Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop Cleared/Files Deleted/Software Uninstalled


  • This topic is locked This topic is locked

#1
d3coy

d3coy

    Member

  • Member
  • PipPip
  • 43 posts

Hi there! A couple days ago, a pop up notification came on to my computer that said "You were logged on with a temporary password, if you turn off your computer all your files will be deleted." At this point my desktop had been cleared of all the icons I had on it, my files were gone, and software (i.e. microsoft office) was uninstalled. I ran an AVG scan that came up showing 3 notifications about firefox extensions being broken, but nothing major. I also ran a malwarebytes scan that revealed 21 infections, all of which showed not as major threats. I proceeded to remove the files, but when prompted to complete the removal, it said I needed to restart my computer. Of course I hesitated to do so because of the earlier notification that popped up about all my files being deleted. Instead I did a System Restore. The system restore seemed to be somewhat successful. It restored all my desktop icons, my files were back, and my software was reinstalled. However, a pop up icon stated that the system restore process was not completely successful, and to run chkdsk. The message was a lot longer, but I can't recall all of what it said. My computer seems to be running okay, but I am still worried it's infected somehow and want to make sure everything is clean. I appreciate your help in advance. Thank you!

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-10-2016
Ran by Bob (administrator) on BOBSTEARNS (30-10-2016 17:38:34)
Running from C:\Users\Bob\Desktop
Loaded Profiles: Bob (Available Profiles: Bob)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-28] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{54EDF337-8F5A-44BD-989E-B1FFEF041407}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B671A9F9-58B6-4F1E-B865-CFE67E9BCC22}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-2383875000-298481971-3650676879-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-2383875000-298481971-3650676879-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.msn.com/HPDSK14/1
hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {4C68C65A-1400-4D8B-AF3E-E8530A7A9628} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {4C68C65A-1400-4D8B-AF3E-E8530A7A9628} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2383875000-298481971-3650676879-1001 -> {4C68C65A-1400-4D8B-AF3E-E8530A7A9628} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2383875000-298481971-3650676879-1001 -> {C1EDF923-C3F6-40A4-A01E-E609CFAF2871} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-04] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-04] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)

FireFox:
========
FF DefaultProfile: gfw2t3xm.default
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\gfw2t3xm.default [2016-10-30]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\gfw2t3xm.default -> Yahoo!
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\gfw2t3xm.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gfw2t3xm.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\gfw2t3xm.default -> google.com
FF Extension: (Firefox Hotfix) - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\gfw2t3xm.default\Extensions\[email protected] [2016-08-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-04] (Oracle Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2383875000-298481971-3650676879-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bob\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-17] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Bob\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-03-23] (Cisco WebEx LLC)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5332384 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [328296 2015-09-02] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-31] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-28] (IDT, Inc.) [File not signed]
S3 vmicvss; C:\windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdrivera.sys [311552 2016-09-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\windows\System32\DRIVERS\avgldx64.sys [265472 2016-09-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-30] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\windows\System32\drivers\TeeDriverx64.sys [99288 2014-03-31] (Intel Corporation)
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [3410136 2014-04-11] (Realtek Semiconductor Corporation                           )
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-30 17:38 - 2016-10-30 17:38 - 00015694 _____ C:\Users\Bob\Desktop\FRST.txt
2016-10-30 17:37 - 2016-10-30 17:37 - 02408448 _____ (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2016-10-30 17:34 - 2016-10-30 17:38 - 00000000 ____D C:\FRST
2016-10-30 17:34 - 2016-10-30 17:34 - 02408448 _____ (Farbar) C:\Users\Bob\Downloads\FRST64.exe
2016-10-28 19:04 - 2016-10-30 17:30 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-28 19:03 - 2016-10-28 19:03 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-28 19:03 - 2016-10-28 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-28 19:03 - 2016-10-28 19:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-28 19:03 - 2016-10-28 19:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-28 19:03 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-10-28 19:03 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-10-28 19:03 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-10-28 15:54 - 2016-10-28 20:58 - 00000000 ____D C:\Program Files (x86)\supportdotcom
2016-10-28 15:54 - 2016-10-28 16:25 - 00000054 _____ C:\END
2016-10-27 21:11 - 2016-10-27 21:11 - 00000000 ____D C:\Users\Bob\Documents\SpeakerHub
2016-10-25 11:45 - 2016-10-28 21:27 - 00000000 ____D C:\Users\Bob\Documents\IPEG 2017 Proposal
2016-10-21 13:16 - 2016-10-25 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 17:46 - 2016-10-20 17:46 - 00000000 ____D C:\Users\Bob\Documents\Best Places to Work
2016-10-17 13:34 - 2016-10-17 13:34 - 00000000 ____D C:\Users\Bob\Documents\Alcoa
2016-10-11 22:53 - 2016-09-30 20:22 - 07444312 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-10-11 22:53 - 2016-09-30 03:55 - 25765376 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-10-11 22:53 - 2016-09-30 02:25 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-10-11 22:53 - 2016-09-30 02:25 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-10-11 22:53 - 2016-09-30 02:12 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-10-11 22:53 - 2016-09-30 02:09 - 06048256 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-10-11 22:53 - 2016-09-30 01:47 - 20306944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-10-11 22:53 - 2016-09-30 01:42 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-10-11 22:53 - 2016-09-30 01:41 - 01033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-10-11 22:53 - 2016-09-30 01:38 - 02286592 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-10-11 22:53 - 2016-09-30 01:33 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-10-11 22:53 - 2016-09-30 01:33 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-10-11 22:53 - 2016-09-30 01:32 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-10-11 22:53 - 2016-09-30 01:32 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-10-11 22:53 - 2016-09-30 01:31 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-10-11 22:53 - 2016-09-30 01:21 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-10-11 22:53 - 2016-09-30 01:17 - 02920960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-10-11 22:53 - 2016-09-30 01:12 - 04608512 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-10-11 22:53 - 2016-09-30 01:11 - 00880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-10-11 22:53 - 2016-09-30 01:06 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-10-11 22:53 - 2016-09-30 01:05 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-10-11 22:53 - 2016-09-30 01:05 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-10-11 22:53 - 2016-09-30 01:05 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-10-11 22:53 - 2016-09-30 01:03 - 13653504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-10-11 22:53 - 2016-09-30 00:54 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-10-11 22:53 - 2016-09-30 00:46 - 02444288 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-10-11 22:53 - 2016-09-30 00:43 - 01312768 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-10-11 22:53 - 2016-09-30 00:42 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-10-11 22:53 - 2016-09-17 14:16 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\adsmsext.dll
2016-10-11 22:53 - 2016-09-17 13:53 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-10-11 22:53 - 2016-09-17 13:21 - 00089600 _____ (Microsoft Corporation) C:\windows\SysWOW64\adsmsext.dll
2016-10-11 22:53 - 2016-09-17 13:03 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-10-11 22:53 - 2016-09-17 13:02 - 01446400 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-10-11 22:53 - 2016-09-13 21:53 - 01663184 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-10-11 22:53 - 2016-09-13 21:53 - 01523208 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-10-11 22:53 - 2016-09-13 21:53 - 01490112 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-10-11 22:53 - 2016-09-13 21:53 - 01358952 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2016-10-11 22:53 - 2016-09-12 19:48 - 00085680 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-10-11 22:53 - 2016-09-12 18:03 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\offreg.dll
