmdcofhpakp [2014-12-15]
CHR Extension: (Google Sheets) - C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-15]
CHR Extension: (Gmail) - C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-15]
CHR HKLM-x32\...\Chrome\Extension: [dmidaiabaeipgkcooijbikmdcofhpakp] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-09] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [94720 2014-09-27] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-07-04] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3636440 2014-12-16] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 13:01 - 2015-03-24 13:01 - 00013725 _____ () C:\Users\Vickie\Downloads\FRST.txt
2015-03-24 13:01 - 2015-03-24 13:01 - 00000000 ____D () C:\FRST
2015-03-24 13:00 - 2015-03-24 13:00 - 02095616 _____ (Farbar) C:\Users\Vickie\Downloads\FRST64.exe
2015-03-24 12:47 - 2015-03-24 12:47 - 00001049 _____ () C:\Users\Vickie\Desktop\scanlist.txt
2015-03-24 12:26 - 2015-03-24 12:26 - 00001097 _____ () C:\Users\Vickie\Desktop\regedit.lnk
2015-03-24 12:15 - 2015-03-24 12:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-24 12:14 - 2015-03-24 12:14 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-24 12:14 - 2015-03-24 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-24 12:14 - 2015-03-24 12:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-24 12:14 - 2015-03-24 12:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-24 12:14 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-24 12:14 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-24 12:14 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-24 12:06 - 2015-03-10 21:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 12:06 - 2015-03-10 17:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 12:06 - 2015-03-10 17:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 12:06 - 2015-03-10 17:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 12:06 - 2015-03-10 17:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 12:06 - 2015-03-10 17:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 12:06 - 2015-03-10 17:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 12:02 - 2015-03-24 12:03 - 00001276 _____ () C:\Users\Vickie\Desktop\Control Panel.lnk
2015-03-24 11:59 - 2015-03-24 11:59 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Vickie\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-23 14:27 - 2015-03-24 12:56 - 00000743 _____ () C:\Windows\Tasks\EPSON XP-310 Series Invitation {FE8D91F6-986A-4E44-9D87-12244F3E9BD0}.job
2015-03-23 14:27 - 2015-03-24 12:27 - 00000929 _____ () C:\Windows\Tasks\EPSON XP-310 Series Update {FE8D91F6-986A-4E44-9D87-12244F3E9BD0}.job
2015-03-23 14:27 - 2015-03-23 14:27 - 00003960 _____ () C:\Windows\System32\Tasks\EPSON XP-310 Series Update {FE8D91F6-986A-4E44-9D87-12244F3E9BD0}
2015-03-23 14:27 - 2015-03-23 14:27 - 00003774 _____ () C:\Windows\System32\Tasks\EPSON XP-310 Series Invitation {FE8D91F6-986A-4E44-9D87-12244F3E9BD0}
2015-03-23 14:27 - 2015-03-23 14:27 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-03-23 14:25 - 2015-03-23 14:27 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-23 14:25 - 2014-12-02 04:46 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMBLBE.DLL
2015-03-23 14:25 - 2014-12-02 04:46 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BLBE.DLL
2015-03-23 14:25 - 2014-12-02 04:46 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-03-23 10:29 - 2015-03-23 14:21 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForVickie.job
2015-03-23 10:29 - 2015-03-23 10:29 - 00003162 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForVickie
2015-03-22 18:06 - 2015-03-22 18:07 - 00038400 _____ () C:\Users\Vickie\Downloads\Martinsville 2015.xls
2015-03-22 14:10 - 2015-03-04 16:24 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-22 14:10 - 2015-03-04 16:24 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-15 19:27 - 2015-03-22 18:05 - 00038400 _____ () C:\Users\Vickie\Downloads\Fontana 2015.xls
2015-03-15 12:59 - 2015-02-06 18:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-15 12:59 - 2015-02-03 18:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-15 12:59 - 2015-02-03 18:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-15 12:59 - 2015-02-03 18:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-15 12:59 - 2015-02-02 18:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-15 12:59 - 2015-02-02 18:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-15 12:59 - 2015-01-26 22:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-15 12:59 - 2015-01-23 20:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-15 12:59 - 2015-01-23 02:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-15 12:59 - 2015-01-23 00:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-15 12:58 - 2015-03-05 21:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-15 12:58 - 2015-03-05 21:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-15 12:58 - 2015-02-25 18:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-15 12:58 - 2015-01-30 18:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-15 12:58 - 2015-01-30 18:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-15 12:58 - 2015-01-28 20:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-15 12:58 - 2015-01-28 20:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-15 12:57 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-15 12:57 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-15 12:57 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-15 12:57 - 2015-02-20 19:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-15 12:57 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-15 12:57 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-15 12:57 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-15 12:57 - 2015-02-19 22:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-15 12:57 - 2015-02-19 21:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-15 12:57 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-15 12:57 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-15 12:57 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-15 12:57 - 2015-02-19 21:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-15 12:57 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-15 12:57 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-15 12:57 - 2015-02-19 21:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-15 12:57 - 2015-02-19 21:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-15 12:57 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-15 12:57 - 2015-02-19 21:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-15 12:57 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-15 12:57 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-15 12:57 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-15 12:57 - 2015-02-19 20:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-15 12:57 - 2015-02-19 20:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-15 12:57 - 2015-02-19 20:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-15 12:57 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-15 12:57 - 2015-02-19 20:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-15 12:57 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-15 12:57 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-15 12:57 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-15 12:57 - 2015-02-19 20:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-15 12:57 - 2015-02-19 20:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-15 12:57 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-15 12:57 - 2015-02-19 20:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-15 12:57 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-15 12:57 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-15 12:57 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-15 12:57 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-15 12:57 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-15 12:57 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-15 12:57 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-15 12:57 - 2015-02-05 20:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-15 12:57 - 2015-02-05 20:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-15 12:57 - 2015-02-05 15:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-15 12:57 - 2015-02-02 19:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-15 12:57 - 2015-02-02 19:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-15 12:57 - 2015-01-30 18:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-15 12:57 - 2015-01-29 22:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-15 12:57 - 2015-01-29 21:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-15 12:57 - 2015-01-29 21:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-15 12:57 - 2015-01-29 21:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-15 12:57 - 2015-01-29 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-15 12:57 - 2015-01-29 20:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-15 12:57 - 2015-01-29 20:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-15 12:57 - 2015-01-29 20:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-15 12:57 - 2015-01-29 20:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-15 12:57 - 2015-01-29 20:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-15 12:57 - 2015-01-29 20:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-15 12:57 - 2015-01-29 20:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-15 12:57 - 2015-01-29 20:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-15 12:57 - 2015-01-29 20:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-15 12:57 - 2015-01-28 20:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-15 12:57 - 2015-01-28 20:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-15 12:57 - 2015-01-28 20:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-15 12:57 - 2015-01-28 20:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-15 12:57 - 2015-01-28 19:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-15 12:57 - 2015-01-28 19:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-15 12:57 - 2015-01-28 19:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-15 12:57 - 2015-01-28 19:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-15 12:57 - 2015-01-28 10:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-15 12:57 - 2015-01-28 10:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-15 12:57 - 2015-01-28 10:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-15 12:57 - 2015-01-27 21:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-15 12:57 - 2015-01-27 20:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-15 12:57 - 2015-01-26 23:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-15 12:57 - 2015-01-26 21:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-15 12:57 - 2014-10-28 22:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-15 12:57 - 2014-10-28 21:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-15 12:57 - 2014-10-28 21:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-15 12:57 - 2014-10-28 21:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-15 12:57 - 2014-10-28 21:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-03-15 12:57 - 2014-10-28 21:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-03-15 12:57 - 2014-10-28 21:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-03-15 12:57 - 2014-10-28 21:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-03-15 12:57 - 2014-10-28 21:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-03-15 12:57 - 2014-10-28 21:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-03-15 12:57 - 2014-10-28 21:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-15 12:57 - 2014-10-28 21:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-15 12:57 - 2014-10-28 21:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-15 12:57 - 2014-10-28 20:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-03-15 12:57 - 2014-10-28 20:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-03-15 12:57 - 2014-10-28 20:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-03-15 12:57 - 2014-10-28 20:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-03-15 12:57 - 2014-10-28 20:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-03-15 12:57 - 2014-10-28 20:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-03-15 12:57 - 2014-10-28 20:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-03-15 12:57 - 2014-10-28 20:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-03-15 12:57 - 2014-10-28 20:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-03-15 12:57 - 2014-10-28 20:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-03-15 12:57 - 2014-10-28 19:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-03-15 12:57 - 2014-10-28 19:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-15 12:57 - 2014-10-28 19:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-03-15 12:57 - 2014-10-28 19:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-03-15 12:57 - 2014-10-28 19:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-03-15 12:57 - 2014-10-28 19:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-03-15 12:56 - 2015-02-12 12:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-15 12:56 - 2015-02-12 12:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-15 12:56 - 2015-02-07 18:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-15 12:56 - 2015-02-07 18:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-15 12:56 - 2015-01-29 13:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-15 12:56 - 2015-01-29 13:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-15 12:56 - 2015-01-27 20:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-15 12:56 - 2015-01-27 20:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-15 12:56 - 2015-01-27 18:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-15 12:56 - 2015-01-27 18:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-15 12:56 - 2015-01-21 00:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-15 12:56 - 2015-01-21 00:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-15 12:56 - 2014-12-11 00:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-15 12:44 - 2015-03-15 12:44 - 00000000 ____D () C:\Users\Vickie\AppData\Local\da3697ef-a91c-4664-a879-990c40d65969
2015-03-08 18:02 - 2015-03-15 19:27 - 00038400 _____ () C:\Users\Vickie\Downloads\Phoenix 2015.xls
2015-03-01 22:36 - 2015-03-15 18:59 - 00000000 ____D () C:\Users\Vickie\AppData\Roaming\OpenSoftwareUpdater
2015-03-01 22:31 - 2015-03-01 22:32 - 00323601 _____ (InstallerTech Corp) C:\Users\Vickie\Downloads\Setup.exe
2015-03-01 22:27 - 2015-03-08 18:02 - 00038400 _____ () C:\Users\Vickie\Downloads\Las Vegas 2015.xls
2015-02-28 17:30 - 2015-03-01 22:26 - 00037888 _____ () C:\Users\Vickie\Downloads\Atlanta 2015.xls
2015-02-28 17:30 - 2014-12-13 16:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-28 17:30 - 2014-12-13 16:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-28 17:30 - 2014-10-28 20:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-28 17:30 - 2014-10-28 20:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-28 17:30 - 2014-10-28 20:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-28 17:30 - 2014-10-28 20:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-22 12:24 - 2015-02-28 17:29 - 00037888 _____ () C:\Users\Vickie\Downloads\Daytona 500 2015.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 13:03 - 2014-12-06 17:16 - 00000000 ____D () C:\Users\Vickie\Documents\Youcam
2015-03-24 13:02 - 2014-12-06 17:19 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-622835846-1608901083-3201074063-1001
2015-03-24 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-24 12:57 - 2014-12-15 18:05 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-24 12:57 - 2014-12-06 17:16 - 00000000 ___DO () C:\Users\Vickie\OneDrive
2015-03-24 12:56 - 2014-08-27 00:07 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-24 12:56 - 2014-08-27 00:07 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-24 12:56 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-24 12:55 - 2014-03-18 04:44 - 01455510 _____ () C:\Windows\PFRO.log
2015-03-24 12:55 - 2013-08-22 09:46 - 00025813 _____ () C:\Windows\setupact.log
2015-03-24 12:55 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-24 12:54 - 2014-12-13 18:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 12:54 - 2014-12-13 18:11 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-24 12:45 - 2014-12-06 17:05 - 01779510 _____ () C:\Windows\WindowsUpdate.log
2015-03-24 12:13 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-03-24 12:13 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-24 12:12 - 2014-07-18 03:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-03-24 12:11 - 2014-12-15 18:05 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-24 11:57 - 2014-12-16 12:15 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-24 11:55 - 2014-12-06 17:17 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{17676AFA-6FEF-4516-9341-A554AA2B1D4B}
2015-03-23 14:33 - 2014-12-15 18:06 - 00002270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-23 14:28 - 2014-03-18 04:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-23 10:25 - 2014-12-06 17:13 - 00000000 ____D () C:\Users\Vickie
2015-03-22 19:59 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-03-22 17:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-22 14:02 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-22 14:01 - 2013-08-22 09:44 - 00378800 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-22 13:58 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-22 13:58 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 13:58 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 13:58 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-22 13:58 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-22 13:58 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-22 13:58 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-22 12:53 - 2014-12-12 20:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-22 12:46 - 2014-12-13 18:03 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-22 12:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-03 08:17 - 2015-02-15 13:10 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 23:38 - 2014-12-24 17:15 - 00001024 _____ () C:\.rnd

==================== Files in the root of some directories =======

2014-12-12 18:42 - 2014-12-12 18:42 - 0000064 _____ () C:\Users\Vickie\AppData\Local\c3ac1551b7be92c830b88f7802e3f4f2

Some content of TEMP:
====================
C:\Users\Vickie\AppData\Local\Temp\0318031427216926mcinst.exe
C:\Users\Vickie\AppData\Local\Temp\Extract.exe
C:\Users\Vickie\AppData\Local\Temp\install_temp.exe
C:\Users\Vickie\AppData\Local\Temp\optprosetup.exe
C:\Users\Vickie\AppData\Local\Temp\OSUUpdater.exe
C:\Users\Vickie\AppData\Local\Temp\SP67263.exe
C:\Users\Vickie\AppData\Local\Temp\SP67334.exe
C:\Users\Vickie\AppData\Local\Temp\SP68864.exe
C:\Users\Vickie\AppData\Local\Temp\SP69229.exe
C:\Users\Vickie\AppData\Local\Temp\SP69393.exe
C:\Users\Vickie\AppData\Local\Temp\SP69401.exe
C:\Users\Vickie\AppData\Local\Temp\SP69404.exe
C:\Users\Vickie\AppData\Local\Temp\SP69559.exe
C:\Users\Vickie\AppData\Local\Temp\SP69718.exe
C:\Users\Vickie\AppData\Local\Temp\SP69748.exe
C:\Users\Vickie\AppData\Local\Temp\SP69840.exe
C:\Users\Vickie\AppData\Local\Temp\SP69888.exe
C:\Users\Vickie\AppData\Local\Temp\SP70439.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-22 19:18

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Vickie at 2015-03-24 13:03:26
Running from C:\Users\Vickie\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Town (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cache utility (HKU\.DEFAULT\...\Cache utility) (Version: 1 - Cache utility)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Common dictionary (HKLM-x32\...\Common dictionary) (Version: 1 - Common dictionary)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
DealAlly (HKU\.DEFAULT\...\DealAlly) (Version: 1 - Jet Applications)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Display settings (HKU\.DEFAULT\...\Display settings) (Version: 1 - Display settings)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoist Search (HKU\.DEFAULT\...\Hoist Search) (Version: 1 - Hoist Search)
HP Documentation (HKLM-x32\...\{DCB0919F-F0A6-4C63-800F-B6825D6C0434}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.27 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{82E6836B-9400-4965-9FD2-46BD64D8BE41}) (Version: 2.4.7 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.27 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.27 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.41 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

01-03-2015 15:15:51 Scheduled Checkpoint
22-03-2015 12:30:02 Windows Update
24-03-2015 12:04:08 Removed UpdateAdmin

