Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow old laptop

Started by Sailing Captain , May 04 2015 03:47 PM

This topic is locked

#1
Sailing Captain

Posted 04 May 2015 - 03:47 PM

Member

Member
15 posts

Hi,

This laptop is about 8 years old and is running slow. There seems to be a lot of programs running in the background and I would like to know if it is worth trying to get this working quicker.

Thanks,

Craig

#2
zep516

Posted 04 May 2015 - 04:08 PM

Trusted Helper

Malware Removal
8,090 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Can you post a log file for us so we can get an idea of the workings of the Laptop

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
Sailing Captain

Posted 05 May 2015 - 06:07 AM

Member

Topic Starter
Member
15 posts

Hi Zep ( I trustZep is ok)

When I downloaded Farbar it opened start to it, I did not run as an administrator but it appears to have given the logs you wanted. Below are the 2 logs.

I trust these can help. Let me know if you need something different.

Thanks for your help,

Craig

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-05-2015
Ran by Owner (administrator) on TCYCSEC on 05-05-2015 21:56:32
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available profiles: Owner & vmdk)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(Apache Software Foundation) C:\Program Files\VMware\VMware Server\tomcat\bin\tomcat6.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Server\vmware-authd.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files\VMware\VMware Server\vmware-hostd.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-26] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-19] (PDF Complete Inc)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-10-22] (Hewlett-Packard)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-04] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-04] (ActivIdentity)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11264000 2009-11-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2009-10-13] (IDT, Inc.)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2503704 2015-04-07] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2004360 2015-04-28] (APN)
HKLM\...\runonceex: [ContentMerger] => c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-18] (Hewlett-Packard Company)
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\...\MountPoints2: {4c6ea55a-0d29-11e2-8892-005056c00008} - H:\unlock.exe autoplay=true
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-05-16]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-02-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tcyc.yachting.org.au/
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {79FFDB77-A890-479F-8BCB-CFFF0E769EE6} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {79FFDB77-A890-479F-8BCB-CFFF0E769EE6} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.c...fr&d=2012-08-0410:53:29&v=18.0.5.292&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002 -> {08DAC94C-BB76-4906-82A2-57FDFD86AE09} URL = http://www.google.co...age={startPage}
SearchScopes: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002 -> {79FFDB77-A890-479F-8BCB-CFFF0E769EE6} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.c...fr&d=2012-08-0410:53:29&v=18.0.5.292&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-11-05] (Hewlett-Packard)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-16] (Oracle Corporation)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.3.0.885\AVG Secure Search_toolbar.dll [2015-04-07] (AVG Secure Search)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-16] (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.3.0.885\AVG Secure Search_toolbar.dll [2015-04-07] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-04-07] (AVG Secure Search)
Winsock: Catalog9 12 C:\Program Files\VMware\VMware Server\vsocklib.dll [313904 2009-10-20] (VMware, Inc.)
Winsock: Catalog9 13 C:\Program Files\VMware\VMware Server\vsocklib.dll [313904 2009-10-20] (VMware, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\21yq0f6p.default
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: https://webmail.optu...nsvillesailing/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-05] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-01-31] (Apple Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\21yq0f6p.default\searchplugins\ask-search.xml [2014-12-16]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-04-07]
FF Extension: VMware Remote Console Plug-in - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\21yq0f6p.default\Extensions\[email protected] [2010-07-04]
FF Extension: Search App by Ask - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\21yq0f6p.default\Extensions\[email protected] [2014-11-25]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-02-02]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885 [2015-04-07]
FF HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-02-02]

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AVG Security Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-05-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-04] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-08-04] (LSI Corporation)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] (APN LLC.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [101944 2009-11-18] (Hewlett-Packard)
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [101944 2009-10-22] (Hewlett-Packard)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-11-05] (Hewlett-Packard) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-18] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-19] (PDF Complete Inc)
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1831928 2009-11-09] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [345416 2009-10-25] (Symantec Corporation)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\STacSV.exe [221266 2009-10-13] (IDT, Inc.)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1775344 2009-11-10] (Symantec Corporation)
R2 vcsFPService; C:\windows\system32\vcsFPService.exe [1639728 2009-10-07] (Validity Sensors, Inc.)
R2 VMAuthdService; C:\Program Files\VMware\VMware Server\vmware-authd.exe [121392 2009-10-20] (VMware, Inc.)
R2 VMnetDHCP; C:\windows\system32\vmnetdhcp.exe [326192 2009-10-20] (VMware, Inc.)
R2 VMware NAT Service; C:\windows\system32\vmnat.exe [399920 2009-10-20] (VMware, Inc.)
R2 VMwareHostd; C:\Program Files\VMware\VMware Server\vmware-hostd.exe [322096 2009-10-20] ()
R2 VMwareServerWebAccess; C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe [57344 2009-10-21] (Apache Software Foundation) [File not signed]
S3 vmwriter; C:\Program Files\VMware\VMware Server\vmVssWriter.exe [22528 2009-10-20] (VMware, Inc.) [File not signed]
R2 vToolbarUpdater18.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-04-07] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 yksvc; C:\windows\System32\yk62x86.dll [364544 2009-09-28] (Marvell)
S2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [213784 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-26] (Symantec Corporation)
R2 hcmon; C:\windows\system32\drivers\hcmon.sys [32304 2009-10-20] (VMware, Inc.)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVENG.SYS [95704 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\NAVEX15.SYS [1636696 2014-08-11] (Symantec Corporation)
S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]
R2 risdpcie; C:\windows\System32\DRIVERS\risdpe86.sys [47616 2009-10-29] (REDC)
R2 rixdpcie; C:\windows\System32\DRIVERS\rixdpe86.sys [38912 2009-09-29] (REDC)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-09-18] ()
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-08-26] (Symantec Corporation)
R1 SRTSP; C:\windows\System32\Drivers\SRTSP.SYS [281648 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\windows\System32\Drivers\SRTSPL.SYS [320560 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\windows\System32\Drivers\SRTSPX.SYS [43696 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [124976 2010-06-25] (Symantec Corporation)
R3 SYMREDRV; C:\windows\System32\Drivers\SYMREDRV.SYS [26416 2009-09-03] (Symantec Corporation)
R1 SYMTDI; C:\windows\System32\Drivers\SYMTDI.SYS [188080 2009-09-03] (Symantec Corporation)
R3 Teefer2; C:\windows\System32\DRIVERS\teefer2.sys [50064 2009-05-27] (Symantec Corporation)
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
R3 VMnetAdapter; C:\windows\System32\DRIVERS\vmnetadapter.sys [16560 2009-10-20] (VMware, Inc.)
R2 VMnetBridge; C:\windows\System32\DRIVERS\vmnetbridge.sys [31280 2009-10-20] (VMware, Inc.)
R2 VMnetuserif; C:\windows\system32\drivers\vmnetuserif.sys [26288 2009-10-20] (VMware, Inc.)
R2 VMparport; C:\windows\system32\Drivers\VMparport.sys [14896 2009-10-20] (VMware, Inc.)
R2 vmx86; C:\windows\system32\Drivers\vmx86.sys [857520 2009-10-20] (VMware, Inc.)
R1 WPS; C:\windows\system32\drivers\wpsdrvnt.sys [42312 2009-11-09] (Symantec Corporation)
R3 WpsHelper; C:\windows\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U4 Avgfwfd; system32\DRIVERS\avgfwd6x.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 21:56 - 2015-05-05 21:57 - 00027791 _____ () C:\Users\Owner\Downloads\FRST.txt
2015-05-05 21:54 - 2015-05-05 21:56 - 00000000 ____D () C:\FRST
2015-05-05 21:53 - 2015-05-05 21:53 - 01140736 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2015-05-05 21:50 - 2015-05-05 21:50 - 02101248 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2015-04-15 22:09 - 2015-03-23 13:06 - 00860160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-15 22:09 - 2015-03-23 13:06 - 00630784 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-15 22:09 - 2015-03-23 13:06 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-15 22:09 - 2015-03-23 13:06 - 00331264 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-15 22:09 - 2015-03-23 13:06 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-15 22:09 - 2015-03-23 13:06 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-15 22:09 - 2015-03-23 13:06 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-15 22:09 - 2015-03-23 12:59 - 00896000 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-15 22:09 - 2015-03-17 15:01 - 03920824 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-15 22:09 - 2015-03-17 14:59 - 01306112 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-15 22:09 - 2015-03-04 14:16 - 00249784 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-15 22:09 - 2015-03-04 14:10 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-15 22:08 - 2015-04-02 09:49 - 00342704 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-15 22:08 - 2015-03-17 15:01 - 03976632 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-04-15 22:08 - 2015-03-17 15:01 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-15 22:08 - 2015-03-17 15:01 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-15 22:08 - 2015-03-17 14:57 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-15 22:08 - 2015-03-17 14:56 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-15 22:08 - 2015-03-17 14:56 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-15 22:08 - 2015-03-17 14:56 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-15 22:08 - 2015-03-17 14:56 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-15 22:08 - 2015-03-17 14:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-15 22:08 - 2015-03-17 14:56 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-15 22:08 - 2015-03-17 14:53 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-15 22:08 - 2015-03-17 14:53 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-15 22:08 - 2015-03-17 14:50 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-15 22:08 - 2015-03-17 14:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-15 22:08 - 2015-03-13 13:27 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-15 22:08 - 2015-03-13 13:20 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-15 22:08 - 2015-03-13 13:16 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-15 22:08 - 2015-03-13 13:09 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-15 22:08 - 2015-03-13 13:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 22:08 - 2015-03-13 12:43 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-15 22:08 - 2015-03-13 12:16 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-15 22:08 - 2015-03-05 14:06 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-15 22:07 - 2015-03-13 13:42 - 19695616 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-15 22:07 - 2015-03-13 13:42 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-15 22:07 - 2015-03-13 13:42 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-15 22:07 - 2015-03-13 13:28 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-15 22:07 - 2015-03-13 13:28 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-15 22:07 - 2015-03-13 13:27 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-15 22:07 - 2015-03-13 13:26 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-15 22:07 - 2015-03-13 13:22 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-15 22:07 - 2015-03-13 13:20 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-15 22:07 - 2015-03-13 13:17 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-15 22:07 - 2015-03-13 13:16 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-15 22:07 - 2015-03-13 13:15 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-15 22:07 - 2015-03-13 13:06 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-15 22:07 - 2015-03-13 12:57 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-15 22:07 - 2015-03-13 12:56 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-15 22:07 - 2015-03-13 12:54 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-15 22:07 - 2015-03-13 12:49 - 04305408 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-15 22:07 - 2015-03-13 12:44 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-15 22:07 - 2015-03-13 12:43 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-15 22:07 - 2015-03-13 12:42 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-15 22:07 - 2015-03-13 12:34 - 12825600 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-15 22:07 - 2015-03-13 12:20 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-15 22:07 - 2015-03-13 12:14 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 03088384 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 02020864 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-15 22:06 - 2015-03-25 13:00 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-15 22:06 - 2015-03-25 13:00 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 22:05 - 2015-03-10 13:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-15 22:05 - 2015-03-10 13:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-15 22:05 - 2015-02-25 13:03 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-07 03:18 - 2015-04-07 03:23 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-06 14:23 - 2015-04-06 14:23 - 00005132 _____ () C:\Users\Owner\Desktop\2015 - Shortcut.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 21:46 - 2012-10-11 20:18 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-05 21:32 - 2010-09-03 06:45 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-05 21:17 - 2012-08-04 10:47 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-05 21:07 - 2009-07-14 14:34 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-05 21:07 - 2009-07-14 14:34 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 19:07 - 2009-07-14 12:37 - 00000000 ____D () C:\windows\AppCompat
2015-05-05 19:03 - 2015-02-02 19:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-05 18:57 - 2009-07-14 12:37 - 00000000 ____D () C:\windows\rescache
2015-05-05 17:31 - 2012-09-06 20:39 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2015-05-05 17:24 - 2010-09-03 06:57 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-05 17:22 - 2010-05-16 17:21 - 01995579 _____ () C:\windows\WindowsUpdate.log
2015-05-05 17:12 - 2010-07-04 12:51 - 00000000 ____D () C:\ProgramData\VMware
2015-05-05 17:12 - 2009-07-14 14:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-05 17:11 - 2009-07-14 14:39 - 00094084 _____ () C:\windows\setupact.log
2015-05-05 06:56 - 2012-10-11 20:18 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-05-05 06:56 - 2012-10-11 20:18 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-16 04:04 - 2009-07-14 12:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-04-16 03:56 - 2011-11-12 17:47 - 00000000 ____D () C:\Users\vmdk
2015-04-16 03:51 - 2015-01-14 06:39 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-16 03:51 - 2014-05-24 11:19 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-16 03:34 - 2009-12-16 05:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 03:32 - 2014-03-04 17:51 - 00000000 ____D () C:\windows\system32\MRT
2015-04-16 03:17 - 2010-06-23 03:01 - 125832184 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-16 03:13 - 2009-12-16 05:39 - 00770968 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-16 03:07 - 2009-07-14 12:04 - 00000478 _____ () C:\windows\win.ini
2015-04-07 14:23 - 2012-08-04 10:53 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2015-04-07 14:23 - 2012-08-04 10:53 - 00000000 ____D () C:\Program Files\AVG Secure Search
2015-04-06 14:21 - 2009-07-14 14:33 - 00510896 _____ () C:\windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2012-07-12 18:28 - 2012-07-12 18:28 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2010-06-23 02:45 - 2010-06-23 02:45 - 0000000 _____ () C:\Users\Owner\AppData\Local\AtStart.txt
2010-06-23 02:45 - 2010-06-23 02:45 - 0000000 _____ () C:\Users\Owner\AppData\Local\DSwitch.txt
2010-06-23 02:45 - 2010-06-23 02:45 - 0000000 _____ () C:\Users\Owner\AppData\Local\QSwitch.txt
2010-09-04 11:08 - 2010-09-04 11:08 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\APNSetup.exe
C:\Users\Owner\AppData\Local\Temp\avguidx.dll
C:\Users\Owner\AppData\Local\Temp\caypzg_y.dll
C:\Users\Owner\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Owner\AppData\Local\Temp\contentDATs.exe
C:\Users\Owner\AppData\Local\Temp\hia-oqss.dll
C:\Users\Owner\AppData\Local\Temp\HPQSi.exe
C:\Users\Owner\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Owner\AppData\Local\Temp\oi_{03AD74B4-FF6D-49AC-9AD4-C9B2EEE9A6BD}.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\tmp223D(1).exe
C:\Users\Owner\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Owner\AppData\Local\Temp\winziprosetup_20130121.exe
C:\Users\Owner\AppData\Local\Temp\{4E99F7B6-BA77-4737-8D3E-950C618A46B8}-21.0.1180.60_20.0.1132.57_chrome_updater.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-05 18:44

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-05-2015
Ran by Owner at 2015-05-05 21:57:49
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3524435906-1736606958-2426872304-500 - Administrator - Disabled)
Guest (S-1-5-21-3524435906-1736606958-2426872304-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3524435906-1736606958-2426872304-1009 - Limited - Enabled)
Owner (S-1-5-21-3524435906-1736606958-2426872304-1002 - Administrator - Enabled) => C:\Users\Owner
vmdk (S-1-5-21-3524435906-1736606958-2426872304-1005 - Administrator - Enabled) => C:\Users\vmdk
__vmware_user__ (S-1-5-21-3524435906-1736606958-2426872304-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Symantec Endpoint Protection (Enabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Symantec Endpoint Protection (Enabled - Out of date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: AVG Internet Security 2015 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActivClient x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4339 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.3.0.885 - AVG Technologies)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
File Sanitizer For HP ProtectTools (HKLM\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.1 - Hewlett-Packard)
Garmin Communicator Plugin (HKLM\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP 3D DriveGuard (HKLM\...\{67C090D6-109A-47D7-8DED-4160C4D96F32}) (Version: 4.0.4.1 - Hewlett-Packard)
HP Business Card Reader (HKLM\...\{FD8234FF-A70D-4632-B146-F41AB37C0B24}) (Version: 0.6.2.0 - Hewlett-Packard)
HP Common Access Service Library (HKLM\...\{58215966-9BA6-485D-B8DA-4AE31150B92E}) (Version: 3.0.37.1 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{FFBDA363-A033-4F32-8DE0-AEF0F105410E}) (Version: 1.0.3.1 - Hewlett-Packard)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP Power Assistant (HKLM\...\{42CF58EC-1E6B-4D0F-B441-55D846FAFD03}) (Version: 1.0.1.12 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.9.1 - Hewlett-Packard)
HP QuickLook (HKLM\...\{BAEE9CD5-A680-43A2-A5FA-6F700C5AD45A}) (Version: 3.1.0.4 - Hewlett-Packard)
HP QuickWeb (HKLM\...\{7861911B-4270-498A-8F7A-FCF0570F4844}) (Version: 1.0.1.45 - DeviceVM, Inc.)
HP Setup (HKLM\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP User Guides 0142 (HKLM\...\{10A11115-4EFC-4E86-BFC1-D53A478556A1}) (Version: 1.01.0001 - Hewlett-Packard)
HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.3 - Hewlett-Packard Company)
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0 - Roxio)
HP Webcam Driver (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.1 - Sonix)
HP Wireless Assistant (HKLM\...\{B747217A-7685-47E8-9B19-DC844E020FBB}) (Version: 4.0.1.10 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6246.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.70.5.3 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.108 - PDF Complete, Inc)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)
Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1C01}) (Version: 12.28.1.169 - APN, LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Symantec Endpoint Protection Small Business Edition (HKLM\...\{47611CAC-79A7-4ED6-8DF8-BA9FDCD98102}) (Version: 12.0.1001.95 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
Theft Recovery (HKLM\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Theft Recovery (Version: 5.1.0.18 - Hewlett-Packard) Hidden
TopYacht TopYacht 10.1.0.55 (HKLM\...\TopYacht) (Version: 10.1.0.55 - TopYacht)
Validity Fingerprint Driver (HKLM\...\{5C3445CE-4D66-4F49-9DAA-123D0ED5658C}) (Version: 4.0.6.0 - Validity Sensors, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VMware Remote Console Plug-in (HKLM\...\{D2F28E39-9813-41D3-8EC9-BAADA38C426D}) (Version: 2.5.0.122581 - VMware, Inc.)
VMware Server (HKLM\...\{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}) (Version: 2.0.0.2712 - VMware, Inc.)
Windows 7 Default Setting (HKLM\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.4 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points =========================

27-02-2015 08:19:12 Scheduled Checkpoint
28-02-2015 03:00:13 Windows Update
04-03-2015 07:46:43 Windows Update
02-04-2015 18:19:24 Windows Update
07-04-2015 03:00:28 Windows Update
16-04-2015 03:01:21 Windows Update
05-05-2015 18:52:31 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:04 - 2009-06-11 07:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A029C67-B7D9-468C-91B1-0792FE7E0FF5} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {0A7868DC-7B63-4822-BEDE-385ADBE3252A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1DFE60E6-1F1F-4105-A7FC-73A3D6B17C66} - System32\Tasks\{5E8C05D7-4790-42D6-92AB-CA7E17A7D312} => pcalua.exe -a C:\Users\Owner\Downloads\jxpiinstall.exe -d C:\Users\Owner\Downloads
Task: {21771AC7-0A5A-47B1-88CD-DD3A1718A429} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {30EC5E1D-4368-40D2-8C4D-DDC49EF7F1A5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {478E9DEE-A4A0-48BB-85FD-A162F9D0D6BD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-05] (Adobe Systems Incorporated)
Task: {7146ABD7-64BF-4754-8C49-73C02B3D4F99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {75D0128F-047E-4BD8-B142-56F525693D92} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {76AF30D4-D0DA-4AE5-A49B-9D95C508A2E6} - System32\Tasks\{00199D0F-B265-4844-87E5-EED17FD09F3C} => C:\Program Files\Skype\Phone\Skype.exe
Task: {A266DC7D-BE40-4756-A417-3A78F845130D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {AEC967F1-8F59-4866-8DE4-DF2170C4D073} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {BF85AC3D-997F-4251-93FA-30AE0ACB1069} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-06-23 13:28 - 2009-11-05 08:39 - 00087552 _____ () C:\windows\System32\cpwmon2k.dll
2015-04-07 14:23 - 2015-04-07 14:23 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2015-04-07 14:23 - 2015-04-07 14:23 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00970288 _____ () C:\Program Files\VMware\VMware Server\libxml2.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00068656 _____ () C:\Program Files\VMware\VMware Server\zlib1.dll
2009-09-05 05:43 - 2009-09-05 05:43 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00322096 _____ () C:\Program Files\VMware\VMware Server\vmware-hostd.exe
2009-10-20 15:22 - 2009-10-20 15:22 - 17091120 _____ () C:\Program Files\VMware\VMware Server\types.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 05196336 _____ () C:\Program Files\VMware\VMware Server\platform.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 01100336 _____ () C:\Program Files\VMware\VMware Server\common.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 02153008 _____ () C:\Program Files\VMware\VMware Server\hostsvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00318000 _____ () C:\Program Files\VMware\VMware Server\internalsvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00653872 _____ () C:\Program Files\VMware\VMware Server\nfcsvc.dll
2009-10-20 14:01 - 2009-10-20 14:01 - 00842288 _____ () C:\Program Files\VMware\VMware Server\libeay32.dll
2009-10-20 14:01 - 2009-10-20 14:01 - 00162352 _____ () C:\Program Files\VMware\VMware Server\ssleay32.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 02894384 _____ () C:\Program Files\VMware\VMware Server\diskLibWrapper.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00178736 _____ () C:\Program Files\VMware\VMware Server\proxysvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00834096 _____ () C:\Program Files\VMware\VMware Server\solo.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00404016 _____ () C:\Program Files\VMware\VMware Server\statssvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00096816 _____ () C:\Program Files\VMware\VMware Server\supportsvc.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 00117296 _____ () C:\Program Files\VMware\VMware Server\vcsvc.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 02767408 _____ () C:\Program Files\VMware\VMware Server\vimsvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 02718256 _____ () C:\Program Files\VMware\VMware Server\vmsvc.dll
2009-11-18 10:32 - 2009-11-18 10:32 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2009-11-18 10:32 - 2009-11-18 10:32 - 00054328 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2009-10-22 10:35 - 2009-10-22 10:35 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2009-10-22 10:35 - 2009-10-22 10:35 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2012-08-04 10:53 - 2015-04-07 14:23 - 02503704 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2014-04-15 20:00 - 2015-04-07 14:23 - 01638424 _____ () C:\Program Files\AVG Secure Search\TBAPI.dll
2009-06-18 05:40 - 2009-06-18 05:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-18 05:40 - 2009-06-18 05:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-18 05:40 - 2009-06-18 05:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2015-02-02 19:05 - 2015-02-02 19:06 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F5C0028C-B857-4AB8-B846-58310EC6643D}] => (Allow) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{8D9A3EB5-2640-464D-8459-6947B0B58976}] => (Allow) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{8FBE17D1-28E8-4C4B-A28D-D031809F8666}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{FC16835E-E323-4DF9-869D-C81752761494}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{1DB8BCF4-1C29-480A-B884-73DF36317700}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{FFA3DE86-386A-40A5-9259-9C8F39C7373E}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{E7B42B44-CD4D-431F-A127-FE7D0CE50F5E}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{78BFA94D-F742-4A9F-A658-03F71007D927}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{6FDB9136-DC4A-4574-AB15-EFE2D56B7CF9}] => (Allow) C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{8E72FE43-C93C-4660-88AF-8C909367E2D6}] => (Allow) C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{0C866D0E-6F87-4663-B38E-3AC8944624C0}] => (Allow) C:\Program Files\Microsoft Office\Office14\outlook.exe
FirewallRules: [{9FC4A8E0-2795-4ED9-92D4-AECD6A15BF68}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-authd.exe
FirewallRules: [{59622046-60AF-4C81-B499-588275C92D5B}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-authd.exe
FirewallRules: [{84F7C5EB-568C-4E18-B7AE-19031C57331B}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-authd.exe
FirewallRules: [{1E431579-1E1E-4685-B40C-EF81E380C764}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-authd.exe
FirewallRules: [{C6223947-F39B-4E6E-AEAF-9F0BF72F00E5}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-hostd.exe
FirewallRules: [{E3AC84D9-C47A-464C-9C0E-E347CFCA31A5}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-hostd.exe
FirewallRules: [{9AF8CB72-F77F-4F38-9BB9-89C4637ADC28}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-hostd.exe
FirewallRules: [{605F5FA0-1512-4B49-B6DE-D62DCE64D4A7}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-hostd.exe
FirewallRules: [{52FF88F4-4C59-4136-B968-3E9DDDFA2692}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{CD5302C2-F3E6-4D37-9D3B-C67B1AFCBAE4}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{6E6C4B70-5053-47F9-BB3B-3F39041C128A}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{6858CB02-877E-4232-90FD-F7FFA3C62C5D}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{A05DAAF6-8A43-4D78-95AE-1735F7572A4A}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CA856CE3-1824-4292-8885-35D190013EAF}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{690C176B-5C83-441D-8617-BC83F33195D0}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{E8040955-5B4D-4B68-8BBC-4ACCF0597BCD}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C26F446D-8540-4C00-9A4E-5DE585A078F1}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{F90FD43E-626D-42E8-ACCE-A9C7502603CA}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{48500051-742E-44F4-83FE-7C934DC32977}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E05F0D5C-6FF0-4392-8447-6B1EF5FE668D}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{F9EDC890-9AB6-4276-9FD9-E5C80321ABA2}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{3F155C06-0F6C-4FAE-B4A5-F61B02323394}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{471166CB-ABE5-40FC-A70E-719E4D5CE286}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EA28C706-24EC-48BB-AB94-2AD3D671DBC2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2015 08:53:50 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (05/05/2015 07:05:22 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (05/05/2015 05:14:54 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (05/05/2015 05:14:52 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