2016-10-11 22:53 - 2016-09-12 17:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\offreg.dll
2016-10-11 22:53 - 2016-09-09 10:17 - 04170752 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-10-11 22:53 - 2016-09-09 09:38 - 01629184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-10-11 22:53 - 2016-09-09 09:38 - 01226752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-10-11 22:53 - 2016-09-09 09:38 - 00586752 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-10-11 22:53 - 2016-09-09 09:38 - 00575488 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-10-11 22:53 - 2016-09-09 09:38 - 00314368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-10-11 22:53 - 2016-09-09 09:38 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-10-11 22:53 - 2016-09-09 09:38 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-10-11 22:53 - 2016-09-09 09:38 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-10-11 22:53 - 2016-09-08 16:41 - 00121176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tm.sys
2016-10-11 22:53 - 2016-09-08 10:00 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-10-11 22:53 - 2016-09-08 10:00 - 00138240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2016-10-11 22:53 - 2016-09-07 18:07 - 01988096 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2016-10-11 22:53 - 2016-09-07 17:59 - 01754112 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2016-10-11 22:53 - 2016-09-07 17:59 - 01377792 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2016-10-11 22:53 - 2016-09-07 17:57 - 01560064 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2016-10-11 22:53 - 2016-09-07 17:56 - 01491456 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2016-10-11 22:53 - 2016-08-31 13:22 - 03754496 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2016-10-11 22:53 - 2016-08-31 12:33 - 02410496 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2016-10-11 22:53 - 2016-08-27 15:44 - 22360288 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-10-11 22:53 - 2016-08-27 15:44 - 02755504 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-10-11 22:53 - 2016-08-27 15:44 - 00133256 _____ (Microsoft Corporation) C:\windows\system32\RestoreOptIn.exe
2016-10-11 22:53 - 2016-08-27 14:26 - 19789232 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-10-11 22:53 - 2016-08-27 14:26 - 02411048 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-10-11 22:53 - 2016-08-27 14:26 - 00113656 _____ (Microsoft Corporation) C:\windows\SysWOW64\RestoreOptIn.exe
2016-10-11 22:53 - 2016-08-27 12:33 - 02881536 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2016-10-11 22:53 - 2016-08-27 12:11 - 01049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2016-10-11 22:53 - 2016-08-27 12:09 - 14466560 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2016-10-11 22:53 - 2016-08-27 11:55 - 12879360 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2016-10-11 22:53 - 2016-08-25 16:50 - 00747008 _____ (Microsoft Corporation) C:\windows\system32\ntshrui.dll
2016-10-11 22:53 - 2016-08-25 15:40 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntshrui.dll
2016-10-11 22:53 - 2016-08-20 18:24 - 02778624 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-10-11 22:53 - 2016-08-20 18:12 - 02463744 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-10-11 22:53 - 2016-08-12 20:05 - 09323008 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-10-11 22:53 - 2016-08-12 20:03 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwifibus.sys
2016-10-11 22:53 - 2016-08-12 20:02 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwififlt.sys
2016-10-11 22:53 - 2016-08-12 20:01 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwifimp.sys
2016-10-11 22:53 - 2016-08-12 18:35 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2016-10-11 22:53 - 2016-08-12 18:19 - 09323008 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-10-11 22:53 - 2016-08-12 17:47 - 15431168 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-10-11 22:53 - 2016-08-12 17:17 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2016-10-11 22:53 - 2016-08-12 16:52 - 13317120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-10-11 22:53 - 2016-08-11 21:58 - 02315496 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2016-10-11 22:53 - 2016-08-11 21:58 - 01946176 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2016-10-11 22:53 - 2016-08-11 14:33 - 00096256 ____C (Microsoft Corporation) C:\windows\system32\Drivers\parport.sys
2016-10-11 22:53 - 2016-08-11 14:33 - 00083456 ____C (Microsoft Corporation) C:\windows\system32\Drivers\serial.sys
2016-10-11 22:53 - 2016-08-11 14:33 - 00023040 ____C (Microsoft Corporation) C:\windows\system32\Drivers\serenum.sys
2016-10-11 22:53 - 2016-08-11 13:17 - 01574912 _____ (Microsoft Corporation) C:\windows\system32\wbengine.exe
2016-10-11 22:53 - 2016-08-11 09:39 - 00445765 _____ C:\windows\system32\ApnDatabase.xml
2016-10-11 22:53 - 2016-08-11 01:46 - 00420184 ____C (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2016-10-11 22:53 - 2016-08-03 11:42 - 01317888 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.Streaming.dll
2016-10-11 22:53 - 2016-08-03 11:36 - 01102848 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.Streaming.dll
2016-10-11 22:53 - 2016-08-03 11:36 - 00289792 _____ (Microsoft Corporation) C:\windows\system32\PlayToDevice.dll
2016-10-11 22:53 - 2016-08-03 11:33 - 00215552 _____ (Microsoft Corporation) C:\windows\SysWOW64\PlayToDevice.dll
2016-10-11 22:53 - 2016-07-30 13:12 - 02896384 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
2016-10-11 22:53 - 2016-07-30 12:36 - 02537472 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
2016-10-11 22:53 - 2016-07-26 09:40 - 00162850 _____ C:\windows\SysWOW64\C_932.NLS
2016-10-11 22:53 - 2016-07-26 09:40 - 00162850 _____ C:\windows\system32\C_932.NLS
2016-10-11 22:53 - 2016-07-23 14:18 - 01220096 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll
2016-10-11 22:53 - 2016-07-23 14:12 - 00954880 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll
2016-10-06 20:09 - 2016-10-10 13:36 - 00000000 ____D C:\Users\Bob\Documents\Six Disciplines Consulting
2016-10-06 12:56 - 2016-10-06 12:56 - 00000000 ____D C:\Users\Bob\Documents\Cranberry Library
2016-10-06 10:48 - 2016-10-06 11:30 - 00000000 ____D C:\Users\Bob\Documents\Sue Marshall.PNC
2016-10-06 09:57 - 2016-10-06 09:59 - 00000000 ____D C:\Users\Bob\Documents\Washington County Chamber of Commerce
2016-10-05 20:49 - 2016-10-05 20:49 - 00000000 ____D C:\Users\Bob\Documents\West Pacs
2016-09-30 15:33 - 2016-09-30 15:33 - 00000000 ____D C:\Users\Bob\Documents\Casey Mackert. Six Disciplines

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-30 11:21 - 2016-05-17 11:30 - 00000572 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2383875000-298481971-3650676879-1001.job
2016-10-30 11:07 - 2015-01-20 18:31 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-10-30 10:56 - 2015-01-20 18:43 - 00000000 ____D C:\ProgramData\MFAData
2016-10-29 22:06 - 2016-05-17 11:30 - 00000668 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-2383875000-298481971-3650676879-1001.job
2016-10-28 21:27 - 2015-04-10 12:00 - 00000000 ____D C:\Users\Bob\Documents\GJR Leadership Training 2015
2016-10-28 21:12 - 2016-09-26 09:31 - 00003600 _____ C:\windows\System32\Tasks\AVG EUpdate Task
2016-10-28 21:09 - 2015-01-20 16:42 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2383875000-298481971-3650676879-1001
2016-10-28 21:02 - 2014-03-18 05:53 - 00895988 _____ C:\windows\system32\PerfStringBackup.INI
2016-10-28 21:02 - 2013-08-22 09:36 - 00000000 ____D C:\windows\Inf
2016-10-28 20:58 - 2015-09-24 22:19 - 00000346 _____ C:\windows\Tasks\HPCeeScheduleForBob.job
2016-10-28 20:58 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-10-28 20:57 - 2013-08-22 11:36 - 00000000 ____D C:\windows\MediaViewer
2016-10-28 20:57 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-10-28 19:03 - 2015-01-20 18:07 - 00000000 ____D C:\Users\Bob\Documents\Fragasso
2016-10-28 15:10 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2016-10-28 15:00 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2016-10-27 21:13 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-10-26 12:26 - 2015-09-24 22:19 - 00003156 _____ C:\windows\System32\Tasks\HPCeeScheduleForBob
2016-10-26 12:21 - 2015-01-20 18:06 - 00000000 ____D C:\Users\Bob\Documents\Bob Stearns
2016-10-26 12:07 - 2015-01-20 18:31 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-10-26 12:07 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-10-26 12:07 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\Macromed
2016-10-26 12:06 - 2016-05-17 11:30 - 00003668 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-2383875000-298481971-3650676879-1001
2016-10-26 12:06 - 2016-05-17 11:30 - 00003572 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2383875000-298481971-3650676879-1001
2016-10-25 23:08 - 2015-01-20 18:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-25 21:15 - 2015-01-20 18:06 - 00000000 ____D C:\Users\Bob\Documents\CCR
2016-10-25 11:32 - 2016-09-29 09:32 - 00000000 ____D C:\Users\Bob\Documents\WCCED.Wash. Council oon Econ. Dev
2016-10-25 10:12 - 2016-08-19 12:49 - 00000000 ____D C:\Users\Bob\Documents\Washington County Economic Development
2016-10-24 17:54 - 2015-11-16 09:43 - 00828408 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-10-24 17:54 - 2015-11-16 09:43 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-20 09:46 - 2015-01-20 18:10 - 00000000 ____D C:\Users\Bob\Documents\PNC Bank
2016-10-20 09:45 - 2015-01-21 12:18 - 00000000 ____D C:\Users\Bob\Documents\PNC Transfers
2016-10-18 21:12 - 2015-01-20 18:06 - 00000000 ____D C:\Users\Bob\Documents\Consolidated Communication
2016-10-18 13:09 - 2015-10-25 21:15 - 00000959 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-10-18 13:09 - 2015-01-20 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-10-14 14:14 - 2015-05-04 21:32 - 00000000 ____D C:\Users\Bob\Documents\Words of Wisdom
2016-10-13 22:42 - 2015-01-20 18:06 - 00000000 ____D C:\Users\Bob\Documents\Duquesne U. Business School
2016-10-13 21:22 - 2015-01-20 18:05 - 00000000 ____D C:\Users\Bob\Documents\Baldrige
2016-10-13 20:42 - 2015-01-20 18:06 - 00000000 ____D C:\Users\Bob\Documents\Duquesne Leadership, Student Life, General
2016-10-13 20:23 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2016-10-13 20:05 - 2015-01-20 18:29 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-10-12 20:12 - 2015-01-20 18:06 - 00000000 ____D C:\Users\Bob\Documents\Bob and Marianne Estate Plan
2016-10-12 09:28 - 2013-08-22 10:44 - 00489328 _____ C:\windows\system32\FNTCACHE.DAT
2016-10-11 23:22 - 2015-04-15 00:32 - 00000000 ___SD C:\windows\system32\CompatTel
2016-10-11 23:22 - 2015-04-15 00:32 - 00000000 ____D C:\windows\system32\appraiser
2016-10-11 23:22 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2016-10-11 23:17 - 2015-04-21 23:31 - 00474112 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2016-10-11 23:17 - 2015-01-23 00:44 - 00000000 ____D C:\windows\system32\MRT
2016-10-11 23:17 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-11 23:14 - 2015-01-23 00:44 - 143495576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-10-10 13:37 - 2015-01-20 18:11 - 00000000 ____D C:\Users\Bob\Documents\sOUTHPOINTE
2016-10-06 23:27 - 2015-01-20 18:10 - 00000000 ____D C:\Users\Bob\Documents\PP Speaking Business
2016-10-06 11:20 - 2015-01-20 18:16 - 00000000 ____D C:\Users\Bob\Desktop\Word Docs
2016-10-05 20:46 - 2016-09-13 17:13 - 00000000 ____D C:\Users\Bob\Documents\Change Ready Company Seminar.10.11.16
2016-10-02 06:18 - 2015-01-20 18:06 - 00000000 ____D C:\Users\Bob\Documents\Customer Loyalty
2016-09-30 15:34 - 2015-01-20 18:11 - 00000000 ____D C:\Users\Bob\Documents\word
2016-09-30 15:26 - 2015-01-20 18:11 - 00000000 ____D C:\Users\Bob\Documents\Tri State Chamber. Indiana Ohio
2016-09-30 15:24 - 2016-07-24 15:35 - 00000000 ____D C:\Users\Bob\Documents\0a Perhaps a Man Can Change the Stars Film
2016-09-30 15:24 - 2016-01-31 01:37 - 00000000 ____D C:\Users\Bob\Documents\Acting Coach.Patricia Fuchel
2016-09-30 15:22 - 2015-01-20 18:09 - 00000000 ____D C:\Users\Bob\Documents\Ohio. Chamber Executives of Ohio

==================== Files in the root of some directories =======

2015-03-09 18:53 - 2015-03-09 18:53 - 0038467 _____ () C:\Users\Bob\AppData\Roaming\Comma Separated Values (DOS).ADR
2016-09-11 12:15 - 2016-09-11 12:15 - 0009346 _____ () C:\Users\Bob\AppData\Roaming\Comma Separated Values (DOS).EML
2015-03-09 19:07 - 2016-09-11 12:22 - 0038622 _____ () C:\Users\Bob\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-03-09 18:58 - 2016-09-11 12:09 - 0038441 _____ () C:\Users\Bob\AppData\Roaming\Microsoft Excel.ADR
2016-01-17 02:19 - 2016-01-17 02:19 - 0038456 _____ () C:\Users\Bob\AppData\Roaming\Tab Separated Values (Windows).ADR

Some files in TEMP:
====================
C:\Users\Bob\AppData\Local\Temp\avg-d8332f66-ac78-487c-a285-ac063977f64b.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081421223210.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081801371524.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081925364908.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081986020556.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_08281500314.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_08708661196.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_08766183897.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_08921021514.exe
C:\Users\Bob\AppData\Local\Temp\Extract.exe
C:\Users\Bob\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Bob\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Bob\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Bob\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Bob\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Bob\AppData\Local\Temp\SP69313.exe
C:\Users\Bob\AppData\Local\Temp\SP69840.exe
C:\Users\Bob\AppData\Local\Temp\SP70273.exe
C:\Users\Bob\AppData\Local\Temp\SP71057.exe
C:\Users\Bob\AppData\Local\Temp\SP72230.exe
C:\Users\Bob\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-29 15:04

==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2016
Ran by Bob (30-10-2016 17:39:00)
Running from C:\Users\Bob\Desktop
Windows 8.1 (Update) (X64) (2015-01-20 20:36:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2383875000-298481971-3650676879-500 - Administrator - Disabled)
Bob (S-1-5-21-2383875000-298481971-3650676879-1001 - Administrator - Enabled) => C:\Users\Bob
Guest (S-1-5-21-2383875000-298481971-3650676879-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2383875000-298481971-3650676879-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-2383875000-298481971-3650676879-1001\...\Amazon Kindle) (Version:  - Amazon)
AVG (Version: 16.121.7859 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4664 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.121.7859 - AVG Technologies)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-2383875000-298481971-3650676879-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Constant Contact QuickImport v2 for Outlook (HKLM-x32\...\{ABA21F31-80C0-4726-852D-7505D07152DE}) (Version: 2.7.0 - Constant Contact)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.2.5426 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3004 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
GoToMeeting 7.25.0.5742 (HKU\S-1-5-21-2383875000-298481971-3650676879-1001\...\GoToMeeting) (Version: 7.25.0.5742 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{4B4EDB7B-4F54-4B86-8A4A-E1C5803CA374}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.34.7 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Jo's Dream Organic Coffee 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM-x32\...\{91CA0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 3.0.2.59 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30175 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2383875000-298481971-3650676879-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2383875000-298481971-3650676879-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Bob\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {12260D0D-334B-4A17-A78D-2DCF3676625E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.)
Task: {14FA68A7-E4AC-4D11-9C65-6A627765B496} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {16EC9C9A-EF96-4457-A02A-6E423FFF7C5F} - System32\Tasks\G2MUpdateTask-S-1-5-21-2383875000-298481971-3650676879-1001 => C:\Users\Bob\AppData\Local\Citrix\GoToMeeting\5742\g2mupdate.exe [2016-10-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {198DB95C-8E6C-4FB7-9489-4195369CCEDD} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {31B9486E-FE69-45BC-893E-1A9AE3884963} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {38DAEEA8-D976-4268-964F-91FEE1FA1023} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-10-11] (Microsoft Corporation)
Task: {438030ED-ACCB-47FD-AB66-B0E9F0ECE416} - System32\Tasks\HPCheckDropBoxStatus => c:\hp\HPQWare\DropBox\HPAppDetector.exe [2014-06-03] ()
Task: {48B24AD2-A3F4-4178-A72C-8F27E7063DAA} - System32\Tasks\G2MUploadTask-S-1-5-21-2383875000-298481971-3650676879-1001 => C:\Users\Bob\AppData\Local\Citrix\GoToMeeting\5742\g2mupload.exe [2016-10-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6979AB4F-9A1C-455A-BA0C-C0C148A944F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {6C2BE762-C31E-4B52-B308-440F3EB9CECA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {7FC9B1D3-5BA9-4D16-A9AC-DA59F531B6AE} - System32\Tasks\HPCeeScheduleForBob => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {8BF46A4B-540A-4B77-83C0-99ABDE48D4AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {9A7BBF29-C4FC-47F0-9C4A-4591EB703B2F} - System32\Tasks\1014avUpdateInfo => C:\ProgramData\Avg_Update_1014av\1014av_AVG-Secure-Search-Update.exe
Task: {AA30A133-55EB-4807-B981-A032A54D6C3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {F5AC8772-368B-49DA-B733-43FC04196E00} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {F8AFE776-B93B-4736-B109-837AD901F7E2} - System32\Tasks\0116avUpdateInfo => C:\ProgramData\Avg_Update_0116av\0116av_AVG-Secure-Search-Update.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\0116avUpdateInfo.job => C:\ProgramData\Avg_Update_0116av\0116av_AVG-Secure-Search-Update.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2383875000-298481971-3650676879-1001.job => C:\Users\Bob\AppData\Local\Citrix\GoToMeeting\5742\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-2383875000-298481971-3650676879-1001.job => C:\Users\Bob\AppData\Local\Citrix\GoToMeeting\5742\g2mupload.exe
Task: C:\windows\Tasks\HPCeeScheduleForBob.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Bob\Documents\word\http--www.baldrige.nist.gov-Word_files-2005_Application_Forms.doc.lnk -> hxxp://www.baldrige.nist.gov/Word_files/2005_Application_Forms.doc
Shortcut: C:\Users\Bob\Documents\word\http--www.baldrige.nist.gov-Word_files-2005_Eligibility_Forms.doc.lnk -> hxxp://www.baldrige.nist.gov/Word_files/2005_Eligibility_Forms.doc
Shortcut: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 16:31 - 2014-03-28 16:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-10-03 11:12 - 2014-04-14 21:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-28 16:36 - 2014-03-28 16:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-04-13 18:08 - 2016-04-13 18:08 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2014-10-03 11:08 - 2014-03-31 05:56 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2383875000-298481971-3650676879-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6EAD7626-F4A5-4F9D-9E66-CD381FD85DAE}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{A280FA1A-E766-4413-ADFA-1F8D1EF28C44}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{958E3809-8962-4F3E-9369-3A9A72827733}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{631A9BAB-128A-4E04-8DA2-8D09568B21CC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{B44E02D4-EFA3-44AD-87B8-D4F7448777A3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{CF3F0056-515E-4A8E-8754-45E34D142EEF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{33E67F16-7468-49A5-AE4A-41A5A66EB0A2}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{E6C24749-C68E-45C7-BBB2-B40D0C8905F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF20C2A0-B6B3-4F75-9A6C-1CEF2564FF34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72F5A082-FAEC-47A7-A478-C2C8D75E17C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CC6EA23F-96A5-4472-9DD4-A64046685CAE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3AC2D581-F770-46F6-8A98-11D83595469B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{41B73BDD-D828-466A-A740-0ABEE39D57B6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{591A5FE0-272D-4FD5-9874-DEE592F91816}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AAAB83ED-EA64-42B4-917F-02679F7BC79B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1D87F18C-6788-4C42-8F6A-D5AE3197784C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9F4E639F-0103-4E97-93EE-BDD492770FB3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{11AA3F28-6677-4F3C-8866-E774075DB05C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1385A53B-880C-450F-BADD-0BE3AAC7BF0B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1DD1BCC3-5F9B-4E04-8267-CA6715EDC3F4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{311A297D-B296-4FAB-92C7-3498F64490A3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{0919CD35-31B6-4E08-95D5-62F34B5AC95B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2B244FF8-9213-4926-8781-D8F511857CD5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C67AE00A-8C22-4E94-9319-6793439ED6B6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{FA5A81B4-FAFF-47B9-90DF-2930A7298D9D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{EE35CD59-7F04-4C04-B8BD-0473B2BA9AFD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E3698D4E-55CE-4B1A-A2CE-5D8ABDB46DB1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E276104C-46A3-4AE9-96E4-B7C0071C81BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F485FAE1-A29D-4B40-97E3-2861B8FD5C1B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{736D350D-46B6-461B-ADDC-C15D24BD35BA}] => (Allow) C:\Users\Bob\Downloads\WMP54Gv4.1_v2.0.1.9-65572540.exe
FirewallRules: [{0A0572CB-56B0-4C0C-89DE-18BE1405F67D}] => (Allow) C:\Users\Bob\Downloads\WMP54Gv4.1_v2.0.1.9-65572540.exe
FirewallRules: [{47943289-18F3-4ADF-A705-96B420764475}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{C9C96426-B9D4-4BAB-8834-71796F579CFB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{544ECC06-3418-4698-BD57-1A4F67EBAC19}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{707393DD-5768-4923-BF72-37741AB90D8E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{DD203E10-BEAC-4525-9CA4-58FA962F5B7D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

11-10-2016 23:12:39 Windows Update
20-10-2016 09:33:08 Scheduled Checkpoint
28-10-2016 15:09:38 Windows Update
28-10-2016 20:55:35 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2016 05:37:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 49.0.2.6136, time stamp: 0x5807c043
Faulting module name: mozglue.dll, version: 49.0.2.6136, time stamp: 0x5807b9a7
Exception code: 0x80000003
Fault offset: 0x0000e83e
Faulting process id: 0x102c
Faulting application start time: 0x01d232f4e50f1ca8
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 030933dc-9ee9-11e6-82a7-600292216b9f
Faulting package full name:
Faulting package-relative application ID:

Error: (10/30/2016 11:04:53 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/28/2016 08:58:43 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070571.

Error: (10/28/2016 08:57:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/28/2016 08:57:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/28/2016 08:55:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2383875000-298481971-3650676879-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {dc8aa8ad-9098-4d6a-b5b4-a30a413433e0}

Error: (10/28/2016 07:04:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/28/2016 07:04:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/28/2016 03:55:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/28/2016 03:55:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (10/30/2016 11:05:00 AM) (Source: DCOM) (EventID: 10010) (User: BobStearns)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (10/30/2016 11:04:30 AM) (Source: DCOM) (EventID: 10010) (User: BobStearns)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (10/29/2016 03:05:39 PM) (Source: DCOM) (EventID: 10010) (User: BobStearns)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (10/29/2016 03:05:09 PM) (Source: DCOM) (EventID: 10010) (User: BobStearns)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (10/28/2016 08:58:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (10/28/2016 08:58:19 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (10/28/2016 08:57:23 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (10/28/2016 08:57:23 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (10/28/2016 08:56:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (10/28/2016 03:10:37 PM) (Source: DCOM) (EventID: 10010) (User: BobStearns)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2016-10-30 17:38:31.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:38:31.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:35:19.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:35:18.908
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:35:18.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:35:18.126
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:30:41.964
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-30 17:30:41.620
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-29 15:00:04.994
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-29 15:00:04.681
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8097.06 MB
Available physical RAM: 5735.73 MB
Total Virtual: 9377.06 MB
Available Virtual: 6162.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.58 GB) (Free:858.95 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.45 GB) (Free:1.95 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 44A066EB)

Partition: GPT.

==================== End of Addition.txt ============================

 

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Next

Please download adwCleaner to your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next
    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    Next


  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

    In your next reply post;
  • The AdwCleaner [C1].txt Log
  • The JRT.txt Log
  • Malwarebytes log



  • 0

#3
d3coy

d3coy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Hi zep and thank you for your help. The requested logs and also some questions/concerns are listed below.

 

adwCleaner Log:

 

# AdwCleaner v6.030 - Logfile created 09/11/2016 at 12:59:59
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-08.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Bob - BOBSTEARNS
# Running from : C:\Users\Bob\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\END


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MalwareProtectionLive]


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [894 Bytes] - [09/11/2016 12:59:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [1215 Bytes] - [09/11/2016 12:58:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1039 Bytes] ##########

 

 

Junkware Removal Tool:

 

When I went to the download site it offered two download links.

Download Now (@bleepingcomputer)

Download Now (@authors site)

The bleepingcomputer files was 0 bytes, and I couldn't open the program when I downloaded it. The authors site file was 1.6 bytes, and I was able to download and execute the program. I just wanted to make sure it was okay to use either or since there were two options to choose from. Below is the log.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 8.1 x64
Ran by Bob (Administrator) on Wed 11/09/2016 at 13:14:15.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\windows\system32\Tasks\0116avUpdateInfo (Task)
Successfully deleted: C:\windows\system32\Tasks\1014avUpdateInfo (Task)
Successfully deleted: C:\windows\Tasks\0116avUpdateInfo.job (Task)



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C68C65A-1400-4D8B-AF3E-E8530A7A9628} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C1EDF923-C3F6-40A4-A01E-E609CFAF2871} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{4C68C65A-1400-4D8B-AF3E-E8530A7A9628} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/09/2016 at 13:15:11.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes:

 

I have used the program a bunch of times, but I don't think I ever downloaded it to the desktop while going through installation. When prompted to install the file folder, instead of choosing \programfilesx86, I installed the folder to the desktop. Instead of running it from a shortcut on the desktop I just ran the mbam.exe file out of the folder on the desktop. Just was wondering if this was okay? Also, while I was fetching for the log, I had about 20 PUP files quarantined. Should I just leave them there, or should I delete "Delete All"?  Below is the log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/9/2016
Scan Time: 1:36 PM
Logfile: mbam scan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.09.07
Rootkit Database: v2016.10.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Bob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307116
Time Elapsed: 4 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hello,

Good work and everything is looking good so far.

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> {4C68C65A-1400-4D8B-AF3E-E8530A7A9628} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {4C68C65A-1400-4D8B-AF3E-E8530A7A9628} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2383875000-298481971-3650676879-1001 -> {4C68C65A-1400-4D8B-AF3E-E8530A7A9628} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2383875000-298481971-3650676879-1001 -> {C1EDF923-C3F6-40A4-A01E-E609CFAF2871} URL =
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
C:\Users\Bob\AppData\Local\Temp\avg-d8332f66-ac78-487c-a285-ac063977f64b.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081421223210.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081801371524.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081925364908.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081986020556.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_08281500314.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_08708661196.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_08766183897.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_08921021514.exe
C:\Users\Bob\AppData\Local\Temp\Extract.exe
C:\Users\Bob\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Bob\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Bob\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Bob\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Bob\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Bob\AppData\Local\Temp\SP69313.exe
C:\Users\Bob\AppData\Local\Temp\SP69840.exe
C:\Users\Bob\AppData\Local\Temp\SP70273.exe
C:\Users\Bob\AppData\Local\Temp\SP71057.exe
C:\Users\Bob\AppData\Local\Temp\SP72230.exe
C:\Users\Bob\AppData\Local\Temp\UninstallHPSA.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download
  • 0

#5
d3coy

d3coy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

FRST Log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Bob (09-11-2016 18:06:22) Run:1
Running from C:\Users\Bob\Desktop
Loaded Profiles: Bob (Available Profiles: Bob)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> {4C68C65A-1400-4D8B-AF3E-E8530A7A9628} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {4C68C65A-1400-4D8B-AF3E-E8530A7A9628} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2383875000-298481971-3650676879-1001 -> {4C68C65A-1400-4D8B-AF3E-E8530A7A9628} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2383875000-298481971-3650676879-1001 -> {C1EDF923-C3F6-40A4-A01E-E609CFAF2871} URL =
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
C:\Users\Bob\AppData\Local\Temp\avg-d8332f66-ac78-487c-a285-ac063977f64b.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081421223210.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081801371524.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081925364908.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081986020556.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_08281500314.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_08708661196.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_08766183897.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_08921021514.exe
C:\Users\Bob\AppData\Local\Temp\Extract.exe
C:\Users\Bob\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Bob\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Bob\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Bob\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Bob\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Bob\AppData\Local\Temp\SP69313.exe
C:\Users\Bob\AppData\Local\Temp\SP69840.exe
C:\Users\Bob\AppData\Local\Temp\SP70273.exe
C:\Users\Bob\AppData\Local\Temp\SP71057.exe
C:\Users\Bob\AppData\Local\Temp\SP72230.exe
C:\Users\Bob\AppData\Local\Temp\UninstallHPSA.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C68C65A-1400-4D8B-AF3E-E8530A7A9628}" => key removed successfully
HKCR\CLSID\{4C68C65A-1400-4D8B-AF3E-E8530A7A9628} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4C68C65A-1400-4D8B-AF3E-E8530A7A9628} => key not found.
HKCR\Wow6432Node\CLSID\{4C68C65A-1400-4D8B-AF3E-E8530A7A9628} => key not found.
HKU\S-1-5-21-2383875000-298481971-3650676879-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C68C65A-1400-4D8B-AF3E-E8530A7A9628} => key not found.
HKCR\CLSID\{4C68C65A-1400-4D8B-AF3E-E8530A7A9628} => key not found.
HKU\S-1-5-21-2383875000-298481971-3650676879-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1EDF923-C3F6-40A4-A01E-E609CFAF2871} => key not found.
HKCR\CLSID\{C1EDF923-C3F6-40A4-A01E-E609CFAF2871} => key not found.
McAPExe => service removed successfully
McMPFSvc => service removed successfully
McNaiAnn => service removed successfully
mcpltsvc => service removed successfully
mfecore => service removed successfully
MSK80Service => service removed successfully
C:\Users\Bob\AppData\Local\Temp\avg-d8332f66-ac78-487c-a285-ac063977f64b.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\avguirn_081421223210.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\avguirn_081801371524.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\avguirn_081925364908.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\avguirn_081986020556.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\avguirn_08281500314.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\avguirn_08708661196.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\avguirn_08766183897.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\avguirn_08921021514.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\Extract.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\Foxit PhantomPDF Updater.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\HPSFUpdater.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\jre-8u111-windows-au.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\jre-8u45-windows-au.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\jre-8u60-windows-au.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\SP69313.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\SP69840.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\SP70273.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\SP71057.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\SP72230.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\UninstallHPSA.exe => moved successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24481974 B
Java, Flash, Steam htmlcache => 56789 B
Windows/system/drivers => 72470035 B
Edge => 0 B
Chrome => 0 B
Firefox => 396759101 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 164688 B
systemprofile32 => 128 B
LocalService => 328740 B
NetworkService => 0 B
Bob => 1152216281 B

RecycleBin => 151826984 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:11:08 ====


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hello,

Hows the computer doing ? Things are looking ok from my chair..
  • 0

#7
d3coy

d3coy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Everything seems to be running alright for the most part! I do have a couple questions/concerns.

 

1. What/if any were the infections on my computer?

2. With that pop up message I described in my first post about being logged in with a temporary password and my files being deleted; should I have to worry about my computer having possibly been hijacked? (i.e. passwords being compromised). If so would it be necessary to change any of my accounts that call for a username/password?

3. Is it okay to leave the PUP files that are quarantined in malwarebytes, or should I delete them?

4. My computer seems to be restarting/powering up slower than it was before all this happened. Is there anything I can do about this?

5. Is there anything else that needs to be done/scanned?

 

Thank you for taking the time to help me out. I truly appreciate it!


Edited by d3coy, 09 November 2016 - 08:45 PM.

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hello,

1. What/if any were the infections on my computer?

There were no infections on the computer.

2. With that pop up message I described in my first post about being logged in with a temporary password and my files being deleted; should I have to worry about my computer having possibly been hijacked? (i.e. passwords being compromised). If so would it be necessary to change any of my accounts that call for a username/password?


Here's what happened, Not related to Malware. A Glitch that's all.

You were logged on with a temporary password, if you turn off your computer all your files will be deleted."


Sometimes Windows may not read your correct user profile properly, instead it will load with temporary profile which will look like a new user profile. If you are not aware that it is a temporary profile on your Windows laptop or desktop computer, then you will be surprised to see the brand new desktop without your files, folders, program shortcut icons and any personalized settings.

Obviously, your profile (the files and folders located under C:\Users\user_name) is corrupted. There is another chance which is a delay in reading your profile files due to Antivirus scan or something else during boot up. Usually after typing your username and password Windows tries to read and load your profile, if it gets corrupted or delay in reading, Windows will load with temp profile to give temporary access on computer.

The first step to do when this happens is to restart the computer 2 or 3 times to see whether it’s going back to your old correct profile.
In your case a System restore seems to have fixed it.

3. Is it okay to leave the PUP files that are quarantined in malwarebytes, or should I delete them?

You may delete them.

4. My computer seems to be restarting/powering up slower than it was before all this happened. Is there anything I can do about this?

See how it goes after a few more reboots and general use of the machine.

5. Is there anything else that needs to be done/scanned?

Nothing more needs to be done, use the computer for a while. I'll leave the topic open for a while in case.
  • 0

#9
d3coy

d3coy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Just one last question in response to your comments. I noticed you said that "your profile is corrupted." Are you saying that it's a possibility as to why this occured or that the profile is actually corrupt? If so, is there any way to correct that problem?

 

I appreciate your thorough response and for leaving the topic open. After I hear back from you, I'll get back to you in 2-3 days to let you know how it's running. Thanks again!


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
You're welcome !

No. The profile is not actually corrupt. If the profile was corrupt it would not load at start up at all and you would continue to have errors. I suppose it could have been corrupted and System restore fixed it, but I'm more likely to think this was a one time glitch that occurred.

We will keep our eyes on it for a few days to make sure it does not happen again.

Thanks
Joe :)
  • 0

#11
d3coy

d3coy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hey Zep,

Everything seems to be back to normal now. Just wanted to take the time to say thanks for the help again!
  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hello,

We need to remove the tools we used and then close the topic.


The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.



Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP