[Feather24]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27/06/2015
Scan Time: 22:41
Logfile: MBAM.TXT
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.06.27.05
Rootkit Database: v2015.06.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Frances

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348662
Time Elapsed: 20 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[Advertisements]

Hi

If ESET found nothing, then no need to post the log. I'd like to get a final look with FRST and then run some hard drive maintenance.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with FRST

Start FRST and check the Addition.txt box and then press scan. FRST will produce two logs, FRST.txt and Addition.txt. Please post them both in your next reply.


Step 2: Chkdsk

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt

[pystryker]

Hi

If ESET found nothing, then no need to post the log. I'd like to get a final look with FRST and then run some hard drive maintenance.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with FRST

Start FRST and check the Addition.txt box and then press scan. FRST will produce two logs, FRST.txt and Addition.txt. Please post them both in your next reply.


Step 2: Chkdsk

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt

[Feather24]

Hi, I've been delayed because the ESET program took nearly 12hrs to run!! It found over 50 infected files.

 

Now I'm off to bed I'm afraid and will have to finish off tomorrow.

 

Here it is: 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2542fa97eb0a304b90e3beaff0cf6d31
# end=init
# utc_time=2015-06-27 10:12:56
# local_time=2015-06-27 11:12:56 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24536
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2542fa97eb0a304b90e3beaff0cf6d31
# end=updated
# utc_time=2015-06-27 10:18:00
# local_time=2015-06-27 11:18:00 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2542fa97eb0a304b90e3beaff0cf6d31
# engine=24536
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-27 10:43:22
# local_time=2015-06-27 11:43:22 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2015'
# compatibility_mode=1053 16777213 100 100 27644 122575386 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 61848659 187911393 0 0
# scanned=64159
# found=8
# cleaned=0
# scan_time=1521
sh=B7EE482B8B274F502D6FE7820444674475FF99A2 ft=1 fh=8a8ff7b699777709 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Desktop\FreeVideoToJPGConverter.exe"
sh=33EA1BD2407EFF593F73E8B5724CDB5EBEFB55BC ft=1 fh=bff8161c3cd3bb33 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\My Documents\W clement stone ebook.exe"
sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\My Documents\My Documents\Health\Markus raw food\ccsetup403.exe"
sh=5DB915FB12436588F63BCBF035A0B6DE0F19A7E3 ft=1 fh=ac1fbf363d79998b vn="a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application" ac=I fn="C:\My Documents\My Documents\Health\Markus raw food\iLividSetupV1 (1).exe"
sh=3BF736C24033F3E9302AD9339AB24946B84DBB22 ft=1 fh=16a157c9bf933752 vn="a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application" ac=I fn="C:\My Documents\My Documents\Health\Markus raw food\iLividSetupV1.exe"
sh=3FB45FDA3CD5DCA142820A01154806F498AB2183 ft=1 fh=39c5b7794731a22a vn="a variant of Win32/Toolbar.iMedix.A potentially unwanted application" ac=I fn="C:\OLD PC Folders\Program Files\Local Disk\$RECYCLE.BIN\S-1-5-21-1527785505-3915310178-3884954049-1000\$R3TN39N\toolbar.ni.dll"
sh=5E69EEC1EF15C3A934A252265EF1679BAAC0D98D ft=1 fh=e4c2df2d717be07c vn="a variant of Win32/Toolbar.iMedix.A potentially unwanted application" ac=I fn="C:\OLD PC Folders\Program Files\Local Disk\$RECYCLE.BIN\S-1-5-21-1527785505-3915310178-3884954049-1000\$R3TN39N\Uninstall.exe"
sh=B7EE482B8B274F502D6FE7820444674475FF99A2 ft=1 fh=8a8ff7b699777709 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\OLD PC Folders\Program Files\Local Disk\$RECYCLE.BIN\S-1-5-21-1527785505-3915310178-3884954049-1000\$RFGJG71\FreeVideoToJPGConverter.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2542fa97eb0a304b90e3beaff0cf6d31
# end=init
# utc_time=2015-06-28 10:01:15
# local_time=2015-06-28 11:01:15 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24539
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2542fa97eb0a304b90e3beaff0cf6d31
# end=updated
# utc_time=2015-06-28 10:02:30
# local_time=2015-06-28 11:02:30 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2542fa97eb0a304b90e3beaff0cf6d31
# engine=24539
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-28 10:01:34
# local_time=2015-06-28 11:01:34 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2015'
# compatibility_mode=1053 16777213 100 100 111536 122659278 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 61932551 187995285 0 0
# scanned=259497
# found=54
# cleaned=0
# scan_time=43143
sh=B7EE482B8B274F502D6FE7820444674475FF99A2 ft=1 fh=8a8ff7b699777709 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Desktop\FreeVideoToJPGConverter.exe"
sh=33EA1BD2407EFF593F73E8B5724CDB5EBEFB55BC ft=1 fh=bff8161c3cd3bb33 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\My Documents\W clement stone ebook.exe"
sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\My Documents\My Documents\Health\Markus raw food\ccsetup403.exe"
sh=5DB915FB12436588F63BCBF035A0B6DE0F19A7E3 ft=1 fh=ac1fbf363d79998b vn="a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application" ac=I fn="C:\My Documents\My Documents\Health\Markus raw food\iLividSetupV1 (1).exe"
sh=3BF736C24033F3E9302AD9339AB24946B84DBB22 ft=1 fh=16a157c9bf933752 vn="a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application" ac=I fn="C:\My Documents\My Documents\Health\Markus raw food\iLividSetupV1.exe"
sh=3FB45FDA3CD5DCA142820A01154806F498AB2183 ft=1 fh=39c5b7794731a22a vn="a variant of Win32/Toolbar.iMedix.A potentially unwanted application" ac=I fn="C:\OLD PC Folders\Program Files\Local Disk\$RECYCLE.BIN\S-1-5-21-1527785505-3915310178-3884954049-1000\$R3TN39N\toolbar.ni.dll"
sh=5E69EEC1EF15C3A934A252265EF1679BAAC0D98D ft=1 fh=e4c2df2d717be07c vn="a variant of Win32/Toolbar.iMedix.A potentially unwanted application" ac=I fn="C:\OLD PC Folders\Program Files\Local Disk\$RECYCLE.BIN\S-1-5-21-1527785505-3915310178-3884954049-1000\$R3TN39N\Uninstall.exe"
sh=B7EE482B8B274F502D6FE7820444674475FF99A2 ft=1 fh=8a8ff7b699777709 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\OLD PC Folders\Program Files\Local Disk\$RECYCLE.BIN\S-1-5-21-1527785505-3915310178-3884954049-1000\$RFGJG71\FreeVideoToJPGConverter.exe"
sh=F7C22A20FD7D7625468A7A1B5AFD2D98C41D1D15 ft=0 fh=0000000000000000 vn="a variant of Win32/ReImageRepair.D potentially unwanted application" ac=I fn="C:\Users\Frances\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\130707150417513.rsc"
sh=D3E8A057EAD1A21B636BBCAE646BF9026D184454 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Frances\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\stub_data\askrt_en.cab"
sh=BBD5FA59ADC718E21609DC597AE4D05C44DE154E ft=1 fh=141e453f27f6e8c1 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\Users\Frances\Downloads\uTorrent.exe"
sh=BAEE3BEBB51347A2C71521DC5010729A6FABB9F8 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-04-21 190007\Backup Files 2013-04-21 190007\Backup files 3.zip"
sh=F40576EE0F17D3A3E478018B93847721E09BD08A ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-04-21 190007\Backup Files 2013-04-21 190007\Backup files 4.zip"
sh=9F8B2A447A7994A58F6CFF5AA7917B78B9515E3D ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-04-21 190007\Backup Files 2013-04-21 190007\Backup files 7.zip"
sh=4CBF554A16A97920E9340F87C96123652056C2B2 ft=0 fh=0000000000000000 vn="Win32/Graboid potentially unsafe application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-04-21 190007\Backup Files 2013-04-21 190007\Backup files 8.zip"
sh=B93A48454E139E1916940599EEBD865180439605 ft=0 fh=0000000000000000 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-04-21 190007\Backup Files 2013-04-21 190007\Backup files 9.zip"
sh=295422A91B3023F4F552C0D6B11E15FD819A801C ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-04-21 190007\Backup Files 2013-05-19 191331\Backup files 1.zip"
sh=3AB4ECC6864219ACCFA2F62776809545ED0A29E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-05-26 190002\Backup Files 2013-05-26 190002\Backup files 3.zip"
sh=B1E488E55927394A95622CA3A19F4EAE17D35DE8 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-05-26 190002\Backup Files 2013-05-26 190002\Backup files 4.zip"
sh=BA9072DAD428D5C62221830826BA61F84BA1465D ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-05-26 190002\Backup Files 2013-05-26 190002\Backup files 7.zip"
sh=2CD9B8F851F274EE28AD3D8FBDC2C830BA276A6E ft=0 fh=0000000000000000 vn="Win32/Graboid potentially unsafe application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-05-26 190002\Backup Files 2013-05-26 190002\Backup files 8.zip"
sh=D83B5FA8B81B5129FFA972845AA1462516A495E5 ft=0 fh=0000000000000000 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-05-26 190002\Backup Files 2013-05-26 190002\Backup files 9.zip"
sh=C04A293BA6642A86E1322E8C551C1D4439724695 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.J potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-05-26 190002\Backup Files 2013-06-16 190003\Backup files 7.zip"
sh=5979DD48A994BA607F2CAB3236F94C0B1277E9C0 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-05-26 190002\Backup Files 2013-06-30 193442\Backup files 1.zip"
sh=231BD45753DF92F65B4A4AA31EAEFF626EE8B0F3 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-05-26 190002\Backup Files 2013-07-07 143701\Backup files 1.zip"
sh=55AFA5FEDBDE4BAF7541A4EC8F7B677A4486D2D4 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-07-07 220920\Backup Files 2013-07-07 220920\Backup files 3.zip"
sh=53584FEC143DD0EA85F208056F8F4DE5FA892071 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-07-07 220920\Backup Files 2013-07-07 220920\Backup files 7.zip"
sh=795206456628FE3E7CC31C5648C0E6916FEC9553 ft=0 fh=0000000000000000 vn="Win32/Graboid potentially unsafe application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-07-07 220920\Backup Files 2013-07-07 220920\Backup files 8.zip"
sh=F1A2B8CDE1771B6B02AD09E7DBF91F5AA14CA579 ft=0 fh=0000000000000000 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-07-07 220920\Backup Files 2013-07-07 220920\Backup files 9.zip"
sh=F6A2B1DE2D24E20DF0DCFF3CBFF2AF47466F204A ft=0 fh=0000000000000000 vn="Win32/InstalleRex.J potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-07-07 220920\Backup Files 2013-07-07 220920\Backup files 22.zip"
sh=5A1339739FB5502677E41178CF7892CF5CBCF0FC ft=0 fh=0000000000000000 vn="a variant of Win32/ReImageRepair.D potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-07-07 220920\Backup Files 2013-07-07 220920\Backup files 23.zip"
sh=BFB276B35FA4EA2E6C9088053D3BC896E9D9AD4B ft=0 fh=0000000000000000 vn="Win32/PriceGong.B potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-07-07 220920\Backup Files 2013-07-12 122002\Backup files 1.zip"
sh=B6D8FC7CB60524AD80F8F254436C383F432E677F ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-07-07 220920\Backup Files 2013-07-28 190008\Backup files 1.zip"
sh=0B816E39455718E38A69B089E496268596B9FEC1 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-07-07 220920\Backup Files 2013-08-04 190003\Backup files 1.zip"
sh=A0D4FF4B72D5785F98B1A5011A0BCF363720DA6B ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-08-11 190009\Backup Files 2013-08-11 190009\Backup files 3.zip"
sh=0C9E10384A01263B2277EB1E3E82B9C1C8A05F28 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-08-11 190009\Backup Files 2013-08-11 190009\Backup files 6.zip"
sh=BF8AB3ABBF604E131783965A42AA2A5F8392BF4A ft=0 fh=0000000000000000 vn="Win32/Graboid potentially unsafe application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-08-11 190009\Backup Files 2013-08-11 190009\Backup files 8.zip"
sh=F1D29B4D42215975D4A018384A81B2A0AD744AB1 ft=0 fh=0000000000000000 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-08-11 190009\Backup Files 2013-08-11 190009\Backup files 9.zip"
sh=94A084AA7AB992C2C8786CA85E237CEC662CAF10 ft=0 fh=0000000000000000 vn="a variant of Win32/ReImageRepair.D potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-08-11 190009\Backup Files 2013-08-11 190009\Backup files 24.zip"
sh=C9F908BE61156DB0E095F5C262473F357E309FD6 ft=0 fh=0000000000000000 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-11-17 190003\Backup Files 2013-11-17 190003\Backup files 9.zip"
sh=AE84AB2F601CF7978681FA4FE13AA00672716C90 ft=0 fh=0000000000000000 vn="a variant of Win32/ReImageRepair.D potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2013-11-17 190003\Backup Files 2013-11-17 190003\Backup files 24.zip"
sh=7CC47D4D7BAAAFA84F55682326D36586E90CF78F ft=0 fh=0000000000000000 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="G:\FRANCES-PC\Backup Set 2014-01-05 195157\Backup Files 2014-01-05 195157\Backup files 9.zip"
sh=A40496DE0778279B5E0D671453FC7D12E38EFDB8 ft=0 fh=0000000000000000 vn="a variant of Win32/ReImageRepair.D potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2014-01-05 195157\Backup Files 2014-01-05 195157\Backup files 28.zip"
sh=037E63555D1F8F9A133030283D302F3577A6E691 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2014-01-05 195157\Backup Files 2014-09-21 190004\Backup files 1.zip"
sh=C92B61580257A8C4E680633267D22DF362CE4DCB ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2014-01-05 195157\Backup Files 2014-09-21 190004\Backup files 2.zip"
sh=4590BEDF618D20B294DC40F62B3F64760D5060CA ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2014-01-05 195157\Backup Files 2014-09-21 190004\Backup files 8.zip"
sh=DD21FC27BD578765C5DCD5548C14A73EF9FE0015 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.iMedix.A potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2014-01-05 195157\Backup Files 2014-09-21 190004\Backup files 16.zip"
sh=19BFFAF76FDDC23BC6B6C86F9C59B9D5DDEE4923 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2015-01-11 190003\Backup Files 2015-01-11 190003\Backup files 1.zip"
sh=9D2843C88D59910D0B64443F5DC2B912291C2247 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2015-01-11 190003\Backup Files 2015-01-11 190003\Backup files 2.zip"
sh=145D3894D7916483A4BA485F9554D2D27DD3313C ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2015-01-11 190003\Backup Files 2015-01-11 190003\Backup files 8.zip"
sh=B9D6B167C7962796E14FE99379F7B39038CE1B54 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.iMedix.A potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2015-01-11 190003\Backup Files 2015-01-11 190003\Backup files 16.zip"
sh=594A0E21780E5EB01894E158B1855995C66E6603 ft=0 fh=0000000000000000 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="G:\FRANCES-PC\Backup Set 2015-01-11 190003\Backup Files 2015-01-11 190003\Backup files 41.zip"
sh=60E8029F22B467B6CF362CA045236A112297289C ft=0 fh=0000000000000000 vn="a variant of Win32/ReImageRepair.D potentially unwanted application" ac=I fn="G:\FRANCES-PC\Backup Set 2015-01-11 190003\Backup Files 2015-01-11 190003\Backup files 341.zip"
sh=E51AF71F00014D433AD9E05B0EEDD7096FE72811 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="G:\FRANCES-PC\Backup Set 2015-01-11 190003\Backup Files 2015-06-28 190004\Backup files 14.zip"
 

[Feather24]

I haven't done the security check yet, you didn't mention that in your last post I'll include it hopefully the next steps won't take so long!

 

thanks

[pystryker]

Hi, I've been delayed because the ESET program took nearly 12hrs to run!! It found over 50 infected files.

It can take quite a while, no doubt, but it's one of the most in depth online scanners out there.
 

I haven't done the security check yet, you didn't mention that in your last post I'll include it hopefully the next steps won't take so long!
 
thanks

Go ahead and run Security Check, but hold off on the Hard drive maintenance for a bit.

Also, a large majority of the files that ESET found are within zip files that are showing as being backups. An example of such is below:

G:\FRANCES-PC\Backup Set 2013-04-21 190007\Backup Files 2013-04-21 190007\Backup files 4.zip

This backup from 2013 has infected files in it, but as they are backups, I'm not going to remove them from your system. Unless you give me an all clear to do so. If you were to unzip the files contained within and use them, you risk infecting your machine. Please let me know your decision and we'll proceed.

[Feather24]

Hi, thanks for letting me know about the next steps.  I've included the security check log below as promised.

 

I think it's wise to delete or remove the infected backups.  As they are so far back I don't suppose they are relevant/useful now anyway?  I don't want any infected files on my system even if they are in the back up.  So thanks for letting me know about that, it was useful to hear.

 

One other point is that I am here until Wednesday night this week, my time (which is 5hrs ahead of EST) after that I am away for 6 days where I won't have access to this PC.  So if we don't get completed by then, I will need to pick things back up with you on Wed 8th July.  Just so you know what is happening.

 

thanks for your help so far.

 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG Internet Security 2015   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 CCleaner     
 Adobe Flash Player     18.0.0.194  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5)
 Google Chrome (43.0.2357.124)
 Google Chrome (43.0.2357.130)
 Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

[pystryker]

I think it's wise to delete or remove the infected backups. As they are so far back I don't suppose they are relevant/useful now anyway? I don't want any infected files on my system even if they are in the back up. So thanks for letting me know about that, it was useful to hear.

I think you're making a good decision, as they are infected and quite old. It's always a good idea to make a backup of your most critical files at least once a month. Back them up to a drive that you can keep safely unplugged from the machine. The new encrypting malware that's all over the planet now will even infect backups that it finds connected to the machine.
 

One other point is that I am here until Wednesday night this week, my time (which is 5hrs ahead of EST) after that I am away for 6 days where I won't have access to this PC. So if we don't get completed by then, I will need to pick things back up with you on Wed 8th July. Just so you know what is happening.

Ok, no worries. If we're not finished by then, I'll leave the thread open and you can let me know when you return. I appreciate you letting me know.

Let's get rid of the files ESET found.


Step 1: Fix with FRST

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt
  
  NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
C:\Desktop\FreeVideoToJPGConverter.exe
C:\My Documents\W clement stone ebook.exe
C:\My Documents\My Documents\Health\Markus raw food\ccsetup403.exe
C:\My Documents\My Documents\Health\Markus raw food\iLividSetupV1*.exe
C:\OLD PC Folders\Program Files\Local Disk\$RECYCLE.BIN\S-1-5-21-1527785505-3915310178-3884954049-1000\$R3TN39N\*.*
C:\Users\Frances\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\130707150417513.rsc
C:\Users\Frances\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\stub_data\askrt_en.cab
C:\Users\Frances\Downloads\uTorrent.exe
G:\FRANCES-PC\Backup Set 2013-04-21 190007
G:\FRANCES-PC\Backup Set 2013-05-26 190002
G:\FRANCES-PC\Backup Set 2013-07-07 220920
G:\FRANCES-PC\Backup Set 2013-08-11 190009
G:\FRANCES-PC\Backup Set 2013-11-17 190003
G:\FRANCES-PC\Backup Set 2014-01-05 195157
G:\FRANCES-PC\Backup Set 2015-01-11 190003
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Update Anti-Virus


You current anti-virus is out of date and needs updating to the latest definitions. However, if you want to try a free alternative, you might consider trying Avast antivirus. You can download it here.
If you wish to stay with your current antivirus, please update it by following the instructions below.

• Right click on the AVG icon in your tray at the bottom right of your screen and select Update.
• AVG will begin downloading the latest updates.

Things I need to see in your next post:

Fixlog.txt Log

[Feather24]

Hi Thanks for the information,

 

I've included the log below.  I usually update my AVG on a daily basis, it doesn't seem to always do it automatically although it's the paid version.  Hopefully there isn't a problem with it?

 

Thanks for your understanding about the time I will be away, thank you for being willing to pick things up on my return if needed that's very flexible and helpful

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by Frances at 2015-06-30 22:10:16 Run:2
Running from C:\Users\Frances\Desktop
Loaded Profiles: Frances (Available Profiles: Frances)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
C:\Desktop\FreeVideoToJPGConverter.exe
C:\My Documents\W clement stone ebook.exe
C:\My Documents\My Documents\Health\Markus raw food\ccsetup403.exe
C:\My Documents\My Documents\Health\Markus raw food\iLividSetupV1*.exe
C:\OLD PC Folders\Program Files\Local Disk\$RECYCLE.BIN\S-1-5-21-1527785505-3915310178-3884954049-1000\$R3TN39N\*.*
C:\Users\Frances\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\130707150417513.rsc
C:\Users\Frances\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\stub_data\askrt_en.cab
C:\Users\Frances\Downloads\uTorrent.exe
G:\FRANCES-PC\Backup Set 2013-04-21 190007
G:\FRANCES-PC\Backup Set 2013-05-26 190002
G:\FRANCES-PC\Backup Set 2013-07-07 220920
G:\FRANCES-PC\Backup Set 2013-08-11 190009
G:\FRANCES-PC\Backup Set 2013-11-17 190003
G:\FRANCES-PC\Backup Set 2014-01-05 195157
G:\FRANCES-PC\Backup Set 2015-01-11 190003
End
*****************

C:\Desktop\FreeVideoToJPGConverter.exe => moved successfully.
C:\My Documents\W clement stone ebook.exe => moved successfully.
C:\My Documents\My Documents\Health\Markus raw food\ccsetup403.exe => moved successfully.
C:\My Documents\My Documents\Health\Markus raw food\iLividSetupV1*.exe => moved successfully.

"C:\OLD PC Folders\Program Files\Local Disk\$RECYCLE.BIN\S-1-5-21-1527785505-3915310178-3884954049-1000\$R3TN39N\*.*" folder move:

Could not move "C:\OLD PC Folders\Program Files\Local Disk\$RECYCLE.BIN\S-1-5-21-1527785505-3915310178-3884954049-1000\$R3TN39N\*.*" folder => Scheduled to move on reboot.

C:\Users\Frances\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\130707150417513.rsc => moved successfully.
C:\Users\Frances\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\stub_data\askrt_en.cab => moved successfully.
C:\Users\Frances\Downloads\uTorrent.exe => moved successfully.
G:\FRANCES-PC\Backup Set 2013-04-21 190007 => moved successfully.
G:\FRANCES-PC\Backup Set 2013-05-26 190002 => moved successfully.
G:\FRANCES-PC\Backup Set 2013-07-07 220920 => moved successfully.
G:\FRANCES-PC\Backup Set 2013-08-11 190009 => moved successfully.
G:\FRANCES-PC\Backup Set 2013-11-17 190003 => moved successfully.

"G:\FRANCES-PC\Backup Set 2014-01-05 195157" folder move:

Could not move "G:\FRANCES-PC\Backup Set 2014-01-05 195157" folder => Scheduled to move on reboot.


"G:\FRANCES-PC\Backup Set 2015-01-11 190003" folder move:

Could not move "G:\FRANCES-PC\Backup Set 2015-01-11 190003" folder => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-30 22:56:35)<=

"C:\OLD PC Folders\Program Files\Local Disk\$RECYCLE.BIN\S-1-5-21-1527785505-3915310178-3884954049-1000\$R3TN39N\*.*" => Could not move
"G:\FRANCES-PC\Backup Set 2014-01-05 195157" => Could not move
"G:\FRANCES-PC\Backup Set 2015-01-11 190003" => Could not move

==== End of Fixlog 22:56:38 ====

[pystryker]

I've included the log below. I usually update my AVG on a daily basis, it doesn't seem to always do it automatically although it's the paid version. Hopefully there isn't a problem with it?

I've had issues with other paid versions of software such as Malwarebytes only updating when I tell it to, and sometimes it does it automatically. It shouldn't be an issue.
 

Thanks for your understanding about the time I will be away, thank you for being willing to pick things up on my return if needed that's very flexible and helpful

You're quite welcome, we do our best here to work on a schedule that works best for you.


Let's get a fresh look with FRST to make sure everything is clear and run some hard drive maintenance.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with FRST

Start FRST and check the Addition.txt box and then press scan. FRST will produce two logs, FRST.txt and Addition.txt. Please post them both in your next reply.


Step 2: Chkdsk

• To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties.
• Select the Tools tab and click Check Now. Check both boxes. Click Start.
• You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot.
• Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt

[Feather24]

Ok thanks.  First log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by Frances (administrator) on FRANCES-PC on 01-07-2015 16:02:43
Running from C:\Users\Frances\Desktop
Loaded Profiles: Frances (Available Profiles: Frances)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcatel-Lucent) C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sonix) C:\Windows\vsnp2std.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(MyHeritage) C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
(Google) C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe
(Flux Software LLC) C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
() C:\Users\Frances\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Dropbox, Inc.) C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe [1841664 2011-09-07] (Alcatel-Lucent)
HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [675840 2006-09-15] (Sonix)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296520 2015-02-02] (RealNetworks, Inc.)
HKLM\...\Run: [RealDownloader] => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Family Tree Builder Update] => C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2477056 2015-03-02] (MyHeritage)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [googletalk] => C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [f.lux] => C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [MP3 Skype recorder] => C:\Users\Frances\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [1561472 2015-02-11] ()
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [Dropbox Update] => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-02-02]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-09-02]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2014-08-26] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000 -> EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1AEFD181-F14E-4463-B2D2-39C1367B81A8}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1EB4CFC4-7649-413F-870B-BB36D0D3979F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A79483D2-6796-4059-832A-41A709A2AAE1}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\wtqcb945.default-1429894029943
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2011-09-07] (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2015-02-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-02-02] (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1527785505-3915310178-3884954049-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-05-25] (Citrix Online)
FF Plugin HKU\S-1-5-21-1527785505-3915310178-3884954049-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll [2012-10-30] (Amazon.com, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-03]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-06-03]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-06-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-03]
FF HKLM\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-02-02]

Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
CHR Profile: C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-26]
CHR Extension: (Google Drive) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-26]
CHR Extension: (YouTube) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-24]
CHR Extension: (Google Search) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-24]
CHR Extension: (Bookmark Manager) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Skype Click to Call) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-26]
CHR Extension: (Gmail) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-24]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1526936 2015-06-16] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2011-03-29] (Alcatel-Lucent) [File not signed]
S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-02] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S4 SQLAgent$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [57824 2015-04-14] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [227808 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [169440 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 eapihdrv; C:\Users\Frances\AppData\Local\Temp\ehdrv.sys [135760 2015-06-28] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12028032 2007-01-26] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-29 15:21 - 2015-06-29 15:21 - 00852662 _____ C:\Users\Frances\Desktop\SecurityCheck(1).exe
2015-06-29 12:59 - 2015-06-29 13:00 - 53360249 _____ C:\Users\Frances\Desktop\YouGetWhatYouAskFor.zip
2015-06-29 11:04 - 2015-06-29 11:04 - 00852662 _____ C:\Users\Frances\Desktop\SecurityCheck.exe
2015-06-27 23:12 - 2015-06-27 23:12 - 02870984 _____ (ESET) C:\Users\Frances\Desktop\esetsmartinstaller_enu.exe
2015-06-27 23:12 - 2015-06-27 23:12 - 00000000 ____D C:\Program Files\ESET
2015-06-27 23:03 - 2015-06-27 23:03 - 00001050 _____ C:\Users\Frances\Desktop\MBAM.TXT
2015-06-23 12:09 - 2015-06-23 12:09 - 00001545 _____ C:\Users\Frances\Desktop\JRT.txt
2015-06-23 12:06 - 2015-06-23 12:06 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FRANCES-PC-Windows-7-Home-Premium-(32-bit).dat
2015-06-23 12:06 - 2015-06-23 12:06 - 00000000 ____D C:\RegBackup
2015-06-23 11:23 - 2015-06-23 11:24 - 02244096 _____ C:\Users\Frances\Desktop\AdwCleaner.exe
2015-06-23 11:20 - 2015-06-23 11:20 - 02950217 _____ (Thisisu) C:\Users\Frances\Desktop\JRT.exe
2015-06-22 12:39 - 2015-06-22 12:39 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Frances\Desktop\tdsskiller.exe
2015-06-22 12:08 - 2015-06-30 22:10 - 00000000 ____D C:\Users\Frances\Desktop\FRST-OlderVersion
2015-06-18 20:19 - 2015-06-18 20:20 - 00049913 _____ C:\Users\Frances\Desktop\Addition.txt
2015-06-18 20:18 - 2015-07-01 16:03 - 00022762 _____ C:\Users\Frances\Desktop\FRST.txt
2015-06-18 20:14 - 2015-06-30 22:10 - 01636352 _____ (Farbar) C:\Users\Frances\Desktop\FRST.exe
2015-06-17 17:11 - 2015-06-17 17:11 - 00000000 ____D C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-17 17:08 - 2015-07-01 01:13 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000UA.job
2015-06-17 17:08 - 2015-06-29 17:24 - 00000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000Core.job
2015-06-17 17:08 - 2015-06-17 17:08 - 00000000 ____D C:\Users\Frances\AppData\Local\Dropbox
2015-06-17 17:08 - 2015-06-17 17:08 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-14 11:19 - 2015-06-14 11:19 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-10 16:33 - 2015-06-02 20:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 16:33 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 16:33 - 2015-05-25 18:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 16:33 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 16:33 - 2015-05-23 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 16:33 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 16:33 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 16:33 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 16:33 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 16:33 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 16:33 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 16:33 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 16:33 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 16:33 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 16:33 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 16:33 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 16:33 - 2015-05-23 04:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 16:33 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 16:33 - 2015-05-23 04:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 16:33 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 16:33 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 16:33 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 16:33 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 16:33 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 16:33 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 16:33 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 16:33 - 2015-05-23 03:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 16:33 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 16:33 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 16:33 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 16:33 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 16:33 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 16:33 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 16:33 - 2015-05-22 19:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 16:33 - 2015-05-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 16:33 - 2015-05-22 19:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 16:33 - 2015-05-22 19:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 16:33 - 2015-05-22 19:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 16:33 - 2015-05-22 19:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 16:33 - 2015-05-22 18:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 16:33 - 2015-05-21 14:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 16:33 - 2015-04-11 04:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 16:32 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-10 16:32 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 16:32 - 2015-05-25 19:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 16:32 - 2015-05-25 19:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 16:32 - 2015-05-25 19:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 16:32 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 16:32 - 2015-05-25 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 16:32 - 2015-05-25 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 16:32 - 2015-05-25 18:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 16:32 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 16:32 - 2015-05-25 17:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 16:31 - 2015-05-09 04:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 16:31 - 2015-05-09 04:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 16:31 - 2015-05-09 04:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 16:31 - 2015-05-09 04:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 16:31 - 2015-05-09 04:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 02:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 16:31 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 16:31 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 16:31 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 16:31 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 16:31 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 16:31 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-08 12:51 - 2015-06-08 12:51 - 00000000 ____D C:\Users\Frances\AppData\Local\GWX
2015-06-03 12:42 - 2015-06-04 10:23 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 16:02 - 2014-10-22 18:43 - 00000000 ____D C:\FRST
2015-07-01 16:01 - 2010-10-09 15:01 - 00000000 ____D C:\ProgramData\MFAData
2015-07-01 15:55 - 2011-02-27 13:37 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 15:49 - 2012-04-01 16:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 15:33 - 2009-07-14 05:34 - 00023568 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 15:33 - 2009-07-14 05:34 - 00023568 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 15:27 - 2010-10-08 20:37 - 01552763 _____ C:\Windows\WindowsUpdate.log
2015-07-01 15:20 - 2011-11-03 13:04 - 00000000 ___RD C:\Users\Frances\Dropbox
2015-07-01 15:20 - 2011-11-03 13:00 - 00000000 ____D C:\Users\Frances\AppData\Roaming\Dropbox
2015-07-01 15:18 - 2014-12-10 11:22 - 00060850 _____ C:\Windows\setupact.log
2015-07-01 15:18 - 2011-02-27 13:37 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 15:18 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 22:56 - 2015-01-07 21:44 - 00074070 _____ C:\Windows\PFRO.log
2015-06-29 23:24 - 2010-10-11 16:43 - 00000000 ____D C:\Users\Frances\AppData\Roaming\Skype
2015-06-29 17:06 - 2015-01-11 21:39 - 00000000 ____D C:\Users\Frances\Documents\COACHING 2015
2015-06-27 22:39 - 2014-09-12 11:26 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-25 22:20 - 2010-11-11 19:48 - 00000000 ____D C:\Users\Frances\Documents\FinePrint files
2015-06-25 18:11 - 2014-09-12 11:25 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-25 18:11 - 2014-09-12 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-25 18:11 - 2014-09-12 11:25 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-25 17:08 - 2011-04-01 11:17 - 00000000 ____D C:\Users\Frances\AppData\Roaming\Audacity
2015-06-24 13:49 - 2012-04-01 16:14 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-24 13:49 - 2011-06-29 11:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-24 12:21 - 2015-01-07 21:48 - 00000935 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-24 12:21 - 2015-01-07 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-23 12:34 - 2013-08-27 14:48 - 00000000 ____D C:\AdwCleaner
2015-06-22 21:59 - 2011-02-27 13:38 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-20 21:38 - 2014-09-18 13:06 - 00000000 ____D C:\Users\Frances\Documents\HEALTH
2015-06-18 19:53 - 2011-07-10 22:05 - 00000000 ____D C:\Program Files\VBMovies
2015-06-18 08:41 - 2014-09-12 11:25 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-09-12 11:25 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2010-10-09 17:18 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-15 11:23 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-06-12 17:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Branding
2015-06-11 17:57 - 2014-12-01 13:09 - 00000000 __SHD C:\Users\Frances\AppData\Local\EmieBrowserModeList
2015-06-11 17:57 - 2014-04-23 10:37 - 00000000 __SHD C:\Users\Frances\AppData\Local\EmieUserList
2015-06-11 17:57 - 2014-04-23 10:37 - 00000000 __SHD C:\Users\Frances\AppData\Local\EmieSiteList
2015-06-11 15:44 - 2014-08-19 10:36 - 00000000 ____D C:\Users\Frances\AppData\Local\Adobe
2015-06-11 15:39 - 2010-10-08 20:39 - 00878182 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 15:32 - 2009-07-14 05:33 - 00429856 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 15:29 - 2014-12-12 14:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 15:29 - 2014-04-23 10:23 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 23:39 - 2010-10-31 18:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 23:32 - 2013-07-24 01:18 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 23:09 - 2010-10-09 10:18 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-04 10:23 - 2012-04-25 17:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-03 16:04 - 2010-10-11 16:42 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2011-06-27 23:28 - 2011-06-27 23:29 - 0015044 _____ () C:\Program Files\cc_20110627_232823.reg
2013-07-23 13:26 - 2013-07-23 13:27 - 0036154 _____ () C:\Program Files\cc_20130723_132652.reg
2010-11-08 16:25 - 2011-07-18 10:47 - 0004608 _____ () C:\Users\Frances\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-27 09:30 - 2011-06-27 09:30 - 0000000 _____ () C:\Users\Frances\AppData\Local\{2F0D215D-D36A-4572-8518-970B7D5F1ED4}
2011-06-07 11:10 - 2011-06-07 11:11 - 0000000 _____ () C:\Users\Frances\AppData\Local\{D0C3A833-BA01-4220-98B5-867AEE928B6A}
2010-10-11 16:43 - 2010-10-11 16:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Frances\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpabqlcs.dll
C:\Users\Frances\AppData\Local\temp\lowproc.exe
C:\Users\Frances\AppData\Local\temp\NOSEventMessages.dll
C:\Users\Frances\AppData\Local\temp\Quarantine.exe
C:\Users\Frances\AppData\Local\temp\sqlite3.dll
C:\Users\Frances\AppData\Local\temp\stubhelper.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 14:41

==================== End of log ============================

[Feather24]

Additions log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by Frances at 2015-07-01 16:03:50
Running from C:\Users\Frances\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1527785505-3915310178-3884954049-500 - Administrator - Disabled)
Frances (S-1-5-21-1527785505-3915310178-3884954049-1000 - Administrator - Enabled) => C:\Users\Frances
Guest (S-1-5-21-1527785505-3915310178-3884954049-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft VideoImpression 2 (HKLM\...\{244E21B9-164C-4EC1-AED8-9BD64161E66D}) (Version:  - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM\...\{C2E455CE-A952-4711-9505-51A8898B113F}) (Version:  - ArcSoft)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AudibleManager (HKLM\...\AudibleManager) (Version: 2000575200.48.56.30674154 - Audible, Inc.)
Avery Wizard 3.1 (HKLM\...\{77077FFF-8831-470F-9627-E86F06A50CCD}) (Version: 3.1.8 - Avery)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6037 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6037 - AVG Technologies) Hidden
Belkin Wireless USB Utility (HKLM\...\InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin)
Belkin Wireless USB Utility (Version: 6.3.2.16 - Belkin) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Microsoft Outlook 2010 (HKLM\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (Version: 4.0.11308.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Citrix Online Launcher (HKLM\...\{A4B72B94-7745-4CA8-A4D6-D8AC2442451C}) (Version: 1.0.153 - Citrix)
DriverUpdate (HKLM\...\{E3B2301A-17BB-441E-B432-FF4DC8549B8A}) (Version: 2.2.36929 - SlimWare Utilities, Inc.)
Dropbox (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.1.5.0 - )
EPSON Easy Photo Print (HKLM\...\{F19D07BC-6240-49D3-BA5C-59B015DF8916}) (Version: 1.2.2.0 - )
EPSON File Manager (HKLM\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
EPSON Image Clip Palette (HKLM\...\{314F6D08-A8B7-11D8-8446-0050BA1D384D}) (Version: 1.02.00 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
ESDX3800 User's Guide (HKLM\...\ESDX3800 User's Guide) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.6.4 (HKLM\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
f.lux (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Flux) (Version:  - )
FinePrint (HKLM\...\FinePrint) (Version: 6.15 - FinePrint Software, LLC)
Free Editor (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1) (Version: 2.0.3 - Blue Labs, LLC)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Talk (remove only) (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
IAW20 (HKLM\...\IAW20) (Version:  - )
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Communicator 2007 R2 (HKLM\...\{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}) (Version: 3.5.6907.268 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 38.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-GB)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MP3 Skype recorder (HKLM\...\{9D33E74E-3799-4343-9F16-13AFF983366C}) (Version: 4.11.1.0 - Alexander Nikiforov)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.2 (HKLM\...\{09DF00E6-520C-49D5-B7E0-9612165CACA8}) (Version: 3.2.9502 - OpenOffice.org)
Paint.NET v3.5.8 (HKLM\...\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}) (Version: 3.58.0 - dotPDN LLC)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PIF DESIGNER (HKLM\...\{B90450DF-E781-46FD-B1F1-0C86DA40E443}) (Version:  - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Trust Webcam Live (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19.202_WHQL - Sonix)
TweetDeck (HKLM\...\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1) (Version: 0.38.1 - TweetDeck Inc)
TweetDeck (Version: 0.38.1 - TweetDeck Inc) Hidden
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vocal Remover (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Vocal Remover) (Version:  - Make-Your-Own-Karaoke.com)
Vocal Remover (Version: 1.2.4 - Make-Your-Own-Karaoke.com) Hidden
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
XNote Stopwatch (HKLM\...\XNote Stopwatch) (Version: 1.67 - dnSoft Research Group)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{67F2A879-82D5-4A6D-8CC5-FFB3C114B69D}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\program\so_activex.dll ()
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\ooofiltproxy.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Frances\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{990D9B6F-6621-11D9-AD6A-000C29B1E318}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\Avery Wizard 3.1\AveryOAd.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\Avery Wizard 3.1\AvWizRes.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

==================== Restore Points =========================

07-06-2015 23:26:58 Scheduled Checkpoint
08-06-2015 13:01:01 Windows Backup
10-06-2015 23:07:14 Windows Update
14-06-2015 19:00:24 Windows Backup
22-06-2015 11:45:24 Windows Backup
22-06-2015 12:09:33 Restore Point Created by FRST
28-06-2015 19:00:21 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-06-22 12:10 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08963739-7A34-4FFB-99F2-637925B8149D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1527785505-3915310178-3884954049-1000 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {1935BC1B-003A-4B50-97D6-93BB055FFA80} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000Core => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {1A45D0BA-9DA1-4F64-8745-A4542C810EE5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {22679D7D-4086-4EB3-B1D3-D73C9CAACAFF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1527785505-3915310178-3884954049-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {2B17A39E-0C7C-42A7-A404-47C0EB3FFE4F} - System32\Tasks\{6F30B801-45EE-40AC-8EE3-E56FDF76A6EF} => C:\Program Files\Amazon\Kindle For PC\KindleForPC.exe [2010-11-11] (Amazon.com)
Task: {357FA1D8-6B55-4F78-A271-529E47B56CA5} - System32\Tasks\{D21AA598-1F4F-444C-AE7E-D9A8859E4467} => pcalua.exe -a C:\Users\Frances\Downloads\AdobeAIRInstaller.exe -d C:\Users\Frances\Downloads
Task: {37718E09-EA3C-4D4F-B360-7BAA10363019} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {41D8CFDB-F028-4B44-A129-AEE653CDA760} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {4798B9EF-4CDD-4298-A3D2-3D6BBE66BB10} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {4B914817-A485-4583-9854-887A8837F720} - System32\Tasks\RealDownloader Update Check => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {4EEDC6CB-4B67-45D4-AE9E-A78F4A409106} - System32\Tasks\{B05DA352-45C0-4F77-94B8-D5DCEB1BEECD} => pcalua.exe -a C:\Users\Frances\Downloads\avg_tuh_stf_all_2015_403_24c34.exe -d C:\Users\Frances\Downloads
Task: {503F092D-6E21-4850-B26A-6487E3255864} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {51AB735F-8C70-49CF-A8C5-A7A0CD87ECEB} - System32\Tasks\{35403C0F-6676-4E10-935F-D491A61AD217} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
Task: {64C705D5-6051-409F-B1E7-24064A1F46D8} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {6BF6B37B-A150-4338-9C47-FD638B955EE6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1527785505-3915310178-3884954049-1000 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {7B2A31D9-B908-4433-9758-CD7D2D67B211} - System32\Tasks\{E5433F60-B49A-4967-A5B6-7BABE2F0F12B} => pcalua.exe -a "C:\My Documents\My Documents\My Music\Vocal_Remover_Installer.exe" -d "C:\My Documents\My Documents\My Music"
Task: {7E89D135-9068-4AB2-A641-9EE2359532C8} - System32\Tasks\{4A096E15-7CAA-4A7D-ADA6-0FDB95784895} => Firefox.exe http://ui.skype.com/...?LastError=1618
Task: {8387BBFC-DD50-479E-9A22-4130E5AA2C12} - System32\Tasks\RNUpgradeHelperLogonPrompt_Frances => C:\Users\Frances\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-06-11] (RealNetworks, Inc.)
Task: {88DA6310-5FB6-4483-A9A8-A1EABDD6B2AE} - System32\Tasks\ReclaimerUpdateXML_Frances => C:\Users\Frances\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-06-11] (RealNetworks, Inc.)
Task: {8D097E48-E294-4B45-8611-3EE3BB563CBC} - System32\Tasks\ReclaimerUpdateFiles_Frances => C:\Users\Frances\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-06-11] (RealNetworks, Inc.)
Task: {8FED1C95-A43C-4545-BBC1-ACDEC9711A5B} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {90395C66-3721-462E-822A-554DA714AB35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {9306A6D6-0D90-4322-8316-C05CC2C376F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {97935E8C-972B-4116-A33C-2B139BEB07E1} - System32\Tasks\{A361237D-EC42-41F8-BF87-91BCB603F979} => pcalua.exe -a C:\Users\Frances\Desktop\EasyInstall.exe -d C:\Users\Frances\Desktop
Task: {AD759222-36F6-448D-8356-0D9419ADF487} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {BE043F62-5F1F-412B-90D0-F6DD9CBD33D4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {CBF392AA-617E-4328-826C-038BF4F7EB55} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Frances Logon => C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
Task: {D18C75E8-1010-4D5E-8D27-41C3F39AC129} - System32\Tasks\RNUpgradeHelperResumePrompt_Frances => C:\Users\Frances\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-06-11] (RealNetworks, Inc.)
Task: {EE99BD7C-D3D9-4A01-801E-C02D2F96E0B0} - System32\Tasks\{70BEF97D-6873-4354-BFC2-0CAC1AE91DB4} => C:\Program Files\Skype\Phone\Skype.exe [2015-06-02] (Skype Technologies S.A.)
Task: {FDB802DC-8C9F-4A90-8320-64F8A7425797} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000UA => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {FF56A3E0-3CEF-4C78-AADC-EA065FB9CD5F} - System32\Tasks\{DD17235B-3028-4820-A80A-2A83CB1E044E} => pcalua.exe -a "C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TADF8N04\jre-6u27-windows-i586-iftw.exe" -d C:\Users\Frances\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000Core.job => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000UA.job => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-26 23:59 - 2014-10-26 23:59 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-02-02 12:53 - 2015-02-02 12:53 - 00865880 _____ () C:\Program Files\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00031856 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-10-30 06:41 - 2014-10-30 06:41 - 00035976 _____ () C:\Program Files\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00039560 _____ () C:\Program Files\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00032888 _____ () C:\Program Files\Real\UpdateService\RPDSUpdatePlugin.dll
2014-10-29 20:06 - 2014-10-29 20:06 - 00560192 _____ () C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
2014-10-29 20:01 - 2014-10-29 20:01 - 01382048 _____ () C:\Program Files\RealNetworks\RealDownloader\cpprest100_1_2.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 08507232 _____ () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02354016 _____ () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 01014624 _____ () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00364384 _____ () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02480992 _____ () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 01346912 _____ () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00206176 _____ () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02653024 _____ () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00033120 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00035680 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00207200 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 11166560 _____ () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 00276832 _____ () C:\Program Files\Nokia\Nokia Suite\phonon4.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00391600 _____ () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00059280 _____ () C:\Program Files\Nokia\Nokia Suite\securestorage.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 00438624 _____ () C:\Program Files\Nokia\Nokia Suite\NService.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00446304 _____ () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00520544 _____ () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00720736 _____ () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 00606560 _____ () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 00093024 _____ () C:\Program Files\Nokia\Nokia Suite\qjson.dll
2015-02-11 02:41 - 2015-02-11 02:41 - 01561472 _____ () C:\Users\Frances\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
2015-07-01 15:19 - 2015-07-01 15:19 - 00043008 _____ () c:\users\frances\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpabqlcs.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00750080 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00047616 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00865280 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00200704 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-06-17 17:11 - 2015-03-19 08:15 - 00010240 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-06-17 17:11 - 2015-03-19 08:15 - 00726016 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-17 17:11 - 2015-03-19 08:15 - 00010240 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00436576 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00318304 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\101hotteens.com -> 101hotteens.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\110hobart.com -> 110hobart.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\114anhui.com -> 114anhui.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\123expressview.com -> 123expressview.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\123found.com -> 123found.com

There are 4028 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{43C68FA6-6CB2-4E79-BF92-EE5879632CA9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{0EA573EC-7ADE-49EF-AF45-3C8ED83E2463}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{2F74CCDB-9265-4109-93FF-CD2C2A5281C2}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{D15B25FC-7DE6-4974-A02A-E3DBD1FECC56}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{2B292F78-40F7-4B18-A121-35C932EC1864}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{BE985747-3FDF-499A-8C5A-FF52920617A0}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{8A056B0E-2527-4147-8E43-8CE778A70B39}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2015 00:09:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {840e559a-b4ee-4e2c-b34f-11ad737baf99}

Error: (06/15/2015 10:39:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:39:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:37:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:37:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:36:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:36:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 464: ERROR: read_msg errno 0 (The operation completed successfully.)


System errors:
=============
Error: (06/29/2015 11:24:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/29/2015 11:24:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/29/2015 08:46:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/29/2015 08:46:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/28/2015 10:39:23 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (06/28/2015 10:38:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The iPod Service service terminated with the following error:
%%-2147417831

Error: (06/24/2015 01:03:18 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/24/2015 01:03:18 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/23/2015 00:37:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (06/23/2015 00:37:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


Microsoft Office:
=========================
Error: (06/22/2015 00:09:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {840e559a-b4ee-4e2c-b34f-11ad737baf99}

Error: (06/15/2015 10:39:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:39:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:37:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:37:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:36:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:36:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 464: ERROR: read_msg errno 0 (The operation completed successfully.)


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 44%
Total physical RAM: 2037.49 MB
Available physical RAM: 1139.56 MB
Total Pagefile: 4074.98 MB
Available Pagefile: 2619.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:29.08 GB) NTFS
Drive e: () (Fixed) (Total:19.53 GB) (Free:9.73 GB) NTFS
Drive f: () (Fixed) (Total:54.99 GB) (Free:11.9 GB) NTFS
Drive g: (TOSHIBA HDD) (Fixed) (Total:465.65 GB) (Free:222.43 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D820D820)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2B1EBCE9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: AA4B0B5E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End of log ============================

[Feather24]

Ok I've run chkdsk on c: drive it rebooted itself automatically.  Wasn't sure if I needed to run it on E:, F: and G: (external hard drive).  I think either E or F is a partition drive.

 

I didn't get a report, or wasn't sure where to find it although I know you didn't ask for it.

 

Thanks

[pystryker]

Ok I've run chkdsk on c: drive it rebooted itself automatically.  Wasn't sure if I needed to run it on E:, F: and G: (external hard drive).  I think either E or F is a partition drive.
 
I didn't get a report, or wasn't sure where to find it although I know you didn't ask for it.
 
Thanks

No, only run it on C:, as I wanted to make sure everything is fine with that drive. The FRST logs are clean, which is an excellent sign. Let's check the file system on the machine. How is it running?


Step 1: System File Checker

• Click the Start button and in the Search bar, type in Command Prompt You will see cmd.exe appear at the top of the window.
• Right click on it and select Run as Administrator. Answer Yes if the machine requests it.
• When the Command Prompt window opens, type this in: sfc /scannow
• The system scan will begin. It may take a while to complete.

Step 2: Retrieve CBS Log

• Click on the Start button and in the search box, type Command Prompt
• When you see Command Prompt on the list, right-click on it and select Run as administrator
• When command prompt opens, copy and paste the following command into it, press enter
  copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
• This will create a file, cbs.txt on your Desktop. Please zip/attach this to your next post.

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

Things I need to see in your next post

CBS Log

Update on how the machine is running

[Feather24]

Hi Ok I'm back.  Thanks for the info in your last reply, glad all is well.  thanks for keeping this open.  I'll do what I can today.  Overall it is less noisy than it was which is good. Sometimes I still get error message (stop script messages) in facebook.  I'll monitor after this next scan.

 

I'm busy most of tomorrow so may not get much done then if needed.

 

Just wanted to give you an update.

[Feather24]

cbs log zipped it's a notepad file hopefully you can read it.

Attached Files

•  cbs.zip   448.25KB   450 downloads