Error: (05/05/2015 06:07:00 AM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (05/05/2015 06:06:59 AM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

Error: (04/16/2015 03:56:44 AM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (04/16/2015 03:56:43 AM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

Error: (04/16/2015 03:05:38 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalog

Error: (04/13/2015 11:43:23 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (05/05/2015 05:15:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
%%2

Error: (05/05/2015 05:13:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/05/2015 05:12:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ricoh xD-Picture Card Driver service failed to start due to the following error:
%%1058

Error: (05/05/2015 05:12:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%1058

Error: (05/05/2015 05:12:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimmptsk service failed to start due to the following error:
%%1058

Error: (05/05/2015 07:57:43 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

Error: (05/05/2015 07:01:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.

Error: (05/05/2015 06:08:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
%%2

Error: (05/05/2015 06:07:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/05/2015 06:05:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ricoh xD-Picture Card Driver service failed to start due to the following error:
%%1058

Microsoft Office Sessions:
=========================
Error: (05/05/2015 08:53:50 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files\topyacht10\DelZip179.dllc:\program files\topyacht10\DelZip179.dll8

Error: (05/05/2015 07:05:22 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files\topyacht10\DelZip179.dllc:\program files\topyacht10\DelZip179.dll8

Error: (05/05/2015 05:14:54 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (05/05/2015 05:14:52 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

Error: (05/05/2015 06:07:00 AM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (05/05/2015 06:06:59 AM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

Error: (04/16/2015 03:56:44 AM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (04/16/2015 03:56:43 AM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

Error: (04/16/2015 03:05:38 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context: Application, SystemIndex Catalog

Error: (04/13/2015 11:43:23 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files\topyacht10\DelZip179.dllc:\program files\topyacht10\DelZip179.dll8

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 70%
Total physical RAM: 1909.87 MB
Available physical RAM: 556.14 MB
Total Pagefile: 3819.74 MB
Available Pagefile: 1346.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:215.59 GB) (Free:118.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.49 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 0CFD2A45)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=215.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

#4
zep516

Posted 05 May 2015 - 03:02 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,
You have Two Anti Virus programs running.
1-Symantec Endpoint Protection.
2-AVG AntiVirus Free Edition 2015.

The real-time protection of two antivirus programs may conflict with each other and cause the following:

False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

I'm going to guess that is an old out dated version of Symantec End point protection, and you're currently using AVG2015. If that's true then;

Please remove these programs from your programs an features list, Start > Control panel > Programs an features. In the list find the program listed below and uninstall it.
Symantec Endpoint Protection Small Business Edition.
LiveUpdate 3.3 (Symantec Corporation).
Java 7 Update 15.
Search App by Ask. If a program will not remove skip it and keep following instructions please.

Next
Download the Norton Removal Tool from Here
Save the file onto your desktop. On some browsers, the file is automatically saved to its default location.
Double-click the Norton Removal Tool icon.
Follow the on-screen instructions.
Restart your computer.

Let me know when that is done.

#5
Sailing Captain

Posted 07 May 2015 - 03:16 AM

Member

Topic Starter
Member
15 posts

Hi Zep,

Unistalled all the programs including Norton.

On restarting, Symantics appeared to try to open aweb page. i just closed it before it loaded. Not sure if this means anything but thought i would let you know.

Let me know if there is anything else i should carry out. Thanks for your help,

Craig

#6
zep516

Posted 07 May 2015 - 06:09 AM

Trusted Helper

Malware Removal
8,090 posts

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner
Next

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
- The AdwCleaner [SO].txt Log
- The JRT.txt Log
Thanks
Joe

#7
Sailing Captain

Posted 09 May 2015 - 05:32 AM

Member

Topic Starter
Member
15 posts

Hi Joe,

Below are the test logs.

Thanks again

Craig

# AdwCleaner v4.203 - Logfile created 09/05/2015 at 20:17:52
# Updated 30/04/2015 by Xplode
# Database : 2015-04-30.2 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Owner - TCYCSEC
# Running from : C:\Users\Owner\Downloads\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\file scout
Folder Deleted : C:\Program Files\WinZip Registry Optimizer
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Owner\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

-\\ Mozilla Firefox v37.0.2 (x86 en-GB)

[21yq0f6p.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[21yq0f6p.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"[email protected]\":{\"d\":\"C:\\\\Users\\\\Owner\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\21yq0f6p.default\\\\extensions\\\[...]

-\\ Google Chrome v42.0.2311.135

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={5401E5EE-B75B-4468-9C72-5D50A0AF12F3}&mid=5ca6ff34d3d447d0bdddd1191024e9fb-0842cb436408878ae7d48485c134bc78699d9bda&lang=en&ds=AVG&coid=%COBRAND%&cmpid=%CMPID%&pr=fr&d=2012-08-04 10:53:29&v=18.0.5.292&pid=avg&sg=&sap=dsp&q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [7044 bytes] - [09/05/2015 20:13:49]
AdwCleaner[S0].txt - [7139 bytes] - [09/05/2015 20:17:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7198 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.9 (05.08.2015:1)
OS: Windows 7 Professional x86
Ran by Owner on Sat 09/05/2015 at 21:26:37.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/05/2015 at 21:29:00.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#8
zep516

Posted 09 May 2015 - 03:05 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to the following:
Enable free trial of Malwarebytes Anti-Malware Premium
Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
Reboot your computer if prompted.

Posting the Malwarebytes log.

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

#9
Sailing Captain

Posted 12 May 2015 - 04:36 AM

Member

Topic Starter
Member
15 posts

Hi Joe,

I appreciate your assistance.

I believe I have attached the file. I'd appreciate it if you can let me know the next step.

Thanks again,

Craig

Attached Files

20150512.txt 1.04KB 197 downloads

#10
zep516

Posted 13 May 2015 - 04:37 PM

Trusted Helper

Malware Removal
8,090 posts

Thanks. I'll post the log for my own reference. Instructions to follow below:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/05/2015
Scan Time: 6:13:43 PM
Logfile: 20150512.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.12.01
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372650
Time Elapsed: 24 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Next
Clean out your temporary internet files and temp files.
To do that;
Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exeto your desktop.
Right click on TFC.exe Run as administrator.
TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Next

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Right click "Run as administrator" When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Post in your next reply;
FRST.txt
Additions.txt

Thanks
Joe

#11
Sailing Captain

Posted 14 May 2015 - 04:55 AM

Member

Topic Starter
Member
15 posts

#12
Sailing Captain

Posted 14 May 2015 - 04:58 AM

Member

Topic Starter
Member
15 posts

Hi Joe,

Logs below. It must sound repetative but thanks anyway.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2015 01
Ran by Owner (administrator) on TCYCSEC on 14-05-2015 20:52:21
Running from C:\Computer maintenance
Loaded Profiles: Owner (Available profiles: Owner & vmdk)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Computer maintenance\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Computer maintenance\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(Apache Software Foundation) C:\Program Files\VMware\VMware Server\tomcat\bin\tomcat6.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Server\vmware-authd.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files\VMware\VMware Server\vmware-hostd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Computer maintenance\Malwarebytes Anti-Malware\mbam.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-26] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-19] (PDF Complete Inc)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-10-22] (Hewlett-Packard)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-04] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-04] (ActivIdentity)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11264000 2009-11-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2009-10-13] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\runonceex: [ContentMerger] => c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-18] (Hewlett-Packard Company)
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\...\MountPoints2: {4c6ea55a-0d29-11e2-8892-005056c00008} - H:\unlock.exe autoplay=true
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-05-16]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-02-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tcyc.yachting.org.au/
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> {79FFDB77-A890-479F-8BCB-CFFF0E769EE6} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002 -> {08DAC94C-BB76-4906-82A2-57FDFD86AE09} URL = http://www.google.co...age={startPage}
SearchScopes: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002 -> {79FFDB77-A890-479F-8BCB-CFFF0E769EE6} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-11-05] (Hewlett-Packard)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-16] (Oracle Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-16] (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\21yq0f6p.default
FF Homepage: https://webmail.optu...nsvillesailing/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-05] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\windows\system32\npDeployJava1.dll [2013-02-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-01-31] (Apple Inc.)
FF Extension: VMware Remote Console Plug-in - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\21yq0f6p.default\Extensions\[email protected] [2010-07-04]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-05-05]
FF HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-04] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-08-04] (LSI Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [101944 2009-11-18] (Hewlett-Packard)
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [101944 2009-10-22] (Hewlett-Packard)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-11-05] (Hewlett-Packard) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Computer maintenance\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Computer maintenance\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-19] (PDF Complete Inc)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\STacSV.exe [221266 2009-10-13] (IDT, Inc.)
R2 vcsFPService; C:\windows\system32\vcsFPService.exe [1639728 2009-10-07] (Validity Sensors, Inc.)
R2 VMAuthdService; C:\Program Files\VMware\VMware Server\vmware-authd.exe [121392 2009-10-20] (VMware, Inc.)
R2 VMnetDHCP; C:\windows\system32\vmnetdhcp.exe [326192 2009-10-20] (VMware, Inc.)
R2 VMware NAT Service; C:\windows\system32\vmnat.exe [399920 2009-10-20] (VMware, Inc.)
R2 VMwareHostd; C:\Program Files\VMware\VMware Server\vmware-hostd.exe [322096 2009-10-20] ()
R2 VMwareServerWebAccess; C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe [57344 2009-10-21] (Apache Software Foundation) [File not signed]
S3 vmwriter; C:\Program Files\VMware\VMware Server\vmVssWriter.exe [22528 2009-10-20] (VMware, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 yksvc; C:\windows\System32\yk62x86.dll [364544 2009-09-28] (Marvell)
S2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
S2 vToolbarUpdater18.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [213784 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R2 hcmon; C:\windows\system32\drivers\hcmon.sys [32304 2009-10-20] (VMware, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]
R2 risdpcie; C:\windows\System32\DRIVERS\risdpe86.sys [47616 2009-10-29] (REDC)
R2 rixdpcie; C:\windows\System32\DRIVERS\rixdpe86.sys [38912 2009-09-29] (REDC)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-09-18] ()
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
R3 VMnetAdapter; C:\windows\System32\DRIVERS\vmnetadapter.sys [16560 2009-10-20] (VMware, Inc.)
R2 VMnetBridge; C:\windows\System32\DRIVERS\vmnetbridge.sys [31280 2009-10-20] (VMware, Inc.)
R2 VMnetuserif; C:\windows\system32\drivers\vmnetuserif.sys [26288 2009-10-20] (VMware, Inc.)
R2 VMparport; C:\windows\system32\Drivers\VMparport.sys [14896 2009-10-20] (VMware, Inc.)
R2 vmx86; C:\windows\system32\Drivers\vmx86.sys [857520 2009-10-20] (VMware, Inc.)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U4 Avgfwfd; system32\DRIVERS\avgfwd6x.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 20:52 - 2015-05-14 20:52 - 00000000 ____D () C:\c15540e38cae7d505992
2015-05-14 19:46 - 2015-02-18 17:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-12 18:12 - 2015-05-14 20:43 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-12 18:12 - 2015-05-12 18:12 - 00000916 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-12 18:12 - 2015-05-12 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-12 18:12 - 2015-05-12 18:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-12 18:12 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-12 18:12 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-12 18:12 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-12 18:09 - 2015-05-14 20:49 - 00000000 ____D () C:\Computer maintenance
2015-05-09 21:29 - 2015-05-09 21:30 - 00000608 _____ () C:\Users\Owner\Desktop\JRT.txt
2015-05-09 21:26 - 2015-05-09 21:26 - 00000207 _____ () C:\windows\tweaking.com-regbackup-TCYCSEC-Windows-7-Professional-(32-bit).dat
2015-05-09 21:26 - 2015-05-09 21:26 - 00000000 ____D () C:\RegBackup
2015-05-09 20:12 - 2015-05-09 20:18 - 00000000 ____D () C:\AdwCleaner
2015-05-07 18:56 - 2015-05-07 18:57 - 00896048 _____ () C:\Users\Owner\Downloads\Norton_Removal_Tool.exe
2015-05-07 18:52 - 2014-12-16 21:54 - 00176552 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2015-05-07 18:52 - 2014-12-16 21:54 - 00176552 _____ (Oracle Corporation) C:\windows\system32\java.exe
2015-05-07 18:52 - 2014-12-16 21:54 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-05-07 18:52 - 2013-02-26 22:19 - 00861088 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2015-05-07 18:52 - 2013-02-26 22:19 - 00782240 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2015-05-05 21:54 - 2015-05-14 20:52 - 00000000 ____D () C:\FRST
2015-05-05 19:03 - 2015-05-05 19:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-15 22:09 - 2015-03-23 13:06 - 00860160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-15 22:09 - 2015-03-23 13:06 - 00630784 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-15 22:09 - 2015-03-23 13:06 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-15 22:09 - 2015-03-23 13:06 - 00331264 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-15 22:09 - 2015-03-23 13:06 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-15 22:09 - 2015-03-23 13:06 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-15 22:09 - 2015-03-23 13:06 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-15 22:09 - 2015-03-23 12:59 - 00896000 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-15 22:09 - 2015-03-17 15:01 - 03920824 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-15 22:09 - 2015-03-17 14:59 - 01306112 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-15 22:09 - 2015-03-04 14:16 - 00249784 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-15 22:09 - 2015-03-04 14:10 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-15 22:08 - 2015-04-02 09:49 - 00342704 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-15 22:08 - 2015-03-17 15:01 - 03976632 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-04-15 22:08 - 2015-03-17 15:01 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-15 22:08 - 2015-03-17 15:01 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-15 22:08 - 2015-03-17 14:57 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-15 22:08 - 2015-03-17 14:57 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-15 22:08 - 2015-03-17 14:56 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-15 22:08 - 2015-03-17 14:56 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-15 22:08 - 2015-03-17 14:56 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-15 22:08 - 2015-03-17 14:56 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-15 22:08 - 2015-03-17 14:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-15 22:08 - 2015-03-17 14:56 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-15 22:08 - 2015-03-17 14:53 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-15 22:08 - 2015-03-17 14:53 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-15 22:08 - 2015-03-17 14:50 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-15 22:08 - 2015-03-17 14:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-15 22:08 - 2015-03-13 13:27 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-15 22:08 - 2015-03-13 13:20 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-15 22:08 - 2015-03-13 13:16 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-15 22:08 - 2015-03-13 13:09 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-15 22:08 - 2015-03-13 13:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 22:08 - 2015-03-13 12:43 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-15 22:08 - 2015-03-13 12:16 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-15 22:08 - 2015-03-05 14:06 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-15 22:07 - 2015-03-13 13:42 - 19695616 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-15 22:07 - 2015-03-13 13:42 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-15 22:07 - 2015-03-13 13:42 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-15 22:07 - 2015-03-13 13:28 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-15 22:07 - 2015-03-13 13:28 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-15 22:07 - 2015-03-13 13:27 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-15 22:07 - 2015-03-13 13:26 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-15 22:07 - 2015-03-13 13:22 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-15 22:07 - 2015-03-13 13:20 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-15 22:07 - 2015-03-13 13:17 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-15 22:07 - 2015-03-13 13:16 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-15 22:07 - 2015-03-13 13:15 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-15 22:07 - 2015-03-13 13:06 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-15 22:07 - 2015-03-13 12:57 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-15 22:07 - 2015-03-13 12:56 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-15 22:07 - 2015-03-13 12:54 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-15 22:07 - 2015-03-13 12:49 - 04305408 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-15 22:07 - 2015-03-13 12:44 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-15 22:07 - 2015-03-13 12:43 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-15 22:07 - 2015-03-13 12:42 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-15 22:07 - 2015-03-13 12:34 - 12825600 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-15 22:07 - 2015-03-13 12:20 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-15 22:07 - 2015-03-13 12:14 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 03088384 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 02020864 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-15 22:06 - 2015-03-25 13:00 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-15 22:06 - 2015-03-25 13:00 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-15 22:06 - 2015-03-25 13:00 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 22:05 - 2015-03-10 13:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-15 22:05 - 2015-03-10 13:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-15 22:05 - 2015-02-25 13:03 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 20:52 - 2010-05-16 17:21 - 01381939 _____ () C:\windows\WindowsUpdate.log
2015-05-14 20:52 - 2009-07-14 12:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-05-14 20:47 - 2009-12-16 05:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 20:46 - 2012-10-11 20:18 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-14 20:32 - 2010-09-03 06:45 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-14 20:03 - 2009-07-14 14:34 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 20:03 - 2009-07-14 14:34 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 19:55 - 2010-07-04 12:51 - 00000000 ____D () C:\ProgramData\VMware
2015-05-14 19:55 - 2009-07-14 14:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-14 19:55 - 2009-07-14 14:39 - 00094476 _____ () C:\windows\setupact.log
2015-05-14 19:15 - 2012-08-04 10:47 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-14 19:10 - 2010-06-25 15:53 - 00145774 _____ () C:\windows\PFRO.log
2015-05-07 19:05 - 2012-05-07 08:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-07 18:52 - 2013-02-26 22:19 - 00000000 ____D () C:\Program Files\Java
2015-05-07 18:44 - 2010-06-25 14:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-05-05 19:07 - 2009-07-14 12:37 - 00000000 ____D () C:\windows\AppCompat
2015-05-05 18:57 - 2009-07-14 12:37 - 00000000 ____D () C:\windows\rescache
2015-05-05 17:31 - 2012-09-06 20:39 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2015-05-05 17:24 - 2010-09-03 06:57 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-05 06:56 - 2012-10-11 20:18 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-05-05 06:56 - 2012-10-11 20:18 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-16 03:56 - 2011-11-12 17:47 - 00000000 ____D () C:\Users\vmdk
2015-04-16 03:51 - 2015-01-14 06:39 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-16 03:51 - 2014-05-24 11:19 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-16 03:32 - 2014-03-04 17:51 - 00000000 ____D () C:\windows\system32\MRT
2015-04-16 03:17 - 2010-06-23 03:01 - 125832184 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-16 03:13 - 2009-12-16 05:39 - 00770968 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-16 03:07 - 2009-07-14 12:04 - 00000478 _____ () C:\windows\win.ini

==================== Files in the root of some directories =======

2012-07-12 18:28 - 2012-07-12 18:28 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2010-06-23 02:45 - 2010-06-23 02:45 - 0000000 _____ () C:\Users\Owner\AppData\Local\AtStart.txt
2010-06-23 02:45 - 2010-06-23 02:45 - 0000000 _____ () C:\Users\Owner\AppData\Local\DSwitch.txt
2010-06-23 02:45 - 2010-06-23 02:45 - 0000000 _____ () C:\Users\Owner\AppData\Local\QSwitch.txt
2010-09-04 11:08 - 2010-09-04 11:08 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-05 18:44

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2015 01
Ran by Owner at 2015-05-14 20:53:39
Running from C:\Computer maintenance
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3524435906-1736606958-2426872304-500 - Administrator - Disabled)
Guest (S-1-5-21-3524435906-1736606958-2426872304-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3524435906-1736606958-2426872304-1009 - Limited - Enabled)
Owner (S-1-5-21-3524435906-1736606958-2426872304-1002 - Administrator - Enabled) => C:\Users\Owner
vmdk (S-1-5-21-3524435906-1736606958-2426872304-1005 - Administrator - Enabled) => C:\Users\vmdk
__vmware_user__ (S-1-5-21-3524435906-1736606958-2426872304-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActivClient x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4342 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
File Sanitizer For HP ProtectTools (HKLM\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.1 - Hewlett-Packard)
Garmin Communicator Plugin (HKLM\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP 3D DriveGuard (HKLM\...\{67C090D6-109A-47D7-8DED-4160C4D96F32}) (Version: 4.0.4.1 - Hewlett-Packard)
HP Business Card Reader (HKLM\...\{FD8234FF-A70D-4632-B146-F41AB37C0B24}) (Version: 0.6.2.0 - Hewlett-Packard)
HP Common Access Service Library (HKLM\...\{58215966-9BA6-485D-B8DA-4AE31150B92E}) (Version: 3.0.37.1 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{FFBDA363-A033-4F32-8DE0-AEF0F105410E}) (Version: 1.0.3.1 - Hewlett-Packard)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP Power Assistant (HKLM\...\{42CF58EC-1E6B-4D0F-B441-55D846FAFD03}) (Version: 1.0.1.12 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.9.1 - Hewlett-Packard)
HP QuickLook (HKLM\...\{BAEE9CD5-A680-43A2-A5FA-6F700C5AD45A}) (Version: 3.1.0.4 - Hewlett-Packard)
HP QuickWeb (HKLM\...\{7861911B-4270-498A-8F7A-FCF0570F4844}) (Version: 1.0.1.45 - DeviceVM, Inc.)
HP Setup (HKLM\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP User Guides 0142 (HKLM\...\{10A11115-4EFC-4E86-BFC1-D53A478556A1}) (Version: 1.01.0001 - Hewlett-Packard)
HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.3 - Hewlett-Packard Company)
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0 - Roxio)
HP Webcam Driver (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.1 - Sonix)
HP Wireless Assistant (HKLM\...\{B747217A-7685-47E8-9B19-DC844E020FBB}) (Version: 4.0.1.10 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6246.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.70.5.3 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-GB) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-GB)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.108 - PDF Complete, Inc)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)
Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
Theft Recovery (HKLM\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Theft Recovery (Version: 5.1.0.18 - Hewlett-Packard) Hidden
TopYacht TopYacht 10.1.0.55 (HKLM\...\TopYacht) (Version: 10.1.0.55 - TopYacht)
Validity Fingerprint Driver (HKLM\...\{5C3445CE-4D66-4F49-9DAA-123D0ED5658C}) (Version: 4.0.6.0 - Validity Sensors, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VMware Remote Console Plug-in (HKLM\...\{D2F28E39-9813-41D3-8EC9-BAADA38C426D}) (Version: 2.5.0.122581 - VMware, Inc.)
VMware Server (HKLM\...\{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}) (Version: 2.0.0.2712 - VMware, Inc.)
Windows 7 Default Setting (HKLM\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.4 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points =========================

02-04-2015 18:19:24 Windows Update
07-04-2015 03:00:28 Windows Update
16-04-2015 03:01:21 Windows Update
05-05-2015 18:52:31 Scheduled Checkpoint
07-05-2015 18:32:58 Removed Symantec Endpoint Protection Small Business Edition.
07-05-2015 18:49:14 Removed Java 7 Update 15
09-05-2015 19:47:21 Windows Update
14-05-2015 20:45:21 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:04 - 2009-06-11 07:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A029C67-B7D9-468C-91B1-0792FE7E0FF5} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {0A7868DC-7B63-4822-BEDE-385ADBE3252A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1DFE60E6-1F1F-4105-A7FC-73A3D6B17C66} - System32\Tasks\{5E8C05D7-4790-42D6-92AB-CA7E17A7D312} => pcalua.exe -a C:\Users\Owner\Downloads\jxpiinstall.exe -d C:\Users\Owner\Downloads
Task: {21771AC7-0A5A-47B1-88CD-DD3A1718A429} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {30EC5E1D-4368-40D2-8C4D-DDC49EF7F1A5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {478E9DEE-A4A0-48BB-85FD-A162F9D0D6BD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-05] (Adobe Systems Incorporated)
Task: {7146ABD7-64BF-4754-8C49-73C02B3D4F99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {75D0128F-047E-4BD8-B142-56F525693D92} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {76AF30D4-D0DA-4AE5-A49B-9D95C508A2E6} - System32\Tasks\{00199D0F-B265-4844-87E5-EED17FD09F3C} => C:\Program Files\Skype\Phone\Skype.exe
Task: {A266DC7D-BE40-4756-A417-3A78F845130D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {AEC967F1-8F59-4866-8DE4-DF2170C4D073} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {BF85AC3D-997F-4251-93FA-30AE0ACB1069} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-06-23 13:28 - 2009-11-05 08:39 - 00087552 _____ () C:\windows\System32\cpwmon2k.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00970288 _____ () C:\Program Files\VMware\VMware Server\libxml2.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00068656 _____ () C:\Program Files\VMware\VMware Server\zlib1.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00322096 _____ () C:\Program Files\VMware\VMware Server\vmware-hostd.exe
2009-10-20 15:22 - 2009-10-20 15:22 - 17091120 _____ () C:\Program Files\VMware\VMware Server\types.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 05196336 _____ () C:\Program Files\VMware\VMware Server\platform.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 01100336 _____ () C:\Program Files\VMware\VMware Server\common.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 02153008 _____ () C:\Program Files\VMware\VMware Server\hostsvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00318000 _____ () C:\Program Files\VMware\VMware Server\internalsvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00653872 _____ () C:\Program Files\VMware\VMware Server\nfcsvc.dll
2009-10-20 14:01 - 2009-10-20 14:01 - 00842288 _____ () C:\Program Files\VMware\VMware Server\libeay32.dll
2009-10-20 14:01 - 2009-10-20 14:01 - 00162352 _____ () C:\Program Files\VMware\VMware Server\ssleay32.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 02894384 _____ () C:\Program Files\VMware\VMware Server\diskLibWrapper.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00178736 _____ () C:\Program Files\VMware\VMware Server\proxysvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00834096 _____ () C:\Program Files\VMware\VMware Server\solo.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00404016 _____ () C:\Program Files\VMware\VMware Server\statssvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 00096816 _____ () C:\Program Files\VMware\VMware Server\supportsvc.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 00117296 _____ () C:\Program Files\VMware\VMware Server\vcsvc.dll
2009-10-20 15:22 - 2009-10-20 15:22 - 02767408 _____ () C:\Program Files\VMware\VMware Server\vimsvc.dll
2009-10-20 15:21 - 2009-10-20 15:21 - 02718256 _____ () C:\Program Files\VMware\VMware Server\vmsvc.dll
2009-09-05 05:43 - 2009-09-05 05:43 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-11-18 10:32 - 2009-11-18 10:32 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2009-11-18 10:32 - 2009-11-18 10:32 - 00054328 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2009-10-22 10:35 - 2009-10-22 10:35 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2009-10-22 10:35 - 2009-10-22 10:35 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2009-06-18 05:40 - 2009-06-18 05:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-18 05:40 - 2009-06-18 05:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-18 05:40 - 2009-06-18 05:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F5C0028C-B857-4AB8-B846-58310EC6643D}] => (Allow) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{8D9A3EB5-2640-464D-8459-6947B0B58976}] => (Allow) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{9FC4A8E0-2795-4ED9-92D4-AECD6A15BF68}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-authd.exe
FirewallRules: [{59622046-60AF-4C81-B499-588275C92D5B}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-authd.exe
FirewallRules: [{84F7C5EB-568C-4E18-B7AE-19031C57331B}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-authd.exe
FirewallRules: [{1E431579-1E1E-4685-B40C-EF81E380C764}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-authd.exe
FirewallRules: [{C6223947-F39B-4E6E-AEAF-9F0BF72F00E5}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-hostd.exe
FirewallRules: [{E3AC84D9-C47A-464C-9C0E-E347CFCA31A5}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-hostd.exe
FirewallRules: [{9AF8CB72-F77F-4F38-9BB9-89C4637ADC28}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-hostd.exe
FirewallRules: [{605F5FA0-1512-4B49-B6DE-D62DCE64D4A7}] => (Allow) C:\Program Files\VMware\VMware Server\vmware-hostd.exe
FirewallRules: [{52FF88F4-4C59-4136-B968-3E9DDDFA2692}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{CD5302C2-F3E6-4D37-9D3B-C67B1AFCBAE4}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{6E6C4B70-5053-47F9-BB3B-3F39041C128A}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{6858CB02-877E-4232-90FD-F7FFA3C62C5D}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{A05DAAF6-8A43-4D78-95AE-1735F7572A4A}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CA856CE3-1824-4292-8885-35D190013EAF}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{690C176B-5C83-441D-8617-BC83F33195D0}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{E8040955-5B4D-4B68-8BBC-4ACCF0597BCD}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C26F446D-8540-4C00-9A4E-5DE585A078F1}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{F90FD43E-626D-42E8-ACCE-A9C7502603CA}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{48500051-742E-44F4-83FE-7C934DC32977}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E05F0D5C-6FF0-4392-8447-6B1EF5FE668D}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{F9EDC890-9AB6-4276-9FD9-E5C80321ABA2}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{3F155C06-0F6C-4FAE-B4A5-F61B02323394}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{471166CB-ABE5-40FC-A70E-719E4D5CE286}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EA28C706-24EC-48BB-AB94-2AD3D671DBC2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{DA90239A-9366-47E9-8738-2065E8FC110D}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS1C75.tmp\SymNRT.exe
FirewallRules: [{ABFA52A9-BF2F-42DB-AC7A-04D31C9E3E7E}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS1C75.tmp\SymNRT.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2015 08:51:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 14.5.2015.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 744

Start Time: 01d08e33a09a3d41

Termination Time: 0

Application Path: C:\Computer maintenance\FRST.exe

Report Id: 1567a20d-fa27-11e4-876d-002713d4677e

Error: (05/14/2015 07:55:49 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (05/14/2015 07:55:48 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

Error: (05/14/2015 07:11:44 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (05/14/2015 07:11:41 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

Error: (05/12/2015 07:15:24 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (05/12/2015 05:58:54 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (05/12/2015 05:58:52 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

Error: (05/09/2015 08:21:15 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (05/09/2015 08:21:13 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

System errors:
=============
Error: (05/14/2015 08:52:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80080005: Security Update for Windows 7 (KB3046002).

Error: (05/14/2015 08:52:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/14/2015 07:57:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
%%2

Error: (05/14/2015 07:56:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/14/2015 07:55:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.3.0 service failed to start due to the following error:
%%2

Error: (05/14/2015 07:55:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ricoh xD-Picture Card Driver service failed to start due to the following error:
%%1058

Error: (05/14/2015 07:55:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%1058

Error: (05/14/2015 07:55:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimmptsk service failed to start due to the following error:
%%1058

Error: (05/14/2015 07:13:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
%%2

Error: (05/14/2015 07:12:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (05/14/2015 08:51:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe14.5.2015.174401d08e33a09a3d410C:\Computer maintenance\FRST.exe1567a20d-fa27-11e4-876d-002713d4677e

Error: (05/14/2015 07:55:49 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (05/14/2015 07:55:48 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

Error: (05/14/2015 07:11:44 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (05/14/2015 07:11:41 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

Error: (05/12/2015 07:15:24 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files\topyacht10\DelZip179.dllc:\program files\topyacht10\DelZip179.dll8

Error: (05/12/2015 05:58:54 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (05/12/2015 05:58:52 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

Error: (05/09/2015 08:21:15 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\tcyc\tcyc.vmx

Error: (05/09/2015 08:21:13 PM) (Source: vmauthd) (EventID: 100) (User: )
Description: Cannot connect to VMX: C:\Virtual Machines\toshiba\toshiba.vmx

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 81%
Total physical RAM: 1909.87 MB
Available physical RAM: 361.81 MB
Total Pagefile: 3819.74 MB
Available Pagefile: 1528.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:215.59 GB) (Free:125.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.49 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 0CFD2A45)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=215.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

#13
zep516

Posted 15 May 2015 - 05:17 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
S2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
S2 vToolbarUpdater18.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
C:\windows\System32\drivers\MfeAVFK.sys 
C:\windows\System32\drivers\MfeBOPK.sys 
C:\windows\System32\drivers\mfehidk.sys 
C:\windows\System32\drivers\MfeRKDK.sys 
C:\windows\System32\drivers\mfetdik.sys 
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
hosts:
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

In your next reply post;
Fixlog.txt, found on desktop after fix has run.

Thanks
Joe

#14
Sailing Captain

Posted 18 May 2015 - 05:02 AM

Member

Topic Starter
Member
15 posts

Hi Joe,

Below is the next log. Thanks as usually

Craig

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-05-2015 02
Ran by Owner at 2015-05-18 20:38:24 Run:1
Running from C:\Computer maintenance
Loaded Profiles: Owner (Available profiles: Owner & vmdk)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
S2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
S2 vToolbarUpdater18.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
C:\windows\System32\drivers\MfeAVFK.sys
C:\windows\System32\drivers\MfeBOPK.sys
C:\windows\System32\drivers\mfehidk.sys
C:\windows\System32\drivers\MfeRKDK.sys
C:\windows\System32\drivers\mfetdik.sys
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => value deleted successfully.
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Key not found.
HKU\S-1-5-21-3524435906-1736606958-2426872304-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B94C2238-346E-4C5E-9B36-8CC627F35574}" => Key deleted successfully.
"HKCR\CLSID\{B94C2238-346E-4C5E-9B36-8CC627F35574}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
HP Health Check Service => Service deleted successfully.
vToolbarUpdater18.3.0 => Service deleted successfully.
MfeAVFK => Service deleted successfully.
MfeBOPK => Service deleted successfully.
mfehidk => Unable to stop service
mfehidk => Service deleted successfully.
MfeRKDK => Service deleted successfully.
mfetdik => Unable to stop service
mfetdik => Service deleted successfully.
C:\windows\System32\drivers\MfeAVFK.sys => Moved successfully.
C:\windows\System32\drivers\MfeBOPK.sys => Moved successfully.
C:\windows\System32\drivers\mfehidk.sys => Moved successfully.
C:\windows\System32\drivers\MfeRKDK.sys => Moved successfully.
C:\windows\System32\drivers\mfetdik.sys => Moved successfully.
"HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
"HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.
"HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}" => Key deleted successfully.
"HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}" => Key deleted successfully.
"HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
"HKU\S-1-5-21-3524435906-1736606958-2426872304-1002_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys" => Key deleted successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 37.5 MB temporary data.

The system needed a reboot.

==== End of Fixlog 20:40:08 ====