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {32C1CC77-6C81-421D-8955-71FCE2E31CE1} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {519B1E88-B1B8-4FE1-8E94-E134F639B420} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {51D39983-80B1-4991-B264-CFD4CB3C11AE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-22] (Microsoft Corporation)
Task: {5D150DC7-245F-4ECB-8856-369C12616212} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {627734D1-579D-4491-B914-A062AB4FE347} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-15] (Google Inc.)
Task: {845F555F-CA03-4052-B5F2-5AE04E9895EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {89B4343E-6653-454B-BBF7-2B1D77625948} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.)
Task: {8BFEC266-F5F0-4C0A-AB11-E1C3B2243056} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-15] (Google Inc.)
Task: {93E0FF69-A9AA-4A02-B30B-052F6952F202} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {9B0863DD-3769-483C-B344-F0BA93A4DF73} - System32\Tasks\EPSON XP-310 Series Invitation {FE8D91F6-986A-4E44-9D87-12244F3E9BD0} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {9ED3CAD2-CDC3-481D-8078-DAC9DB14C390} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A1B28BB9-5D0E-403C-A479-CF6BF442D91B} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2014-09-27] (Hewlett-Packard)
Task: {B0E5F902-D6CC-47D9-9C49-A19E299FDD43} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2014-09-27] (Hewlett-Packard)
Task: {CDE1B00D-705C-4C3F-9C4A-70B770BF5150} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {D2ADEC72-07AC-48F8-89BA-E1504E769ADA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {D8FFA37B-965B-4579-BEE3-814DA093DDA3} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2014-09-27] (Hewlett-Packard)
Task: {ED13033F-C2FF-4EB9-892D-63E672A2E0FA} - System32\Tasks\EPSON XP-310 Series Update {FE8D91F6-986A-4E44-9D87-12244F3E9BD0} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-12-02] (SEIKO EPSON CORPORATION)
Task: {EDCC5220-5E9A-48D7-8333-0BB86BF2215B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {EE4C858D-60A8-4737-BA42-A07F3635C002} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {F2C8C154-388E-4415-8683-96959519F844} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {FE235E39-9C1D-43EB-874E-E761EF11EC8A} - System32\Tasks\HPCeeScheduleForVickie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {FE8D91F6-986A-4E44-9D87-12244F3E9BD0}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\Windows\Tasks\EPSON XP-310 Series Update {FE8D91F6-986A-4E44-9D87-12244F3E9BD0}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{FE8D91F6-986A-4E44-9D87-12244F3E9BD0} /F:UpdateWORKGROUP\HOME$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForVickie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2014-09-27 14:40 - 2014-09-27 14:40 - 02150400 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-09-27 14:39 - 2014-09-27 14:39 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-09-27 14:39 - 2014-09-27 14:39 - 00035840 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-09-27 14:39 - 2014-09-27 14:39 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-09-27 14:48 - 2014-09-27 14:48 - 00420432 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-09-27 14:48 - 2014-09-27 14:48 - 00746064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-09-27 14:42 - 2014-09-27 14:42 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-02-16 10:26 - 2014-07-23 22:03 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2015-02-16 10:26 - 2014-04-17 01:35 - 01323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2015-02-16 10:26 - 2014-07-23 22:03 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2015-03-22 13:13 - 2015-03-14 05:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-22 13:13 - 2015-03-14 05:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-22 13:13 - 2015-03-14 05:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-22 13:13 - 2015-03-14 05:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
2015-02-16 10:07 - 2014-10-28 06:48 - 00866056 _____ () C:\Program Files (x86)\CyberLink\YouCam\subsys\BigBang\Runtime\UNO.dll
2015-02-16 10:07 - 2011-08-23 21:39 - 00081920 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_ctypes.pyd
2015-02-16 10:07 - 2011-08-23 21:39 - 00053248 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_socket.pyd
2015-02-16 10:07 - 2011-08-23 21:39 - 00655360 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_ssl.pyd
2015-02-16 10:07 - 2014-09-22 21:45 - 00057344 _____ () C:\Program Files (x86)\CyberLink\YouCam\subsys\YouCam\XUControl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Vickie\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-622835846-1608901083-3201074063-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-622835846-1608901083-3201074063-500 - Administrator - Disabled)
Guest (S-1-5-21-622835846-1608901083-3201074063-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-622835846-1608901083-3201074063-1003 - Limited - Enabled)
Vickie (S-1-5-21-622835846-1608901083-3201074063-1001 - Administrator - Enabled) => C:\Users\Vickie

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2015 00:22:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 41.0.2272.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a18

Start Time: 01d06654fe9e0c09

Termination Time: 86

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 4f8b4d15-d24a-11e4-826b-8cdcd48c3fa5

Faulting package full name:

Faulting package-relative application ID:

Error: (03/22/2015 02:02:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.

Error: (03/22/2015 02:02:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.

Error: (03/22/2015 01:33:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: opbhobrokerdsktop.exe, version: 8.0.1.27, time stamp: 0x542672b7
Faulting module name: combase.dll, version: 6.3.9600.17031, time stamp: 0x53087867
Exception code: 0xc0000005
Fault offset: 0x000000000000f5dd
Faulting process id: 0x10c0
Faulting application start time: 0xopbhobrokerdsktop.exe0
Faulting application path: opbhobrokerdsktop.exe1
Faulting module path: opbhobrokerdsktop.exe2
Report Id: opbhobrokerdsktop.exe3
Faulting package full name: opbhobrokerdsktop.exe4
Faulting package-relative application ID: opbhobrokerdsktop.exe5

Error: (03/22/2015 00:31:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2ac

Start Time: 01d064c53f48aca7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 346dfe1d-d0b9-11e4-8269-8cdcd48c3fa5

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/15/2015 00:46:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1848

Start Time: 01d05f471b7d7c9d

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 0f2e4288-cb3b-11e4-8269-8cdcd48c3fa5

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/08/2015 06:17:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UpdateAdmin.exe version 1.0.0.1885 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1188

Start Time: 01d059f11a83b440

Termination Time: 62

Application Path: C:\Users\Vickie\AppData\Local\UpdateAdmin\UpdateAdmin.exe

Report Id: 311cb878-c5e9-11e4-8269-8cdcd48c3fa5

Faulting package full name:

Faulting package-relative application ID:

Error: (03/02/2015 11:43:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f0

Start Time: 01d0556bd1821bca

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: c51adf2b-c15f-11e4-8268-8cdcd48c3fa5

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/22/2015 01:40:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 40.0.2214.111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1250

Start Time: 01d04ec0a294b2f0

Termination Time: 37

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 02a1aab2-bac0-11e4-8267-8cdcd48c3fa5

Faulting package full name:

Faulting package-relative application ID:

Error: (02/22/2015 00:55:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1668

Start Time: 01d04ec7e4a503f3

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: d8a96ce8-babb-11e4-8267-8cdcd48c3fa5

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (03/24/2015 00:10:29 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (03/24/2015 00:09:59 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (03/08/2015 07:05:40 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/08/2015 07:05:40 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/22/2015 01:38:50 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

A corruption was found in a file system index structure. The file reference number is 0x3000000007929. The name of the file is "\Windows\System32". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (02/19/2015 08:19:35 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/19/2015 08:19:35 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/19/2015 08:19:35 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/19/2015 08:19:35 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/16/2015 10:26:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CLVirtualDrive service failed to start due to the following error:
%%183

Microsoft Office Sessions:
=========================
Error: (03/24/2015 00:22:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe41.0.2272.101a1801d06654fe9e0c0986C:\Program Files (x86)\Google\Chrome\Application\chrome.exe4f8b4d15-d24a-11e4-826b-8cdcd48c3fa5

Error: (03/22/2015 02:02:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

Error: (03/22/2015 02:02:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

Error: (03/22/2015 01:33:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: opbhobrokerdsktop.exe8.0.1.27542672b7combase.dll6.3.9600.1703153087867c0000005000000000000f5dd10c001d064c55172c5fcC:\Program Files\Hewlett-Packard\SimplePass\opbhobrokerdsktop.exeC:\Windows\SYSTEM32\combase.dllf661bb77-d0c1-11e4-8269-8cdcd48c3fa5

Error: (03/22/2015 00:31:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206892ac01d064c53f48aca74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe346dfe1d-d0b9-11e4-8269-8cdcd48c3fa5microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/15/2015 00:46:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689184801d05f471b7d7c9d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe0f2e4288-cb3b-11e4-8269-8cdcd48c3fa5microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/08/2015 06:17:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: UpdateAdmin.exe1.0.0.1885118801d059f11a83b44062C:\Users\Vickie\AppData\Local\UpdateAdmin\UpdateAdmin.exe311cb878-c5e9-11e4-8269-8cdcd48c3fa5

Error: (03/02/2015 11:43:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689f001d0556bd1821bca4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exec51adf2b-c15f-11e4-8268-8cdcd48c3fa5microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/22/2015 01:40:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.111125001d04ec0a294b2f037C:\Program Files (x86)\Google\Chrome\Application\chrome.exe02a1aab2-bac0-11e4-8267-8cdcd48c3fa5

Error: (02/22/2015 00:55:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689166801d04ec7e4a503f34294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exed8a96ce8-babb-11e4-8267-8cdcd48c3fa5microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

#3
zep516

Posted 24 March 2015 - 02:30 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

Logs posted, lets get started.

First do this:
Farber Recovery Scanner needs to be running from the desktop. You have it in the downloads folder. Please move to desktop
To do that:

Navigate to your downloads folder--> C:\Users\Vickie\Downloads
In the downloads folder find FRST (Farber recovery scan tool)
Right click on it,Choose cut.
Go back to the desktop.
On an empty space right click, choose paste.
Farber will now have been successfully moved to desktop.

No need to do another scan.

Next
Please remove this program from your programs and features list.
1-DealAlly

Next
A few items to fix using FRST.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-622835846-1608901083-3201074063-1001 -> {EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Extension: (TidyNetwork) - C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmidaiabaeipgkcooijbikmdcofhpakp [2014-12-15]
Task: {32C1CC77-6C81-421D-8955-71FCE2E31CE1} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {519B1E88-B1B8-4FE1-8E94-E134F639B420} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {93E0FF69-A9AA-4A02-B30B-052F6952F202} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
hosts:
Emptytemp:
end

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Please post the Fixlist.txt in your next reply. That will be located on the desktop.

Thanks
Joe

#4
CharleeBrown

Posted 26 March 2015 - 11:20 AM

New Member

Topic Starter
Member
2 posts

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Vickie at 2015-03-26 12:13:56 Run:1
Running from C:\Users\Vickie\Desktop
Loaded Profiles: Vickie & (Available profiles: Vickie)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-622835846-1608901083-3201074063-1001 -> {EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1} URL = http://www.amazon.co...s={searchTerms}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Extension: (TidyNetwork) - C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmidaiabaeipgkcooijbikmdcofhpakp [2014-12-15]
Task: {32C1CC77-6C81-421D-8955-71FCE2E31CE1} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {519B1E88-B1B8-4FE1-8E94-E134F639B420} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
Task: {93E0FF69-A9AA-4A02-B30B-052F6952F202} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe <==== ATTENTION
C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
hosts:
Emptytemp:
end
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1}" => Key deleted successfully.
HKCR\CLSID\{EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1} => Key not found.
"HKU\S-1-5-21-622835846-1608901083-3201074063-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1}" => Key deleted successfully.
HKCR\CLSID\{EBDAD1EF-FEC5-4106-B516-CD6E5B244CF1} => Key not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => Moved successfully.
C:\Users\Vickie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmidaiabaeipgkcooijbikmdcofhpakp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32C1CC77-6C81-421D-8955-71FCE2E31CE1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32C1CC77-6C81-421D-8955-71FCE2E31CE1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{519B1E88-B1B8-4FE1-8E94-E134F639B420}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{519B1E88-B1B8-4FE1-8E94-E134F639B420}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimum_Daily => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimum_Daily" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93E0FF69-A9AA-4A02-B30B-052F6952F202}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93E0FF69-A9AA-4A02-B30B-052F6952F202}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimum_LogOn => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimum_LogOn" => Key deleted successfully.
"C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe" => File/Directory not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{C47CE9E6-CF6E-4BA2-9838-138255F33256} canceled.
Unable to cancel {6A45BABE-21FE-43DE-AC8C-7F137338DC2A}.
Unable to cancel {CFAB15C2-3096-4D70-A51E-44F33059028A}.
Unable to cancel {D8BCCA0D-E1B6-406C-9FD4-33C9D314599F}.
1 out of 4 jobs canceled.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-622835846-1608901083-3201074063-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-622835846-1608901083-3201074063-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-622835846-1608901083-3201074063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-622835846-1608901083-3201074063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

========= End of RemoveProxy: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 1.3 GB temporary data.

The system needed a reboot.

==== End of Fixlog 12:15:32 ====

The fixlist was overridden by the fixlog

#5
zep516

Posted 26 March 2015 - 01:42 PM

Trusted Helper

Malware Removal
8,090 posts

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner
Next

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
- The AdwCleaner [SO].txt Log
- The JRT.txt Log
Thanks
Joe

#6
zep516

Posted 14 April 2015 - 10:26 AM

Trusted Helper

Malware Removal
8,090 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.