Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

When I try to open anything the computer seems to stick and I need to


  • This topic is locked This topic is locked

#1
leahcase

leahcase

    Member

  • Member
  • PipPipPip
  • 229 posts
When I try to open anything the computer seems to stick and I need to close everything and reopen them up... I ran avast and malwarebytes and anti-malwarebytes..and both show nothing is wrong... the computer seems to run very slow...... please help me....

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets have a look first

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

did you get the first text..


  • 0

#4
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-12-2015
Ran by LEAH (administrator) on LEAH-HP (14-12-2015 15:05:38)
Running from C:\Users\LEAH\Desktop
Loaded Profiles: LEAH (Available Profiles: LEAH)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-10] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-01-15] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Users\LEAH\Desktop\MyHeritage\Bin\FTBCheckUpdates.exe
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Run: [Windows Media Center] => RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-10] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{97C2C03B-E037-4027-A1B1-1C8D4D36DD98}: [DhcpNameServer] 66.76.203.153
Tcpip\..\Interfaces\{E608E075-6365-42C8-81D8-C81FE5C06FFA}: [DhcpNameServer] 208.180.42.68 208.180.42.100
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.googlecrome.com/
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {DE30B262-EFFC-49B2-B5CA-F74EDFA0CA15} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {DE30B262-EFFC-49B2-B5CA-F74EDFA0CA15} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-629239370-1108922991-2781443091-1000 -> {9FE26522-63FB-437F-9C62-40E7F7ACDB46} URL = hxxps://www.flickr.com/search/?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-19] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
DPF: HKLM {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ [] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected] [2015-02-07] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> "chrome-extension://mmgkbcihahpocjmclehpjejmgjmijcib/stubby.html","chrome-extension://ibnhigdfmacodpffeofnbpigfjohappe/newtab/newtab.html","chrome-extension://nafaimnnclfjfedmmabolbppcngeolgf/newtab/newtab-hp.html","chrome-extension://njcppijcjnopcomccfkncdnbijhbefci/stubby.html","chrome-extension://dcmcdoaknaojppeomaejlbjbpgocdhok/stubby.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-23]
CHR Extension: (Google Drive) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (MyWebFace) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmcdoaknaojppeomaejlbjbpgocdhok [2015-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (My Current News XP) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnhigdfmacodpffeofnbpigfjohappe [2015-11-05]
CHR Extension: (MapsGalaxy) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci [2015-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-10] (AVAST Software)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [242936 2015-11-06] (RaMMicHaeL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-10] (AVAST Software)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [79360 2011-06-01] (ASIX Electronics Corp.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-11-09] (SlimWare Utilities, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-14 15:05 - 2015-12-14 15:10 - 00034734 _____ C:\Users\LEAH\Desktop\FRST.txt
2015-12-14 15:00 - 2015-12-14 15:01 - 02369536 _____ (Farbar) C:\Users\LEAH\Desktop\FRST64.exe
2015-12-13 05:04 - 2015-12-13 05:04 - 00000000 ____H C:\Users\LEAH\Documents\Default.rdp
2015-12-13 03:36 - 2015-12-13 03:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
2015-12-13 03:23 - 2015-12-13 03:23 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_EhStorCertDrv_01_09_00.Wdf
2015-12-13 02:10 - 2015-12-13 02:10 - 00001071 _____ C:\Users\LEAH\Desktop\External HDD - Shortcut.lnk
2015-12-10 05:05 - 2015-12-10 05:05 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-10 05:05 - 2015-12-10 05:05 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-08 15:01 - 2015-11-20 12:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 15:01 - 2015-11-20 12:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 15:01 - 2015-11-20 12:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 15:01 - 2015-11-20 12:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 15:01 - 2015-11-20 12:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 15:01 - 2015-11-20 12:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 15:01 - 2015-11-20 12:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 15:01 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 15:01 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 15:01 - 2015-11-20 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 15:01 - 2015-11-20 12:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 15:01 - 2015-11-20 12:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 15:01 - 2015-11-20 12:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 15:01 - 2015-11-20 12:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 15:01 - 2015-11-20 12:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 15:01 - 2015-11-20 12:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 15:01 - 2015-11-11 15:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 15:01 - 2015-11-11 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 15:01 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 15:01 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 15:01 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 15:01 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 15:01 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 15:01 - 2015-11-11 09:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 15:01 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 15:01 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 15:01 - 2015-11-11 08:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 15:01 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 15:01 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 15:01 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 15:01 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 15:01 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 15:01 - 2015-11-10 11:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 15:01 - 2015-11-09 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 15:01 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 15:01 - 2015-11-09 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 15:01 - 2015-11-09 18:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 15:01 - 2015-11-09 18:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 15:01 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 15:01 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 15:01 - 2015-11-09 18:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 15:01 - 2015-11-09 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 15:01 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 15:01 - 2015-11-09 18:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 15:01 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 15:01 - 2015-11-09 18:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 15:01 - 2015-11-09 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 15:01 - 2015-11-09 17:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 15:01 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 15:01 - 2015-11-09 17:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 15:01 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 15:01 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 15:01 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 15:01 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 15:01 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 15:01 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 15:01 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 15:01 - 2015-11-08 16:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 15:01 - 2015-11-08 16:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 15:01 - 2015-11-08 16:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 15:01 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 15:01 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 15:01 - 2015-11-08 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 15:01 - 2015-11-08 16:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 15:01 - 2015-11-08 16:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 15:01 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 15:01 - 2015-11-08 16:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 15:01 - 2015-11-08 15:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 15:01 - 2015-11-08 15:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 15:01 - 2015-11-08 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 15:01 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 15:01 - 2015-11-08 15:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 15:01 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 15:01 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 15:01 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 15:01 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 15:01 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 15:01 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 15:01 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 15:01 - 2015-11-05 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-08 15:01 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-08 15:01 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 15:01 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 15:01 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 15:01 - 2015-10-08 17:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-08 15:01 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 15:01 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 15:01 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 15:01 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 15:01 - 2015-10-08 17:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 15:01 - 2015-10-08 17:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 15:01 - 2015-10-08 17:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-08 15:01 - 2015-10-08 13:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 15:01 - 2015-10-08 12:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-08 15:00 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 15:00 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 15:00 - 2015-11-08 16:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 15:00 - 2015-11-08 16:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 15:00 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 15:00 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 15:00 - 2015-11-08 16:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 15:00 - 2015-11-08 16:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 15:00 - 2015-11-08 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 15:00 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 15:00 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 15:00 - 2015-11-08 15:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 15:00 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 14:59 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 14:59 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-03 20:37 - 2015-12-03 20:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e3cbb6493e1.job
2015-12-03 09:52 - 2015-12-03 09:52 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 09:52 - 2015-12-03 09:52 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-03 02:57 - 2015-12-03 02:57 - 00000000 ____D C:\Users\LEAH\AppData\Local\AVAST Software
2015-11-30 20:52 - 2015-11-30 20:52 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForLEAH-HP$.job
2015-11-30 14:50 - 2015-11-30 14:50 - 00000243 _____ C:\Users\LEAH\Desktop\Veterans Affairs Dental Insurance Program.url
2015-11-19 15:11 - 2015-11-19 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vimicro USB PC Camera
2015-11-19 15:11 - 2015-11-19 15:11 - 00000000 ____D C:\Program Files (x86)\Vimicro
2015-11-19 15:11 - 2004-08-17 11:44 - 00091263 _____ (VM) C:\Windows\SysWOW64\Drivers\usbVM31b.sys
2015-11-19 15:11 - 2004-06-18 16:52 - 00233557 _____ (Vimicro) C:\Windows\SysWOW64\VM31bPrp.Ax
2015-11-19 15:11 - 2004-06-09 15:37 - 00040960 _____ (BIGDOG) C:\Windows\Vm_sti.exe
2015-11-19 15:11 - 2004-03-08 17:00 - 00024576 _____ () C:\Windows\RunSetup.dll
2015-11-19 15:11 - 2003-05-15 17:17 - 00061440 _____ (VM) C:\Windows\SysWOW64\VM31bSTI.dll
2015-11-19 15:11 - 2002-08-22 17:02 - 00053248 _____ (VM) C:\Windows\StillCap.exe
2015-11-19 15:11 - 2002-08-22 16:34 - 00147456 _____ (VM) C:\Windows\VMCap.exe
2015-11-19 15:11 - 2000-10-31 12:00 - 00307200 _____ (Microsoft Corporation) C:\Windows\vidcap32.Exe
2015-11-17 13:06 - 2015-11-17 13:06 - 00003006 _____ C:\Windows\System32\Tasks\{A6AFE761-33C9-43D2-9AFB-D83F06850552}
2015-11-17 13:04 - 2015-11-17 13:04 - 00003006 _____ C:\Windows\System32\Tasks\{AC49AEB8-719A-4C9D-9F89-B855ACE74745}
2015-11-17 12:52 - 2015-11-19 19:44 - 00000000 ____D C:\Users\LEAH\Desktop\Night-Vision-350K
2015-11-16 15:12 - 2015-11-16 15:12 - 00074633 _____ C:\Users\LEAH\Desktop\webcam-test-in-adobe-flash.htm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-14 15:05 - 2014-08-15 15:26 - 00000000 ____D C:\FRST
2015-12-14 12:09 - 2014-08-11 18:06 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A9DFA2F7-49D8-4BDA-88CB-519C621E9C35}
2015-12-14 10:20 - 2015-10-25 15:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 20:58 - 2013-01-06 22:27 - 00000000 ____D C:\Users\LEAH\AppData\Local\Deployment
2015-12-13 08:36 - 2015-02-02 19:50 - 00000000 ____D C:\ProgramData\MCShield
2015-12-13 05:56 - 2014-08-20 14:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-13 05:41 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-13 05:41 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-13 05:29 - 2009-07-13 23:13 - 00855176 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-13 05:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-12-13 05:24 - 2014-08-11 17:26 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-13 05:24 - 2011-12-17 02:41 - 00000000 ____D C:\ProgramData\PDFC
2015-12-13 05:22 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-13 04:52 - 2014-08-14 22:26 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForLEAH.job
2015-12-13 04:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2015-12-13 01:43 - 2015-02-07 21:07 - 00000000 ____D C:\inetpub
2015-12-13 01:43 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-12-13 01:43 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\inetsrv
2015-12-12 18:04 - 2015-11-02 00:27 - 00000000 ____D C:\Users\LEAH\AppData\Local\ElevatedDiagnostics
2015-12-10 05:05 - 2014-11-24 16:48 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-10 05:05 - 2014-11-24 16:48 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-10 05:05 - 2014-11-24 16:48 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-10 05:05 - 2014-11-24 16:48 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-10 05:05 - 2014-11-24 16:48 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-10 05:05 - 2014-11-24 16:48 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-10 05:05 - 2014-11-24 16:47 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-10 05:05 - 2014-11-24 16:47 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-09 15:03 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-12-09 03:32 - 2015-10-24 17:10 - 00310184 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 03:30 - 2013-03-13 11:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 03:30 - 2013-03-13 11:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 03:12 - 2013-03-13 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 03:09 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 03:02 - 2013-01-09 14:19 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-03 20:37 - 2015-09-15 01:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0ef8458e268ab.job
2015-12-03 01:56 - 2014-11-21 01:11 - 00000000 __RDC C:\Users\LEAH\Desktop\New Briefcase
2015-12-02 23:28 - 2015-04-19 15:47 - 00000000 ____D C:\Users\LEAH\AppData\Local\Windows Live
2015-12-02 21:37 - 2015-11-05 15:31 - 00000000 ____D C:\Users\LEAH\AppData\Roaming\Skype
2015-12-02 13:18 - 2010-11-20 21:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-28 12:29 - 2013-01-06 20:44 - 00000000 ____D C:\Users\LEAH\AppData\Local\CrashDumps
2015-11-25 14:56 - 2015-03-22 18:48 - 00000102 _____ C:\Users\LEAH\jobq.dat
2015-11-19 15:11 - 2011-12-17 02:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-18 09:40 - 2009-07-13 23:08 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2015-02-07 00:57 - 2015-02-07 01:27 - 0000115 _____ () C:\Users\LEAH\AppData\Roaming\LogFile.txt
2014-06-12 09:39 - 2014-11-23 00:51 - 0000097 _____ () C:\Users\LEAH\AppData\Roaming\WB.CFG
2014-11-19 14:54 - 2014-11-19 14:54 - 0008514 _____ () C:\Users\LEAH\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML
2014-11-19 14:54 - 2014-11-19 14:54 - 0004194 _____ () C:\Users\LEAH\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT
2014-08-15 12:09 - 2014-08-15 12:09 - 0000327 _____ () C:\Users\LEAH\AppData\Local\LMIR0001.tmp_r.bat
2013-01-07 22:55 - 2015-02-13 22:29 - 0016159 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\LEAH\jobq.dat
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
 
LastRegBack: 2015-11-30 00:07
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-12-2015
Ran by LEAH (2015-12-14 15:20:45)
Running from C:\Users\LEAH\Desktop
Windows 7 Ultimate (X64) (2013-01-07 00:32:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-629239370-1108922991-2781443091-500 - Administrator - Disabled)
Guest (S-1-5-21-629239370-1108922991-2781443091-501 - Administrator - Disabled)
LEAH (S-1-5-21-629239370-1108922991-2781443091-1000 - Administrator - Enabled) => C:\Users\LEAH
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
Ancestry World Archives Project - Keying Tool (HKLM-x32\...\{11E9DB47-6A91-43ED-8B8D-C3260456C3BB}) (Version: 1.1.0103 - Ancestry.com)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FamilySearch Indexing 3.17.7 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.17.7 - FamilySearch)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 4.0.0.320 (HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\GoToMeeting) (Version:  - )
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiDef Media Player 1.1.12 (HKLM-x32\...\HiDef Media Player) (Version: 1.1.12 - HiDefMedia)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Download Manager (HKLM-x32\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
PeaZip 5.5.3 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Registry Reviver (HKLM\...\Registry Reviver) (Version: 4.0.0.52 - ReviverSoft LLC)
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
R-Studio 7.6 (HKLM-x32\...\R-Studio 7.6NSIS) (Version: 7.6.156433 - R-Tools Technology Inc.)
R-Word Demo 2.0 (HKLM-x32\...\R-Word Demo_is1) (Version:  - R-tools Technology Inc.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\{A59C5BD8-8AFC-4177-AC56-B29183E722DC}) (Version: 1.2.28175 - SlimWare Utilities, Inc.)
SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Unchecky v0.4.1 (HKLM-x32\...\Unchecky) (Version: 0.4.1 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UserTesting.com Recorder Plugin (HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\UserTestingPlugin) (Version:  - UserTesting.com)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Vimicro USB PC Camera  (HKLM-x32\...\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}) (Version: 1.00.000 - )
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wondershare Data Recovery(Build 4.7.0.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.7.0.5 - Wondershare Software Co.,Ltd.)
Wondershare Video Converter Ultimate(Build 8.0.5.1) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.0.5.1 - Wondershare Software)
Wondershare Video Editor(Build 5.0.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
YouEye Recorder (HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\fbf85fdb9e08bb2c) (Version: 1.2.2.3 - YouEye, Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
28-11-2015 00:00:01 Scheduled Checkpoint
03-12-2015 09:53:49 Windows Update
08-12-2015 02:22:28 Windows Update
09-12-2015 03:00:20 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2015-12-13 05:24 - 00001270 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
127.0.0.1 d3oxij66pru1i3.cloudfront.net0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
 
There are 5 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03387FD1-A32C-4AF3-A008-1336697E76FF} - System32\Tasks\{A6AFE761-33C9-43D2-9AFB-D83F06850552} => C:\Users\LEAH\Desktop\Night-Vision-350K\Night Vision 350K\301P\Setup.exe [2004-08-18] (Vimicro Corporation                                         )
Task: {1B07E940-CCEC-4A0F-A950-6E3456973190} - System32\Tasks\{FE90A798-363B-41BC-B002-E2BBB9C59536} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
Task: {264BAED9-FEAB-4FB9-A7D0-8B9D021EF30B} - System32\Tasks\{4CB9516C-3831-4A88-9B1B-6DDC48B59BF1} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2015-10-05] (Malwarebytes)
Task: {36BFE4FC-F022-4339-82B6-5D80E4BABCD2} - System32\Tasks\{AC49AEB8-719A-4C9D-9F89-B855ACE74745} => C:\Users\LEAH\Desktop\Night-Vision-350K\Night Vision 350K\301P\Setup.exe [2004-08-18] (Vimicro Corporation                                         )
Task: {393B4F8B-0BAF-4F37-A54C-71B192797D8A} - System32\Tasks\{493445C6-BF12-4A4A-B1D9-9FE3CE9510FB} => C:\Users\LEAH\Desktop\mbam-setup-2.0.2.1012 (2).exe
Task: {49498BC4-E0A0-4EF0-97B0-C8BDAA752EC8} - System32\Tasks\{D01D8908-5375-44DF-A105-8D03876CF021} => C:\Users\LEAH\Desktop\mbam-setup-2.0.2.1012 (2).exe
Task: {52DC039C-03DD-4B14-80B2-6C1DEB562A4A} - System32\Tasks\{F84639E5-A95E-41BF-BC8A-AB5F3E1DD8DE} => Chrome.exe 
Task: {6090FC54-A322-44F7-941A-D934DE287DD5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {7E6B70D8-9435-415D-BEC6-C5A33E868A05} - System32\Tasks\{166D44CA-2874-43CE-A44E-56A6ADDF3375} => Chrome.exe 
Task: {861E73C1-2067-4BBB-92A8-F02F2905F07E} - System32\Tasks\{33ECF48C-FF93-4F02-BC47-2D66A381F819} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2015-10-05] (Malwarebytes)
Task: {8CAB1C1C-7377-4E58-94B2-46D25950788F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {937738D7-E59D-483E-B103-FF1846150A31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {9F888ADB-89C9-404A-950A-CF8DB5604191} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B0AAD1D6-306A-4F18-ACA5-9F6B2A498B52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-24] (HP Inc.)
Task: {B15796B8-C80F-441E-9FD5-16428C520ACF} - System32\Tasks\{CC98CA62-C2EA-41C1-9D7F-E418F042626A} => Chrome.exe 
Task: {C4381A08-8FE7-4F4C-A1FE-7CAE6642E42D} - System32\Tasks\{D31BE2FF-8791-4084-9C84-D5C535F39145} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
Task: {CB93E69C-981F-43DD-AA8C-F051DE3D39C9} - System32\Tasks\{E49E27E2-E1B2-4853-AFB2-0DAE1C0E4197} => C:\Program Files\Microsoft Security Client\msseces.exe
Task: {CBF24A89-C6D5-4963-B9D1-B155DB08BC04} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)
Task: {CEC833AC-5FA7-4215-8D89-1B4CC4305804} - System32\Tasks\{A1219462-33B1-48E1-871C-FA991B4657E9} => Chrome.exe 
Task: {DA5A44CB-8BC3-41FF-A937-B2E94B1F6B12} - System32\Tasks\{07E4CAC6-BF2B-460D-86AC-0ECDECF1D0F7} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
Task: {DDA0C6E3-72B8-4547-BE34-ECFD14BFEC51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {E29094E6-2377-4332-B3CA-28C24EBA4858} - System32\Tasks\{6919FDC3-53C9-44E6-A32F-AD13AAD8FC49} => Chrome.exe 
Task: {E4FD359D-631F-4703-8D80-9496ACEE03C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {E5BA3335-7533-4F44-B3D3-6E5D95AA2CB3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-10] (AVAST Software)
Task: {F4E0C83E-FCCF-4867-A1B7-4ACFB312FF55} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {F90939E1-2E50-418C-9C46-B3661D01DC4E} - System32\Tasks\{DE7A48CC-28AC-43DF-8872-2F94FF390182} => Chrome.exe 
Task: {FAE8E929-9AA6-44A1-B2F7-7C731E6288A1} - System32\Tasks\{CCEBD803-A880-419E-B798-580162FFDAC9} => Chrome.exe 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d065874b8760f4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fcb7994f78a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf361a235738.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e0fad6791919.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0ef8458e268ab.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e3cbb6493e1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLEAH-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLEAH.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\LEAH\Desktop\New Briefcase\Misc applications\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=dticon&pf=cndt&c=114&s=VUDO&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\Users\LEAH\Desktop\New Briefcase\Misc applications\Zya Music...FREE!.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=pavilion&tp=dticon&pf=cndt&c=114&s=musicmastermind&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\Users\LEAH\Desktop\New Briefcase\Hp information\Discover HP webOS.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=pavilion&c=none&pf=cndt&s=hp_palm&tp=dticon_webOS&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\Users\LEAH\Desktop\COMPUTER  PROGRAMS  TO HELP RUN IT\SYSTEM   PROGRAM,, LEAH COMP,, CONTROL PANEL. MY SCANS SHORTCUT, CD SHORTCUT, SCAN A DOC.. PEE ZIP\Driving, Walking and Traveling Directions  MapQuest.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --win-jumplist-action=recently-closed hxxp://www.mapquest.com/?le=t&q1=achesion+kansas&q2=topekia+va+medical&vs= <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-09-08 13:53 - 2011-09-08 13:53 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-08-02 12:41 - 2011-08-02 12:41 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-12-10 05:05 - 2015-12-10 05:05 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-10 05:05 - 2015-12-10 05:05 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-13 03:06 - 2015-12-13 03:06 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15121300\algo.dll
2015-12-10 05:05 - 2015-12-10 05:05 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-13 15:01 - 2015-12-13 15:01 - 02803712 _____ () C:\Program Files\AVAST Software\Avast\defs\15121302\algo.dll
2015-12-14 11:46 - 2015-12-14 11:46 - 02803712 _____ () C:\Program Files\AVAST Software\Avast\defs\15121400\algo.dll
2015-12-10 05:05 - 2015-12-10 05:05 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2015-02-07 00:47 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-02-07 00:47 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-12-08 15:38 - 2015-12-04 15:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-08 15:38 - 2015-12-04 15:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
IE trusted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\west.com -> west.com
IE trusted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\westathome.com -> westathome.com
IE trusted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\westathome.net -> westathome.net
IE trusted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\workathomeagent.net -> workathomeagent.net
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iYogi Support Dock => "C:\Program Files (x86)\iYogi Support Dock\iYogiSupportDock.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{CE4416FE-769C-4992-8592-A93485780E8E}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{3A78B6CC-55B1-4539-BA58-DD7989E82822}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{C7FA8D30-5BBB-4ABB-AA8D-150641C97707}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{9AE7704B-F698-4475-A41D-E35AD5762001}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{A3DBA2ED-2D75-416D-8E14-02E9B4CA5CE9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{5DB9C0AD-3B6A-420A-ACBB-805E1A021B4D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{9B21CC40-4DB4-46FE-9413-2DDF79DA0BEE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{EE7A1B39-CB99-48C7-B0C6-3AC736F06846}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{2BF945D9-35EA-49A1-B7BA-E1B18755DA5A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{17115647-4B53-4D96-B5F1-A2B6BAC091F8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{2644F93C-CF04-4BD0-A014-93FE0F714BA1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{798D5114-541C-47D3-A0DB-8272380397BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{A1BE8CAA-BF6C-46FD-A49D-80CFA88E31E2}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{C5A1424C-4ADC-470C-834F-FCFD01FE7942}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{6B3EF3E3-6AD1-49E1-A6AA-767475AA0853}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{CF23481D-5C83-4976-AB9C-369E066FD8B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{13007FB9-BEB6-4A63-8E69-072D548B6EEA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{963DD987-61BD-4685-B62A-F0773FC5C963}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{19975998-AFF9-4EF7-B9C5-58FDD5CE7A0B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{74BE9E6D-5BE3-48D3-B068-D440C0D28535}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{1EB44EAC-48EC-4D98-93E6-FA9A53994606}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{CD3B5E42-6954-4C54-A99F-398A8F5896FD}] => (Allow) c:\program files\pcmax\pcmax.exe
FirewallRules: [{36ECC27C-C607-44F0-A476-F0C9F2B005BD}] => (Allow) c:\program files\pcmax\pcmax.exe
FirewallRules: [{935306A9-CA39-498A-A700-AB6CC2191D4D}] => (Allow) c:\program files\pcmax\service.exe
FirewallRules: [{049277F9-4282-43CC-985F-AFEC36739B1D}] => (Allow) c:\program files\pcmax\service.exe
FirewallRules: [{3B06A233-9E3E-40D6-9AE2-4E78081D633C}] => (Allow) c:\program files\pcmax\pcmax.exe
FirewallRules: [{3EBDF702-5A51-4E6A-A266-0B61D3D0D8EE}] => (Allow) c:\program files\pcmax\pcmax.exe
FirewallRules: [{BDB6C7F9-12CE-4E06-A4AA-08896F9F4DE3}] => (Allow) c:\program files\pcmax\service.exe
FirewallRules: [{A03743B9-0746-416C-98FE-8F92AD702ADE}] => (Allow) c:\program files\pcmax\service.exe
FirewallRules: [TCP Query User{D08887C1-2EAC-4988-890E-791B64D50956}C:\program files (x86)\hidefmedia\hidefmedia\hidefmedia.exe] => (Allow) C:\program files (x86)\hidefmedia\hidefmedia\hidefmedia.exe
FirewallRules: [UDP Query User{6C1A4C76-2B87-45EF-A527-41D6076C0AAD}C:\program files (x86)\hidefmedia\hidefmedia\hidefmedia.exe] => (Allow) C:\program files (x86)\hidefmedia\hidefmedia\hidefmedia.exe
FirewallRules: [{83BF536F-BAD1-4AAA-A77E-A5689F2E7018}] => (Allow) c:\program files\pcmax\pcmax.exe
FirewallRules: [{43FDFAAA-3C8C-4670-ABB4-E5FB1E285653}] => (Allow) c:\program files\pcmax\pcmax.exe
FirewallRules: [{8924EE2B-B50B-418F-BA78-E0C198F05220}] => (Allow) c:\program files\pcmax\service.exe
FirewallRules: [{02EEC87C-7F11-4F7E-8487-D844EF737532}] => (Allow) c:\program files\pcmax\service.exe
FirewallRules: [{FE044C2A-7A06-455A-9325-FB9B9D1B85EE}] => (Allow) C:\Users\LEAH\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3FFDF051-FFBC-4BD0-A0F9-F126017EB076}] => (Allow) C:\Users\LEAH\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{F25073BA-C004-4BD7-ADF4-9E6504F2BA93}C:\users\leah\appdata\local\svcxdcl32.exe] => (Allow) C:\users\leah\appdata\local\svcxdcl32.exe
FirewallRules: [UDP Query User{978FF1F4-36FB-4AE1-BA21-C3D13EDA0DD8}C:\users\leah\appdata\local\svcxdcl32.exe] => (Allow) C:\users\leah\appdata\local\svcxdcl32.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{446C6210-CDBD-4D29-B715-C3E67C78405F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{34E03546-72C9-4C86-952F-9083A07C4515}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{EB5BE07C-790A-463C-AE01-4B3F5FB7C5E8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/13/2015 09:13:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.3.0.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 6f8
 
Start Time: 01d135988e2be496
 
Termination Time: 10
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id:
 
Error: (12/13/2015 09:11:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d78
 
Start Time: 01d1361b0875db83
 
Termination Time: 42
 
Application Path: C:\Windows\Explorer.exe
 
Report Id: 4af8684a-a210-11e5-b53a-3860770f2ad2
 
Error: (12/13/2015 08:55:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 698
 
Start Time: 01d135988d723941
 
Termination Time: 60000
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: ef797092-a20d-11e5-b53a-3860770f2ad2
 
Error: (12/13/2015 04:38:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cf0
 
Start Time: 01d13591ee25f334
 
Termination Time: 60000
 
Application Path: C:\Windows\Explorer.exe
 
Report Id: 71f41c9b-a185-11e5-9420-3860770f2ad2
 
Error: (12/13/2015 04:37:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.3.0.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f18
 
Start Time: 01d135912d11c737
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id:
 
Error: (12/13/2015 04:35:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a80
 
Start Time: 01d13591cbeafd16
 
Termination Time: 30
 
Application Path: C:\Windows\Explorer.exe
 
Report Id: 2674cc41-a185-11e5-9420-3860770f2ad2
 
Error: (12/13/2015 04:34:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 784
 
Start Time: 01d135911b8ce804
 
Termination Time: 251
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 02f4e3b3-a185-11e5-9420-3860770f2ad2
 
Error: (12/13/2015 04:18:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b28
 
Start Time: 01d1358f767ad91b
 
Termination Time: 30
 
Application Path: C:\Windows\Explorer.exe
 
Report Id: ddbe9cfb-a182-11e5-a6f0-3860770f2ad2
 
Error: (12/13/2015 04:17:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a3c
 
Start Time: 01d1358532d1041a
 
Termination Time: 30
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: ae017f0f-a182-11e5-a6f0-3860770f2ad2
 
Error: (12/13/2015 02:37:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.3.0.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c38
 
Start Time: 01d1357aabd2478d
 
Termination Time: 4
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id:
 
 
System errors:
=============
Error: (12/13/2015 09:14:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147467259
 
Error: (12/13/2015 09:14:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147467259
 
Error: (12/13/2015 09:13:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/13/2015 09:13:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/13/2015 09:12:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error: 
%%1053
 
Error: (12/13/2015 09:12:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
 
Error: (12/13/2015 09:12:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/13/2015 09:11:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error: 
%%1053
 
Error: (12/13/2015 09:11:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
 
Error: (12/13/2015 09:11:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
 
CodeIntegrity:
===================================
  Date: 2015-02-03 16:32:21.416
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-03 16:32:21.369
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-03 16:32:21.322
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-03 16:32:21.260
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-24 11:36:43.643
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-24 11:36:43.597
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-18 17:56:28.663
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-18 17:56:28.594
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-3200 APU with Radeon™ HD Graphics
Percentage of memory in use: 71%
Total physical RAM: 3570.82 MB
Available physical RAM: 1021.32 MB
Total Virtual: 7139.86 MB
Available Virtual: 4443.52 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:919.68 GB) (Free:843.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.74 GB) (Free:1.56 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive m: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1860.34 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7482C7C6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 1FD11103)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#5
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7482C7C6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)
 
should we make partition 2 , 3 active.  would that give me more space....

  • 0

#6
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

I am having issues doing anything typing . getting around the computer... it takes for ever to do anything.....


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A small amount of Adware, we will clear that first to see if it makes a difference

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
CHR NewTab: Default -> "chrome-extension://mmgkbcihahpocjmclehpjejmgjmijcib/stubby.html","chrome-extension://ibnhigdfmacodpffeofnbpigfjohappe/newtab/newtab.html","chrome-extension://nafaimnnclfjfedmmabolbppcngeolgf/newtab/newtab-hp.html","chrome-extension://njcppijcjnopcomccfkncdnbijhbefci/stubby.html","chrome-extension://dcmcdoaknaojppeomaejlbjbpgocdhok/stubby.html"
CHR Extension: (MapsGalaxy) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci [2015-09-25]
2015-11-17 13:06 - 2015-11-17 13:06 - 00003006 _____ C:\Windows\System32\Tasks\{A6AFE761-33C9-43D2-9AFB-D83F06850552}
2015-11-17 13:04 - 2015-11-17 13:04 - 00003006 _____ C:\Windows\System32\Tasks\{AC49AEB8-719A-4C9D-9F89-B855ACE74745}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#8
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

i am not able to save the quote on desk top...


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Here you go download the attached fixlist.txt and use that

Attached File  fixlist.txt   994bytes   93 downloads
  • 0

#10
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:16-12-2015 03
Ran by LEAH (2015-12-16 11:06:33) Run:8
Running from C:\Users\LEAH\Desktop
Loaded Profiles: LEAH (Available Profiles: LEAH)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 CreateRestorePoint:
CHR NewTab: Default -> "chrome-extension://mmgkbcihahpocjmclehpjejmgjmijcib/stubby.html","chrome-extension://ibnhigdfmacodpffeofnbpigfjohappe/newtab/newtab.html","chrome-extension://nafaimnnclfjfedmmabolbppcngeolgf/newtab/newtab-hp.html","chrome-extension://njcppijcjnopcomccfkncdnbijhbefci/stubby.html","chrome-extension://dcmcdoaknaojppeomaejlbjbpgocdhok/stubby.html"
CHR Extension: (MapsGalaxy) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci [2015-09-25]
2015-11-17 13:06 - 2015-11-17 13:06 - 00003006 _____ C:\Windows\System32\Tasks\{A6AFE761-33C9-43D2-9AFB-D83F06850552}
2015-11-17 13:04 - 2015-11-17 13:04 - 00003006 _____ C:\Windows\System32\Tasks\{AC49AEB8-719A-4C9D-9F89-B855ACE74745}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
Chrome NewTab => removed successfully
C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci => moved successfully
C:\Windows\System32\Tasks\{A6AFE761-33C9-43D2-9AFB-D83F06850552} => moved successfully
C:\Windows\System32\Tasks\{AC49AEB8-719A-4C9D-9F89-B855ACE74745} => moved successfully
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 1014 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:09:40 ====

  • 0

Advertisements


#11
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:16-12-2015 03
Ran by LEAH (2015-12-16 11:06:33) Run:8
Running from C:\Users\LEAH\Desktop
Loaded Profiles: LEAH (Available Profiles: LEAH)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 CreateRestorePoint:
CHR NewTab: Default -> "chrome-extension://mmgkbcihahpocjmclehpjejmgjmijcib/stubby.html","chrome-extension://ibnhigdfmacodpffeofnbpigfjohappe/newtab/newtab.html","chrome-extension://nafaimnnclfjfedmmabolbppcngeolgf/newtab/newtab-hp.html","chrome-extension://njcppijcjnopcomccfkncdnbijhbefci/stubby.html","chrome-extension://dcmcdoaknaojppeomaejlbjbpgocdhok/stubby.html"
CHR Extension: (MapsGalaxy) - C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci [2015-09-25]
2015-11-17 13:06 - 2015-11-17 13:06 - 00003006 _____ C:\Windows\System32\Tasks\{A6AFE761-33C9-43D2-9AFB-D83F06850552}
2015-11-17 13:04 - 2015-11-17 13:04 - 00003006 _____ C:\Windows\System32\Tasks\{AC49AEB8-719A-4C9D-9F89-B855ACE74745}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
Chrome NewTab => removed successfully
C:\Users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcppijcjnopcomccfkncdnbijhbefci => moved successfully
C:\Windows\System32\Tasks\{A6AFE761-33C9-43D2-9AFB-D83F06850552} => moved successfully
C:\Windows\System32\Tasks\{AC49AEB8-719A-4C9D-9F89-B855ACE74745} => moved successfully
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 1014 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:09:40 ====

  • 0

#12
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

was I able to post everything that you requested......


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Could you post the AdwCleaner log please

•You can find the logfile at C:\AdwCleaner[Cx].txt.


  • 0

#14
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

do you want me to click cleaning...on adwCleaner..............


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP