Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yahoo Search is taking over my Chrome browser [Closed]

Started by shampton2 , Aug 19 2015 11:37 AM

  • This topic is locked This topic is locked

#1
shampton2
Posted 19 August 2015 - 11:37 AM

shampton2

    Member

  • Member
  • PipPip
  • 33 posts

Yesterday, I installed the free Windows 10 upgrade over my Windows 8.1 OS. Now, even though I have set my preferences in the Internet options and browser settings to use Google for searching and to open a new tab with the New Tab option, it will still proceed to the Yahoo Search page after 1 or 2 seconds. Even after I performed a search on your site for the removal instructions, after a few minutes, Yahoo takes over and displays the search results. I restored my system to Windows 8.1 this afternoon, but this problem is still occurring. Also, it uses Bing whenever I type in the address bar. I would be grateful for any help you can provide.

 

Thank you,

Summarah

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-08-2015
Ran by S.Hampton (administrator) on SUMMARAHLAPTOP (19-08-2015 13:25:10)
Running from C:\Users\S.Hampton\Desktop
Loaded Profiles: S.Hampton (Available Profiles: S.Hampton)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
( ) C:\Windows\System32\lxcicoms.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugincontainer.exe
() C:\Program Files (x86)\Common Files\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\updater.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\7\Plugin.exe
() C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\10\Plugin.exe
() C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\6\Plugin.exe
() C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\8\Plugin.exe
() C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\5\Plugin.exe
() C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\3\Plugin.exe
() C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\7\Plugin.exe
() C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\3\Plugin.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Learnpulse) C:\Users\S.Hampton\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\ProgramData\Results Hub\ResultsHubDesktopSearch.exe
() C:\Program Files (x86)\Hawking\Control Center\Control Center.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Lenovo) C:\Users\S.Hampton\AppData\Local\Apps\2.0\T6THH27B.R0J\3Y043JOD.GRH\lsb...tion_91a10ba61c75c82d_0001.0004_53146ffb7155a994\LSB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [LXCICATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCItime.dll,RunDLLEntry
HKLM\...\Run: [lxcimon.exe] => C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe [205744 2007-02-01] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe [103344 2007-02-01] (Lexmark International Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [Hawking UDS Control Center] => C:\Program Files (x86)\Hawking\Control Center\Control Center.exe [4287488 2012-06-05] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-19] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-2821996762-1571584891-55505278-1001\...\Run: [GoogleChromeAutoLaunch_8689CAC2B5C68C1F01E8DBCE6E51B9A1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-2821996762-1571584891-55505278-1001\...\Run: [Screenpresso] => C:\Users\S.Hampton\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [11928080 2015-08-11] (Learnpulse)
HKU\S-1-5-21-2821996762-1571584891-55505278-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ResultsHubDesktopSearch.lnk [2015-08-13]
ShortcutTarget: ResultsHubDesktopSearch.lnk -> C:\ProgramData\Results Hub\ResultsHubDesktopSearch.exe ()
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-19] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sw-rhb-33__alt__ddc_dsssyc_bd_com
HKU\S-1-5-21-2821996762-1571584891-55505278-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw-rhb-33__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw-rhb-33__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2821996762-1571584891-55505278-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw-rhb-33__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2821996762-1571584891-55505278-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw-rhb-33__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2821996762-1571584891-55505278-1001 -> {684F98EE-82C2-4C86-9C5D-0E0E8D43A1C0} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-19] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-19] (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{28FF5BD9-D8BF-4170-961F-75CFEC65F7ED}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C80C43D7-B619-41E4-B08E-96EEA0642BAE}: [DhcpNameServer] 68.87.74.162 75.75.75.75 4.2.2.2
 
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-19]
 
Chrome: 
=======
CHR Profile: C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-08]
CHR Extension: (Google Docs) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-08]
CHR Extension: (Google Drive) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-08]
CHR Extension: (Hootsuite Hootlet) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2015-07-08]
CHR Extension: (YouTube) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-08]
CHR Extension: (Ebates Cash Back) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-07-08]
CHR Extension: (Google Search) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-08]
CHR Extension: (Google Sheets) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-08]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2015-07-08]
CHR Extension: (Pin It Button) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-07-08]
CHR Extension: (Google Keep - notes and lists) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-07-08]
CHR Extension: (Bitly 
 Unleash the power of the link) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2015-07-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-17]
CHR Extension: (MyPoints Score!) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcglgmippekbdbmniknikdgkmnnpdnmh [2015-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-08]
CHR Extension: (Buffer) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2015-07-08]
CHR Extension: (Pomodoro) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\opodpodbjdmaealpookfkofenoboahfe [2015-07-08]
CHR Extension: (Gmail) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-08]
CHR HKU\S-1-5-21-2821996762-1571584891-55505278-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-19] (AVAST Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 lxci_device; C:\Windows\system32\lxcicoms.exe [566192 2007-02-01] ( )
R2 lxci_device; C:\Windows\SysWOW64\lxcicoms.exe [537520 2007-02-01] ( )
R2 Service Mgr ResultsHub; C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugincontainer.exe [1203936 2015-08-19] ()
R2 Update Mgr ResultsHub; C:\Program Files (x86)\Common Files\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\updater.exe [701152 2015-08-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S5 3ware; C:\Windows\System32\drivers\3ware.sys [108896 2013-08-22] (LSI)
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [533824 2014-11-21] (Microsoft Corporation)
R5 acpiex; C:\Windows\System32\Drivers\acpiex.sys [79712 2013-08-22] (Microsoft Corporation)
S5 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S5 agp440; C:\Windows\System32\drivers\agp440.sys [62304 2013-08-22] (Microsoft Corporation)
S5 amdsata; C:\Windows\System32\drivers\amdsata.sys [79200 2013-08-22] (Advanced Micro Devices)
S5 amdsbs; C:\Windows\System32\drivers\amdsbs.sys [259424 2013-08-22] (AMD Technologies Inc.)
S5 amdxata; C:\Windows\System32\drivers\amdxata.sys [25952 2013-08-22] (Advanced Micro Devices)
S5 arcsas; C:\Windows\System32\drivers\arcsas.sys [114016 2013-08-22] (PMC-Sierra, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-19] (AVAST Software)
S5 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-19] (AVAST Software)
R5 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-19] (AVAST Software)
S5 atapi; C:\Windows\System32\drivers\atapi.sys [26464 2013-08-22] (Microsoft Corporation)
S3 AtiDCM; C:\AMD\WU-CCC2\ccc2_install\Support64\atdcm64a.sys [33992 2015-03-26] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices)
S5 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [531296 2013-08-22] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R5 CLFS; C:\Windows\System32\drivers\CLFS.sys [377152 2015-03-04] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [561928 2015-03-30] (Microsoft Corporation)
R5 disk; C:\Windows\System32\drivers\disk.sys [100192 2013-08-22] (Microsoft Corporation)
S5 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R5 EhStorClass; C:\Windows\System32\drivers\EhStorClass.sys [82784 2013-08-22] (Microsoft Corporation)
S5 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [114016 2013-08-22] (Microsoft Corporation)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [79192 2014-11-21] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [354112 2014-11-21] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [30048 2013-08-22] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [589656 2014-11-21] (Microsoft Corporation)
S5 gagp30kx; C:\Windows\System32\drivers\gagp30kx.sys [65888 2013-08-22] (Microsoft Corporation)
R3 HawkingUDSMBus; C:\Windows\SysWow64\Drivers\HawkingUDSMBus.sys [106632 2012-06-04] (Windows ® Codename Longhorn DDK provider)
R3 HawkingUDSTcpBus; C:\Windows\SysWow64\Drivers\HawkingUDSTcpBus.sys [179848 2012-06-04] (Windows ® Codename Longhorn DDK provider)
S5 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [64352 2013-08-22] (Hewlett-Packard Company)
S5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [24416 2013-08-22] (Microsoft Corporation)
S5 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
S5 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [412000 2013-08-22] (Intel Corporation)
S5 intelide; C:\Windows\System32\drivers\intelide.sys [18272 2013-08-22] (Microsoft Corporation)
R5 intelpep; C:\Windows\System32\drivers\intelpep.sys [39744 2014-11-21] (Microsoft Corporation)
S5 isapnp; C:\Windows\System32\drivers\isapnp.sys [21856 2013-08-22] (Microsoft Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [100672 2014-11-21] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [178008 2015-06-28] (Microsoft Corporation)
S5 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [109408 2013-08-22] (LSI Corporation)
S5 LSI_SAS2; C:\Windows\System32\drivers\lsi_sas2.sys [93536 2013-08-22] (LSI Corporation)
S5 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S5 LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [82784 2013-08-22] (LSI Corporation)
S5 megasas; C:\Windows\System32\drivers\megasas.sys [56672 2013-08-22] (LSI Corporation)
S5 megasr; C:\Windows\System32\drivers\megasr.sys [575840 2013-08-22] (LSI Corporation, Inc.)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [101720 2015-07-15] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [17248 2013-08-22] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [78688 2013-08-22] (Microsoft Corporation)
S5 mvumis; C:\Windows\System32\drivers\mvumis.sys [63840 2013-08-22] (Marvell Semiconductor, Inc.)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [1113944 2015-07-14] (Microsoft Corporation)
S5 nvraid; C:\Windows\System32\drivers\nvraid.sys [150368 2013-08-22] (NVIDIA Corporation)
S5 nvstor; C:\Windows\System32\drivers\nvstor.sys [168288 2013-08-22] (NVIDIA Corporation)
S5 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [124768 2013-08-22] (Microsoft Corporation)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [88896 2014-11-21] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [280384 2014-11-21] (Microsoft Corporation)
S5 pciide; C:\Windows\System32\drivers\pciide.sys [14688 2013-08-22] (Microsoft Corporation)
S5 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [114528 2013-08-22] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50016 2013-08-22] (Microsoft Corporation)
R5 pdc; C:\Windows\System32\drivers\pdc.sys [86336 2014-11-21] (Microsoft Corporation)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [249688 2014-11-21] (Microsoft Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2015-07-13] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [376024 2015-07-13] (Realsil Semiconductor Corporation)
S5 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [107872 2013-08-22] (Microsoft Corporation)
S5 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44896 2013-08-22] (Silicon Integrated Systems Corp.)
S5 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81760 2013-08-22] (Silicon Integrated Systems)
R5 spaceport; C:\Windows\System32\drivers\spaceport.sys [415040 2014-11-21] (Microsoft Corporation)
S5 stexstor; C:\Windows\System32\drivers\stexstor.sys [31072 2013-08-22] (Promise Technology, Inc.)
R5 storahci; C:\Windows\System32\drivers\storahci.sys [107872 2013-08-22] (Microsoft Corporation)
S5 storflt; C:\Windows\System32\drivers\vmstorfl.sys [49944 2014-11-21] (Microsoft Corporation)
S5 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-11-21] (Microsoft Corporation)
S5 storvsc; C:\Windows\System32\drivers\storvsc.sys [45888 2013-08-22] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2476376 2015-06-11] (Microsoft Corporation)
S5 uagp35; C:\Windows\System32\drivers\uagp35.sys [64864 2013-08-22] (Microsoft Corporation)
S5 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [65888 2013-08-22] (Microsoft Corporation)
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [37728 2013-08-22] (Microsoft Corporation)
S5 viaide; C:\Windows\System32\drivers\viaide.sys [19808 2013-08-22] (VIA Technologies, Inc.)
S5 vmbus; C:\Windows\System32\drivers\vmbus.sys [97048 2014-11-21] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [73568 2013-08-22] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [377696 2013-08-22] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [310080 2014-11-21] (Microsoft Corporation)
S5 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [168800 2013-08-22] (VIA Technologies Inc.,Ltd)
S5 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [305504 2013-08-22] (VIA Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [839488 2013-08-22] (Microsoft Corporation)
R5 WFPLWFS; C:\Windows\System32\DRIVERS\wfplwfs.sys [136512 2014-11-21] (Microsoft Corporation)
R5 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-11-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-19 13:24 - 2015-08-19 13:25 - 00000000 ____D C:\FRST
2015-08-19 13:24 - 2015-08-19 13:24 - 00000000 ____D C:\Users\S.Hampton\Desktop\FRST-OlderVersion
2015-08-19 13:14 - 2015-08-19 13:14 - 00000000 ____D C:\Users\S.Hampton\AppData\Roaming\AVAST Software
2015-08-19 13:13 - 2015-08-19 13:13 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-08-19 13:13 - 2015-08-19 13:13 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-19 13:13 - 2015-08-19 13:13 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-19 13:13 - 2015-08-19 13:13 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-19 13:13 - 2015-08-19 13:13 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-19 13:13 - 2015-08-19 13:13 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-19 13:13 - 2015-08-19 13:13 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-19 13:13 - 2015-08-19 13:13 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-19 13:13 - 2015-08-19 13:13 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-19 13:13 - 2015-08-19 13:13 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-19 13:13 - 2015-08-19 13:13 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-19 13:13 - 2015-08-19 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-19 13:13 - 2015-08-19 13:12 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1440004420078
2015-08-19 13:10 - 2015-08-19 13:10 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-19 13:09 - 2015-08-19 13:09 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-19 12:47 - 2015-08-19 12:47 - 00000000 ____D C:\$SysReset
2015-08-19 07:54 - 2015-08-19 13:13 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-18 15:10 - 2015-08-18 15:10 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-08-18 10:56 - 2015-08-18 11:44 - 00006668 _____ C:\Windows\comsetup.log
2015-08-18 10:55 - 2015-08-18 11:45 - 00009528 _____ C:\Windows\diagwrn.xml
2015-08-18 10:55 - 2015-08-18 11:45 - 00009528 _____ C:\Windows\diagerr.xml
2015-08-16 01:16 - 2015-08-16 01:16 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-08-16 01:16 - 2015-08-16 01:16 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-08-13 20:15 - 2015-08-13 20:15 - 00977776 _____ C:\Windows\Minidump\081315-28359-01.dmp
2015-08-13 15:34 - 2015-08-13 15:34 - 00000000 ____D C:\Users\S.Hampton\AppData\Roaming\BlueFox Free PDF to JPG Converter
2015-08-13 15:31 - 2015-08-19 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Results Hub
2015-08-13 15:31 - 2015-08-19 11:04 - 00000000 ____D C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656
2015-08-13 15:31 - 2015-08-13 20:15 - 00000000 ____D C:\Program Files (x86)\Results Hub
2015-08-13 15:31 - 2015-08-13 15:31 - 00000000 ____D C:\ProgramData\Results Hub
2015-08-13 15:30 - 2015-08-19 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueFox Free PDF to JPG Converter
2015-08-13 15:30 - 2015-08-13 15:30 - 00001444 _____ C:\Users\S.Hampton\AppData\Roaming\Microsoft\Windows\Start Menu\BlueFox Free PDF to JPG Converter.lnk
2015-08-13 15:30 - 2015-08-13 15:30 - 00001420 _____ C:\Users\S.Hampton\Desktop\BlueFox Free PDF to JPG Converter.lnk
2015-08-13 15:30 - 2015-08-13 15:30 - 00000000 ____D C:\Users\S.Hampton\AppData\Roaming\OpenCandy
2015-08-13 15:30 - 2015-08-13 15:30 - 00000000 ____D C:\Program Files (x86)\BlueFox Free PDF to JPG Converter
2015-08-13 13:44 - 2015-08-19 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free EPS Converter
2015-08-13 13:44 - 2015-08-13 13:44 - 00001340 _____ C:\Users\Public\Desktop\Free EPS Converter.lnk
2015-08-13 13:44 - 2015-08-13 13:44 - 00000000 ____D C:\Program Files (x86)\Free Picture Solutions
2015-08-13 13:43 - 2015-08-13 13:43 - 00000000 ____D C:\Users\S.Hampton\AppData\Roaming\Free Picture Solutions
2015-08-13 12:45 - 2015-08-13 12:45 - 00000000 ____D C:\Users\S.Hampton\AppData\Roaming\FastStone
2015-08-13 11:45 - 2015-08-19 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2015-08-13 11:45 - 2015-08-13 11:45 - 00001117 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2015-08-13 11:45 - 2015-08-13 11:45 - 00000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2015-08-13 11:35 - 2015-08-19 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-08-13 11:35 - 2015-08-13 11:35 - 00000000 ____D C:\Program Files (x86)\Coupons
2015-08-12 09:55 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:55 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:39 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 09:39 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 09:39 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 09:39 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 09:39 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 09:39 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 09:39 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 09:39 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 09:39 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 09:38 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 09:38 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 09:38 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 09:38 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 09:38 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 09:38 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 09:38 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 09:38 - 2015-07-18 21:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 09:38 - 2015-07-18 14:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 09:38 - 2015-07-18 14:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 09:38 - 2015-07-18 14:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 09:38 - 2015-07-18 14:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 09:38 - 2015-07-18 14:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-08-12 09:38 - 2015-07-18 14:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 09:38 - 2015-07-18 14:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 09:38 - 2015-07-18 14:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 09:38 - 2015-07-18 14:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 09:38 - 2015-07-18 14:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 09:38 - 2015-07-18 14:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 09:38 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-12 09:38 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 09:38 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 09:38 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 09:38 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 09:38 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 09:38 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 09:38 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-12 09:38 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-12 09:38 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 09:38 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 09:38 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 09:38 - 2015-07-16 15:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-12 09:38 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 09:38 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 09:38 - 2015-07-16 15:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-08-12 09:38 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 09:38 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 09:38 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 09:38 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-12 09:38 - 2015-07-16 15:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-12 09:38 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 09:38 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 09:38 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 09:38 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 09:38 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 09:38 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-12 09:38 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 09:38 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 09:38 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 09:38 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 09:38 - 2015-06-09 14:27 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-12 09:37 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-12 09:37 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-12 09:37 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-12 09:37 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-12 09:37 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 09:36 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 09:36 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 09:36 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 09:36 - 2015-07-24 14:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 09:36 - 2015-07-24 14:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 09:36 - 2015-07-24 14:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 09:36 - 2015-07-24 13:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 09:36 - 2015-07-24 13:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 09:36 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-12 09:36 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-12 09:36 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-08-12 09:36 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 09:36 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 09:36 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 09:36 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 09:36 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 09:36 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 09:36 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 09:36 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 09:36 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 09:36 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 09:36 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 09:36 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 09:36 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 09:36 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-12 09:36 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-08-12 09:36 - 2015-05-11 20:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 16:44 - 2015-08-11 16:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-06 19:10 - 2015-08-06 19:10 - 00188104 _____ C:\ods.exe
2015-08-06 10:11 - 2015-08-06 10:12 - 00872160 _____ C:\Windows\Minidump\080615-17125-01.dmp
2015-08-01 22:46 - 2015-08-01 22:46 - 00872144 _____ C:\Windows\Minidump\080115-20171-01.dmp
2015-07-29 13:49 - 2015-07-29 13:49 - 00872464 _____ C:\Windows\Minidump\072915-18828-01.dmp
2015-07-25 16:25 - 2015-08-19 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power MP3 WMA Converter
2015-07-25 16:25 - 2015-07-25 16:27 - 00000000 ____D C:\Users\S.Hampton\AppData\Roaming\PowerMp3WmaConverter
2015-07-25 16:25 - 2015-07-25 16:25 - 00000000 ____D C:\Program Files (x86)\Power MP3 WMA Converter
2015-07-25 14:30 - 2015-07-25 14:30 - 00905320 _____ C:\Windows\Minidump\072515-30437-01.dmp
2015-07-24 18:40 - 2015-07-24 18:40 - 00000000 ____D C:\Users\S.Hampton\AppData\Roaming\vlc
2015-07-24 18:38 - 2015-08-19 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-07-24 18:38 - 2015-07-24 18:38 - 00001082 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-07-24 18:38 - 2015-07-24 18:38 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-07-24 11:34 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-07-24 11:34 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-07-23 21:38 - 2015-08-19 16:53 - 00000000 ____D C:\Users\S.Hampton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-07-23 21:38 - 2015-07-23 21:38 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2015-07-23 21:38 - 2015-07-23 21:38 - 00000000 ____D C:\Users\S.Hampton\AppData\Local\Deployment
2015-07-23 21:38 - 2015-07-23 21:38 - 00000000 ____D C:\Users\S.Hampton\AppData\Local\Apps\2.0
2015-07-23 21:31 - 2015-07-23 21:31 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-07-23 21:31 - 2015-07-23 21:31 - 00000000 ____D C:\Program Files\MSBuild
2015-07-23 21:31 - 2015-07-23 21:31 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-07-23 21:31 - 2015-07-23 21:31 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-07-23 21:29 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2015-07-23 21:29 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2015-07-23 21:22 - 2015-07-23 21:22 - 00000000 ____D C:\ProgramData\Temp
2015-07-23 15:31 - 2015-07-30 14:38 - 00000000 ____D C:\Users\S.Hampton\AppData\Local\CrashDumps
2015-07-23 15:31 - 2015-07-23 15:31 - 00000000 ____D C:\swtools
2015-07-23 14:57 - 2015-07-23 14:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-07-23 09:39 - 2015-07-23 09:39 - 00743607 _____ C:\ProgramData\SPL75F1.tmp
2015-07-23 09:37 - 2015-07-23 09:37 - 00872384 _____ C:\Windows\Minidump\072315-22093-01.dmp
2015-07-22 13:41 - 2015-07-22 13:41 - 00743607 _____ C:\ProgramData\SPLB05C.tmp
2015-07-20 18:02 - 2015-08-13 15:21 - 00000000 ____D C:\Users\S.Hampton\AppData\Roaming\Foxit Software
2015-07-20 18:02 - 2015-07-20 18:02 - 00000000 ____D C:\Users\Public\Foxit Software
2015-07-20 18:01 - 2015-08-19 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-07-20 18:01 - 2015-07-20 18:01 - 00001367 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2015-07-20 18:01 - 2015-07-20 18:01 - 00000000 ____D C:\Program Files (x86)\Foxit Software
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-19 16:53 - 2015-07-13 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-19 16:53 - 2015-07-13 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
2015-08-19 16:53 - 2015-07-13 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Applications
2015-08-19 16:53 - 2015-07-13 12:45 - 00000000 ____D C:\Windows\SysWOW64\color
2015-08-19 16:53 - 2015-07-13 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 7300 Series
2015-08-19 16:53 - 2015-07-08 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-19 16:53 - 2015-07-08 07:59 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-08-19 16:53 - 2015-07-07 22:30 - 00000000 ____D C:\Users\S.Hampton
2015-08-19 16:53 - 2015-07-07 19:49 - 00000000 ____D C:\Program Files\CONEXANT
2015-08-19 16:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-RS
2015-08-19 16:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-19 16:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sr-Latn-RS
2015-08-19 16:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\spool
2015-08-19 16:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Recovery
2015-08-19 16:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-19 16:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\MediaViewer
2015-08-19 16:53 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-19 16:53 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\oobe
2015-08-19 13:25 - 2015-06-22 01:06 - 00025441 _____ C:\Users\S.Hampton\Desktop\FRST.txt
2015-08-19 13:24 - 2015-06-22 01:05 - 02173440 _____ (Farbar) C:\Users\S.Hampton\Desktop\FRST64.exe
2015-08-19 13:15 - 2015-07-08 17:36 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-19 13:14 - 2015-07-08 17:36 - 00003052 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-19 13:14 - 2015-07-08 17:36 - 00002816 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-19 13:14 - 2015-07-07 22:36 - 00002846 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2821996762-1571584891-55505278-1001
2015-08-19 13:08 - 2015-07-07 22:30 - 01276318 _____ C:\Windows\WindowsUpdate.log
2015-08-19 13:07 - 2014-11-21 04:44 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-19 13:04 - 2015-07-08 17:35 - 00002630 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A16F4189-BB33-4721-BBE1-E09A98EAFFDC}
2015-08-19 13:04 - 2015-07-08 17:30 - 00000000 ___DO C:\Users\S.Hampton\OneDrive
2015-08-19 13:03 - 2015-07-13 16:12 - 00000000 ___RD C:\Users\S.Hampton\Google Drive
2015-08-19 13:03 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-19 13:02 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-19 13:02 - 2015-07-08 17:36 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-19 13:02 - 2015-07-07 23:24 - 00000000 ____D C:\Windows\Panther
2015-08-19 13:00 - 2013-08-22 10:46 - 00024313 _____ C:\Windows\setupact.log
2015-08-19 13:00 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 11:59 - 2015-07-07 22:30 - 00000000 ____D C:\Users\S.Hampton\AppData\Local\VirtualStore
2015-08-18 11:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Registration
2015-08-18 11:37 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-18 11:30 - 2015-07-07 22:26 - 00000000 __SHD C:\Recovery
2015-08-18 11:26 - 2015-07-07 19:47 - 00000000 ____D C:\AMD
2015-08-18 10:58 - 2013-08-22 11:37 - 00003700 _____ C:\Windows\DtcInstall.log
2015-08-18 10:58 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-18 10:55 - 2015-07-08 08:04 - 01434232 _____ C:\Users\Public\CAFADEBUG.log
2015-08-17 17:20 - 2015-07-13 12:44 - 00000000 ____D C:\Program Files\Lx_cats
2015-08-16 01:17 - 2015-07-13 16:11 - 00002058 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-16 01:17 - 2015-07-13 16:11 - 00002056 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-16 01:17 - 2015-07-13 16:11 - 00002046 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-13 20:32 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-08-13 20:15 - 2015-07-17 08:37 - 431032881 _____ C:\Windows\MEMORY.DMP
2015-08-13 20:15 - 2015-07-17 08:37 - 00000000 ____D C:\Windows\Minidump
2015-08-13 20:15 - 2014-11-21 04:34 - 00010232 _____ C:\Windows\PFRO.log
2015-08-13 17:16 - 2015-07-08 17:38 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-13 11:15 - 2013-08-22 10:44 - 00337808 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 11:13 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 11:13 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 11:13 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 11:13 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-12 09:56 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-12 09:55 - 2015-07-07 20:44 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 09:50 - 2015-07-07 20:44 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 09:49 - 2015-07-08 07:48 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 09:49 - 2014-11-21 11:56 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 09:49 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 09:49 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-08 09:55 - 2015-07-17 08:41 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 09:55 - 2015-07-17 08:41 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-06 10:22 - 2015-07-07 22:30 - 00000000 ____D C:\Users\S.Hampton\AppData\Local\Packages
2015-07-27 17:04 - 2015-07-13 16:08 - 00002224 _____ C:\Users\S.Hampton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screenpresso.lnk
2015-07-25 16:25 - 2015-04-24 16:20 - 00001154 _____ C:\Users\S.Hampton\Desktop\Power MP3 WMA Converter.lnk
2015-07-25 15:40 - 2015-07-08 08:00 - 00000000 ____D C:\Users\S.Hampton\Documents\Bluetooth Folder
2015-07-25 14:39 - 2015-07-08 07:47 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-22 12:11 - 2015-07-13 12:18 - 00001103 _____ C:\Users\Public\Desktop\Hawking Control Center.lnk
 
==================== Files in the root of some directories =======
 
2015-07-07 19:49 - 2015-07-07 19:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-23 09:39 - 2015-07-23 09:39 - 0743607 _____ () C:\ProgramData\SPL75F1.tmp
2015-07-22 13:41 - 2015-07-22 13:41 - 0743607 _____ () C:\ProgramData\SPLB05C.tmp
 
Some files in TEMP:
====================
C:\Users\S.Hampton\AppData\Local\Temp\ScreenpressoUpd.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-16 04:00
 
==================== End of log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-08-2015
Ran by S.Hampton (2015-08-19 13:26:09)
Running from C:\Users\S.Hampton\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2821996762-1571584891-55505278-500 - Administrator - Disabled)
Guest (S-1-5-21-2821996762-1571584891-55505278-501 - Limited - Disabled)
S.Hampton (S-1-5-21-2821996762-1571584891-55505278-1001 - Administrator - Enabled) => C:\Users\S.Hampton
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1926.41617 - ABBYY Software House)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
BlueFox Free PDF to JPG Converter 9.5.5 (HKLM-x32\...\BlueFox Free PDF to JPG Converter_is1) (Version:  - BlueFoxPDF Co.,Ltd.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
FastStone Image Viewer 5.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.4 - FastStone Soft)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.124.715 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Free EPS Converter (HKLM-x32\...\{89A56705-9ADA-4B3D-AF04-959AE49ED9D5}) (Version: 1.0.0 - Free Picture Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hawking Control Center (HKLM-x32\...\{5836F014-73C6-4791-8E76-F3B152EE0DD4}) (Version: 2.23 - Hawking Corporation)
Lenovo Service Bridge (HKU\S-1-5-21-2821996762-1571584891-55505278-1001\...\cbe8636f7dd0cf1d) (Version: 1.4.0.0 - Lenovo)
Lexmark 7300 Series (HKLM\...\Lexmark 7300 Series) (Version:  - Lexmark International, Inc.)
Power MP3 WMA Converter, (ver 6.5) (HKLM-x32\...\Power MP3 WMA Converter Full Version_is1) (Version: 6.5 - CooolSoft, Inc.)
Presto! PageManager 7.12.10 (HKLM-x32\...\{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}) (Version:  - )
Print to Fax (HKLM-x32\...\{5BF2B19D-9C79-492A-8969-F059F06A627F}) (Version: 1.00 - BVRP Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.71 - Realtek Semiconductor Corp.)
Results Hub (HKLM-x32\...\Results Hub) (Version: 2.0.5703.19174 - Results Hub) <==== ATTENTION
Screenpresso (HKU\S-1-5-21-2821996762-1571584891-55505278-1001\...\Screenpresso) (Version: 1.5.6.0 - Learnpulse)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
28-07-2015 15:54:16 Windows Update
06-08-2015 10:23:56 Scheduled Checkpoint
12-08-2015 09:46:57 Windows Update
13-08-2015 13:44:18 Installed Free EPS Converter
19-08-2015 13:09:43 avast! antivirus system restore point
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {41B671E4-5CC7-4176-ABEB-C309CA1D12E6} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {57868B4B-0362-46CB-AB36-B7750BFD639F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-19] (AVAST Software)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {9EDF3861-0303-491E-975A-3B17C5062A03} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2821996762-1571584891-55505278-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\S.Hampton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {E2C3A8D4-81D1-497A-AA56-4FF6FC25A1C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-08] (Google Inc.)
Task: {EFB1F196-69FF-41C6-9FB8-8264CDE58728} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-08] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe/cLENOVO\S.Ham
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe/ua /installsource schedulerLENOVO\S.Ham
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-13 14:39 - 2015-08-19 11:04 - 01203936 _____ () C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugincontainer.exe
2015-08-13 14:43 - 2015-08-19 10:59 - 00701152 _____ () C:\Program Files (x86)\Common Files\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\updater.exe
2015-08-19 11:04 - 2015-08-19 11:04 - 01043680 _____ () C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\7\plugin.exe
2015-08-19 08:28 - 2015-08-19 08:28 - 01070304 _____ () C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\10\plugin.exe
2015-08-19 06:23 - 2015-08-19 06:23 - 01187552 _____ () C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\6\plugin.exe
2015-08-19 11:04 - 2015-08-19 11:04 - 01369824 _____ () C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\8\plugin.exe
2015-08-19 11:04 - 2015-08-19 11:04 - 01372384 _____ () C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\5\plugin.exe
2015-08-19 09:28 - 2015-08-19 09:28 - 01372896 _____ () C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\3\plugin.exe
2013-09-25 03:04 - 2013-09-25 03:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 03:01 - 2013-09-25 03:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 03:08 - 2013-09-25 03:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-07-13 12:46 - 2006-09-20 08:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2015-07-13 12:46 - 2006-10-30 16:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2015-08-12 18:06 - 2015-08-12 18:06 - 00042696 _____ () C:\ProgramData\Results Hub\ResultsHubDesktopSearch.exe
2012-06-05 15:16 - 2012-06-05 15:16 - 04287488 _____ () C:\Program Files (x86)\Hawking\Control Center\Control Center.exe
2015-07-13 12:45 - 2005-04-28 09:34 - 00118784 _____ () C:\Program Files (x86)\Lexmark 7300 Series\lxcidrec.dll
2015-07-13 12:45 - 2005-06-14 17:08 - 00196608 _____ () C:\Program Files (x86)\Lexmark 7300 Series\iptk.dll
2015-08-13 17:15 - 2015-08-07 20:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-13 17:15 - 2015-08-07 20:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
2015-08-19 13:02 - 2015-08-19 13:02 - 00098816 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32api.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00110080 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\pywintypes27.dll
2015-08-19 13:02 - 2015-08-19 13:02 - 00364544 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\pythoncom27.dll
2015-08-19 13:02 - 2015-08-19 13:02 - 00045568 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\_socket.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 01161216 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\_ssl.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00320512 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32com.shell.shell.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00713216 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\_hashlib.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 01176576 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\wx._core_.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00806400 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\wx._gdi_.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00816128 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\wx._windows_.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 01067008 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\wx._controls_.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00733184 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\wx._misc_.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00682496 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\pysqlite2._sqlite.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00087552 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\_ctypes.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00119808 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32file.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00108544 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32security.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00007168 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\hashobjs_ext.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00068096 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\usb_ext.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00167936 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32gui.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00018432 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32event.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00128512 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\_elementtree.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00127488 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\pyexpat.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00013824 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\common.time34.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00036864 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\_psutil_windows.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00038912 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32inet.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00011264 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32crypt.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00077312 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\wx._html2.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00027136 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\_multiprocessing.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00020480 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\_yappi.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00035840 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32process.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00686080 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\unicodedata.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00123392 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\wx._wizard.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00024064 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32pipe.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00010240 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\select.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00025600 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32pdh.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00525640 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\windows._lib_cacheinvalidation.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00017408 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32profile.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00022528 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\win32ts.pyd
2015-08-19 13:02 - 2015-08-19 13:02 - 00078848 _____ () C:\Users\S91B1~1.HAM\AppData\Local\Temp\_MEI44762\wx._animate.pyd
2015-08-19 13:13 - 2015-08-19 13:13 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-19 13:12 - 2015-08-19 13:12 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-19 13:13 - 2015-08-19 13:13 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15081901\algo.dll
2015-08-19 13:13 - 2015-08-19 13:13 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-13 17:15 - 2015-08-07 20:13 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\S.Hampton\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2821996762-1571584891-55505278-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\S.Hampton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{590891B7-7955-4B66-A126-E4542AE9A68E}] => (Allow) C:\Windows\SysWOW64\lxcicoms.exe
FirewallRules: [{CAE6CE3B-7E50-4820-8DC5-F7602D13C5EE}] => (Allow) C:\Windows\SysWOW64\lxcicoms.exe
FirewallRules: [TCP Query User{4B6D352C-9E7E-4CC7-AFCF-EC7A49AE0FCF}C:\program files (x86)\hawking\control center\control center.exe] => (Allow) C:\program files (x86)\hawking\control center\control center.exe
FirewallRules: [UDP Query User{70781858-6C72-465E-86C7-9105196C5676}C:\program files (x86)\hawking\control center\control center.exe] => (Allow) C:\program files (x86)\hawking\control center\control center.exe
FirewallRules: [{94F742C7-F931-4C73-BCBE-84AFE7D77C78}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcipswx.exe
FirewallRules: [{245581EF-39FB-4A11-844B-31BE6D6AB7C4}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcipswx.exe
FirewallRules: [{BD9922B5-CE47-42DE-989B-FA4760D55C97}] => (Allow) LPort=135
FirewallRules: [{28D45C3D-8F80-4349-9F69-7EBF6B1CE401}] => (Allow) LPort=5000
FirewallRules: [{4DBC01DC-D320-4AFB-A088-363DFBE8DA0D}] => (Allow) LPort=5001
FirewallRules: [{4AE24866-85AD-4F36-8850-C689532D19A7}] => (Allow) LPort=5002
FirewallRules: [{D4B105F2-0D34-4EF8-BAB4-AC496AB062E6}] => (Allow) LPort=5003
FirewallRules: [{F6789258-AF21-49D6-9970-DF25FE4A8C1E}] => (Allow) LPort=5004
FirewallRules: [{E3923DD7-149F-40F1-969F-1A9D7FA81957}] => (Allow) LPort=5005
FirewallRules: [{DDD6C893-A832-4505-8B06-ABA238E39F9B}] => (Allow) LPort=5006
FirewallRules: [{BABB5ABE-30B2-4753-B7E4-823A6A2062EE}] => (Allow) LPort=5007
FirewallRules: [{3C244312-A5F8-490B-8C38-662BBF1F418C}] => (Allow) LPort=5008
FirewallRules: [{E6FCE76C-75C2-4E15-A148-63841E78D7C2}] => (Allow) LPort=5009
FirewallRules: [{37AA24A0-F676-4103-B9EF-B13DB215381F}] => (Allow) LPort=5010
FirewallRules: [{76191578-F455-44B8-83B5-B03F4C59AA38}] => (Allow) LPort=5011
FirewallRules: [{4004B0AE-80F5-47E6-8A0B-A215196C872B}] => (Allow) LPort=5012
FirewallRules: [{B0E2AB0B-E582-46F9-A578-493CEE52F75E}] => (Allow) LPort=5013
FirewallRules: [{882B6B30-E469-46A3-BFEC-1BF83E6FF05E}] => (Allow) LPort=5014
FirewallRules: [{57E4B9B7-706F-45B2-B18B-19758BF80389}] => (Allow) LPort=5015
FirewallRules: [{85FC9AC5-921E-4741-83AE-0BB46A2B4A77}] => (Allow) LPort=5016
FirewallRules: [{F0E13383-272B-4F96-BA50-CAA298F4CBD3}] => (Allow) LPort=5017
FirewallRules: [{E7862487-6E3C-43AA-9D54-D45B3D5D1429}] => (Allow) LPort=5018
FirewallRules: [{BFF53EEC-A8AE-4B4C-BB07-54B7455BEAAD}] => (Allow) LPort=5019
FirewallRules: [{08174798-39CB-41EA-B257-8258E873C033}] => (Allow) LPort=5020
FirewallRules: [{132DDE22-67AC-4167-8542-CF52BA3435D3}] => (Allow) C:\Windows\System32\lxcicoms.exe
FirewallRules: [{84E97A70-A910-41B7-B937-6AF92526697D}] => (Allow) C:\Windows\System32\lxcicoms.exe
FirewallRules: [TCP Query User{4E98FC06-D2D8-42CE-8129-2884A0EC7E6D}C:\program files (x86)\hawking\control center\control center.exe] => (Block) C:\program files (x86)\hawking\control center\control center.exe
FirewallRules: [UDP Query User{96949AA0-DD07-4AD5-894C-DAF9730E3B1C}C:\program files (x86)\hawking\control center\control center.exe] => (Block) C:\program files (x86)\hawking\control center\control center.exe
FirewallRules: [{6F512FA0-AE72-41E8-8779-83F92A8B2E54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/19/2015 01:22:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d04
 
Start Time: 01d0daa2942ab91a
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: e11cb6e9-4696-11e5-8264-40f02fe4c1e4
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (08/19/2015 01:14:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fd0
 
Start Time: 01d0daa0d0080705
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: d0beb3a7-4695-11e5-8264-40f02fe4c1e4
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (08/19/2015 01:02:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: diagtrack.dll, version: 10.0.10033.0, time stamp: 0x555fe42d
Exception code: 0xc0000005
Fault offset: 0x0000000000081e68
Faulting process id: 0x580
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
Faulting package full name: svchost.exe_DiagTrack4
Faulting package-relative application ID: svchost.exe_DiagTrack5
 
Error: (08/19/2015 01:01:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: diagtrack.dll, version: 10.0.10033.0, time stamp: 0x555fe42d
Exception code: 0xc0000005
Fault offset: 0x0000000000081e68
Faulting process id: 0x688
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
Faulting package full name: svchost.exe_DiagTrack4
Faulting package-relative application ID: svchost.exe_DiagTrack5
 
Error: (08/19/2015 01:00:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: diagtrack.dll, version: 10.0.10033.0, time stamp: 0x555fe42d
Exception code: 0xc0000005
Fault offset: 0x0000000000081e68
Faulting process id: 0x5c8
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
Faulting package full name: svchost.exe_DiagTrack4
Faulting package-relative application ID: svchost.exe_DiagTrack5
 
Error: (08/13/2015 10:22:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.3.9600.17415, time stamp: 0x54503ab3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x4f0
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3
Faulting package full name: spoolsv.exe4
Faulting package-relative application ID: spoolsv.exe5
 
Error: (08/03/2015 03:20:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b10
 
Start Time: 01d0cd509516e20b
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: a2641e5a-3a14-11e5-8260-40f02fe4c1e4
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/30/2015 02:38:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17416, time stamp: 0x5452fd72
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process id: 0xd94
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report Id: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5
 
Error: (07/23/2015 03:37:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x485410b9
Faulting module name: setup.exe, version: 0.0.0.0, time stamp: 0x485410b9
Exception code: 0xc0000005
Fault offset: 0x000014fa
Faulting process id: 0x1538
Faulting application start time: 0xsetup.exe_unknown0
Faulting application path: setup.exe_unknown1
Faulting module path: setup.exe_unknown2
Report Id: setup.exe_unknown3
Faulting package full name: setup.exe_unknown4
Faulting package-relative application ID: setup.exe_unknown5
 
Error: (07/23/2015 03:37:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x485410b9
Faulting module name: setup.exe, version: 0.0.0.0, time stamp: 0x485410b9
Exception code: 0xc0000005
Fault offset: 0x000014fa
Faulting process id: 0x1020
Faulting application start time: 0xsetup.exe_unknown0
Faulting application path: setup.exe_unknown1
Faulting module path: setup.exe_unknown2
Report Id: setup.exe_unknown3
Faulting package full name: setup.exe_unknown4
Faulting package-relative application ID: setup.exe_unknown5
 
 
System errors:
=============
Error: (08/19/2015 01:02:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Diagnostics Tracking Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (08/19/2015 01:01:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Diagnostics Tracking Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/19/2015 01:01:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Diagnostics Tracking Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/19/2015 12:59:59 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (08/18/2015 08:17:30 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR9.
 
Error: (08/18/2015 08:15:19 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR9.
 
Error: (08/18/2015 08:15:19 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR9.
 
Error: (08/18/2015 08:15:19 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR9.
 
Error: (08/18/2015 08:15:18 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR9.
 
Error: (08/18/2015 08:15:18 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR9.
 
 
Microsoft Office:
=========================
Error: (08/19/2015 01:22:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911d0401d0daa2942ab91a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exee11cb6e9-4696-11e5-8264-40f02fe4c1e4microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (08/19/2015 01:14:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911fd001d0daa0d00807054294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exed0beb3a7-4695-11e5-8264-40f02fe4c1e4microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (08/19/2015 01:02:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.3.9600.1741554504177diagtrack.dll10.0.10033.0555fe42dc00000050000000000081e6858001d0daa0cbf3c061C:\Windows\System32\svchost.exec:\windows\system32\diagtrack.dll09a9d4d2-4694-11e5-8264-40f02fe4c1e4
 
Error: (08/19/2015 01:01:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.3.9600.1741554504177diagtrack.dll10.0.10033.0555fe42dc00000050000000000081e6868801d0daa0b9b92a76C:\Windows\System32\svchost.exec:\windows\system32\diagtrack.dllf7a61317-4693-11e5-8264-40f02fe4c1e4
 
Error: (08/19/2015 01:00:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.3.9600.1741554504177diagtrack.dll10.0.10033.0555fe42dc00000050000000000081e685c801d0daa08f781b3bC:\Windows\System32\svchost.exec:\windows\system32\diagtrack.dlld72b16a6-4693-11e5-8264-40f02fe4c1e4
 
Error: (08/13/2015 10:22:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: spoolsv.exe6.3.9600.1741554503ab3unknown0.0.0.000000000c000000500000000000000004f001d0d051d6d61aabC:\Windows\System32\spoolsv.exeunknowna90f2b90-41c6-11e5-8261-40f02fe4c1e4
 
Error: (08/03/2015 03:20:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209111b1001d0cd509516e20b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exea2641e5a-3a14-11e5-8260-40f02fe4c1e4microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/30/2015 02:38:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.174165452fd72unknown0.0.0.000000000000000000000000000000000d9401d0ca271b26ba1fC:\Windows\System32\skydrive.exeunknown1c226808-36ea-11e5-825f-40f02fe4c1e4
 
Error: (07/23/2015 03:37:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_unknown0.0.0.0485410b9setup.exe0.0.0.0485410b9c0000005000014fa153801d0c57f07121d84C:\swtools\apps\windvd50111295-a\setup.exeC:\swtools\apps\windvd50111295-a\setup.exe44cae9f4-3172-11e5-825c-40f02fe4c1e4
 
Error: (07/23/2015 03:37:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_unknown0.0.0.0485410b9setup.exe0.0.0.0485410b9c0000005000014fa102001d0c57ef73ef95cc:\swtools\apps\windvd50111295-a\setup.exec:\swtools\apps\windvd50111295-a\setup.exe34f83daf-3172-11e5-825c-40f02fe4c1e4
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-5750M APU with Radeon™ HD Graphics 
Percentage of memory in use: 39%
Total physical RAM: 5327.26 MB
Available physical RAM: 3220.82 MB
Total Virtual: 10703.26 MB
Available Virtual: 8246.98 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931 GB) (Free:841.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 634A7BEA)
 
Partition: GPT.
 
==================== End of log ============================

 


  • 0

Advertisements

#2
Pyxis
Posted 20 August 2015 - 07:08 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :) I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
  • Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
I hope you keep in mind these reminders. Let's get to work! :thumbsup:
  • Step 1

    Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with either malware or bloatware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.
    • Coupon Printer for Windows
    • Results Hub
    Inform me if you encounter problems in the removal process.
  • Step 2

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    CloseProcesses:
EmptyTemp:

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ResultsHubDesktopSearch.lnk [2015-08-13]
ShortcutTarget: ResultsHubDesktopSearch.lnk -> C:\ProgramData\Results Hub\ResultsHubDesktopSearch.exe ()
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sw-rhb-33__alt__ddc_dsssyc_bd_com
HKU\S-1-5-21-2821996762-1571584891-55505278-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw-rhb-33__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw-rhb-33__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2821996762-1571584891-55505278-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw-rhb-33__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2821996762-1571584891-55505278-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw-rhb-33__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2821996762-1571584891-55505278-1001 -> {684F98EE-82C2-4C86-9C5D-0E0E8D43A1C0} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms}
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-17]
CHR HKU\S-1-5-21-2821996762-1571584891-55505278-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
C:\Program Files (x86)\Coupons
R2 Service Mgr ResultsHub; C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugincontainer.exe [1203936 2015-08-19] ()
R2 Update Mgr ResultsHub; C:\Program Files (x86)\Common Files\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\updater.exe [701152 2015-08-19] ()
C:\Program Files (x86)\Common Files\3929cb63-cbbd-4b9c-8b92-a50fbd04e656
2015-08-13 15:31 - 2015-08-19 11:04 - 00000000 ____D C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656
2015-08-13 15:31 - 2015-08-13 20:15 - 00000000 ____D C:\Program Files (x86)\Results Hub
2015-08-13 15:31 - 2015-08-13 15:31 - 00000000 ____D C:\ProgramData\Results Hub
2015-08-13 11:35 - 2015-08-19 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION

RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: bitsadmin /reset /allusers
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Read the Terms of Use and click I Agree.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)
    • AdwCleaner[S*].txt (AdwCleaner)

  • 0

#3
shampton2
Posted 20 August 2015 - 08:42 PM

shampton2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Thank you for your help. Here are my log files.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:21-08-2015
Ran by S.Hampton (2015-08-20 22:26:28) Run:1
Running from C:\Users\S.Hampton\Desktop
Loaded Profiles: S.Hampton (Available Profiles: S.Hampton)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
EmptyTemp:
 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ResultsHubDesktopSearch.lnk [2015-08-13]
ShortcutTarget: ResultsHubDesktopSearch.lnk -> C:\ProgramData\Results Hub\ResultsHubDesktopSearch.exe ()
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sw-rhb-33__alt__ddc_dsssyc_bd_com
HKU\S-1-5-21-2821996762-1571584891-55505278-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw-rhb-33__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw-rhb-33__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2821996762-1571584891-55505278-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw-rhb-33__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2821996762-1571584891-55505278-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw-rhb-33__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2821996762-1571584891-55505278-1001 -> {684F98EE-82C2-4C86-9C5D-0E0E8D43A1C0} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms}
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-17]
CHR HKU\S-1-5-21-2821996762-1571584891-55505278-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
C:\Program Files (x86)\Coupons
R2 Service Mgr ResultsHub; C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugincontainer.exe [1203936 2015-08-19] ()
R2 Update Mgr ResultsHub; C:\Program Files (x86)\Common Files\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\updater.exe [701152 2015-08-19] ()
C:\Program Files (x86)\Common Files\3929cb63-cbbd-4b9c-8b92-a50fbd04e656
2015-08-13 15:31 - 2015-08-19 11:04 - 00000000 ____D C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656
2015-08-13 15:31 - 2015-08-13 20:15 - 00000000 ____D C:\Program Files (x86)\Results Hub
2015-08-13 15:31 - 2015-08-13 15:31 - 00000000 ____D C:\ProgramData\Results Hub
2015-08-13 11:35 - 2015-08-19 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
 
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: bitsadmin /reset /allusers
*****************
 
Processes closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ResultsHubDesktopSearch.lnk not found.
C:\ProgramData\Results Hub\ResultsHubDesktopSearch.exe not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2821996762-1571584891-55505278-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-2821996762-1571584891-55505278-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2821996762-1571584891-55505278-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-2821996762-1571584891-55505278-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{684F98EE-82C2-4C86-9C5D-0E0E8D43A1C0}" => key removed successfully
HKCR\CLSID\{684F98EE-82C2-4C86-9C5D-0E0E8D43A1C0} => key not found. 
C:\Users\S.Hampton\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => moved successfully
"HKU\S-1-5-21-2821996762-1571584891-55505278-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
CouponPrinterService => service not found.
C:\Program Files (x86)\Coupons => moved successfully
Service Mgr ResultsHub => service not found.
Update Mgr ResultsHub => service not found.
"C:\Program Files (x86)\Common Files\3929cb63-cbbd-4b9c-8b92-a50fbd04e656" => File/Folder not found.
"C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656" => File/Folder not found.
"C:\Program Files (x86)\Results Hub" => File/Folder not found.
"C:\ProgramData\Results Hub" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => key removed successfully
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2821996762-1571584891-55505278-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2821996762-1571584891-55505278-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 1.3 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 22:26:56 ====
 
 
# AdwCleaner v5.003 - Logfile created 20/08/2015 at 22:35:59
# Updated 20/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : S.Hampton - SUMMARAHLAPTOP
# Running from : C:\Users\S.Hampton\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\S.Hampton\AppData\Roaming\OpenCandy
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [751 bytes] ##########
 

  • 0

#4
Pyxis
Posted 22 August 2015 - 03:18 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Is Yahoo Search still being persistent, or are you able to set a different search engine now? :) Also, what issues remain?
  • Step 1

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
      • Click Finish after.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Note: If you get an error about an unsupported operating system, please reboot your computer and try again.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • checkup.txt (SecurityCheck)
    • mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)

  • 0

#5
Pyxis
Posted 26 August 2015 - 02:45 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a new topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP