Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast found but can't remove Trojan viruses


  • Please log in to reply

#1
adelehirst

adelehirst

    Member

  • Member
  • PipPip
  • 13 posts

Ive ran a Boot scan in Avast, and it has found a virus but stating it cannot find files to remove....

 

The files its looking for are -:

 

KHXtgD.class

UQMm.class

xPJ.class

EGjKkL.class

ATefxm.class

EHAT.class

FUeFP.class

 

I have ran the boot scan as were finding browsing the net very slow and have tried installing new browsers, etc....  and the regular scheduled virus scan hasn't been detecting anything...

 

I've installed and ran OTL and here is the logs its created, any advice would be much appreciated -:

 

OLE.txt

 

OTL logfile created on: 12/2/2014 10:12:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adele\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.96 Gb Total Physical Memory | 5.36 Gb Available Physical Memory | 67.32% Memory free
15.92 Gb Paging File | 11.25 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.15 Gb Total Space | 737.13 Gb Free Space | 80.20% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 14.83 Gb Total Space | 1.76 Gb Free Space | 11.88% Space Free | Partition Type: FAT32
Drive I: | 979.00 Mb Total Space | 281.52 Mb Free Space | 28.76% Space Free | Partition Type: FAT
 
Computer Name: NEWTON | User Name: Newton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/02 10:11:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adele\Desktop\OTL.exe
PRC - [2014/11/27 20:33:40 | 005,226,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/11/27 20:32:27 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/08/09 15:37:04 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/03/28 01:28:44 | 000,735,168 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/03/28 01:27:06 | 000,309,184 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/09/03 00:29:00 | 001,411,568 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
PRC - [2010/09/03 00:28:54 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/08/20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/10/02 12:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 12:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/07/17 15:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/06/09 14:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/27 20:32:28 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/11/13 03:29:06 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll
MOD - [2014/10/17 02:40:39 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/17 02:40:35 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/17 02:40:31 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/17 02:40:29 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/17 02:40:21 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/17 02:40:13 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/11 02:41:30 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/02/14 15:46:50 | 001,044,048 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/03 00:29:00 | 001,411,568 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
MOD - [2010/09/03 00:28:54 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/09/03 00:28:50 | 000,645,616 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll
MOD - [2010/08/30 02:34:12 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/27 20:32:27 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/27 20:32:22 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/11/06 03:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/06/20 09:30:38 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/06/20 09:23:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/05/25 15:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2009/07/14 01:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009/06/09 14:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/11/21 10:47:59 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/07/22 21:17:28 | 000,089,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV - [2014/03/20 22:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/06 15:28:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/27 07:53:32 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/08/09 15:37:04 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/28 13:18:14 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/04 00:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 00:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/10/02 12:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/11/27 20:33:42 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/27 20:32:29 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/11/27 20:32:29 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/27 20:32:29 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/11/27 20:32:29 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/27 20:32:29 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/27 20:32:29 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/27 20:32:29 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/27 20:32:22 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/06/20 09:38:22 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/06/20 09:31:06 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/06/20 09:26:02 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/06/20 09:23:40 | 000,523,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/06/20 09:21:48 | 000,313,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/06/20 09:20:54 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/10/02 02:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/02/12 04:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/04/18 14:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/19 08:18:46 | 000,089,536 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 12:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/30 23:36:38 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 23:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 13:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/16 11:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/10/02 20:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {42222B51-E31E-414C-A5D3-9008172B5B8F}
IE:64bit: - HKLM\..\SearchScopes\{42222B51-E31E-414C-A5D3-9008172B5B8F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {44C38246-F706-4601-80F4-697D7BA309E4}
IE - HKLM\..\SearchScopes\{44C38246-F706-4601-80F4-697D7BA309E4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {42222B51-E31E-414C-A5D3-9008172B5B8F}
IE - HKCU\..\SearchScopes\{42222B51-E31E-414C-A5D3-9008172B5B8F}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/11/27 20:32:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/21 10:47:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/21 10:47:56 | 000,000,000 | ---D | M]
 
[2013/05/07 19:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Newton\AppData\Roaming\Mozilla\Extensions
[2014/11/10 20:15:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Newton\AppData\Roaming\Mozilla\Firefox\Profiles\oawriyoj.default\extensions
[2014/11/21 10:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/21 10:47:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/11/27 20:32:30 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/03/28 01:04:52 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2012/03/28 01:06:54 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2012/03/28 01:05:52 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2012/03/28 01:05:28 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2012/03/28 01:48:16 | 000,489,384 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2012/03/28 01:06:48 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
 
O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: leicester.gov.uk ([remote1] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20110519041506 (PhotoboxPhotowaysUploader5 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F23C160-49B8-40BA-9789-17CB31ED0554}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/07 19:40:58 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/27 20:39:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vbox
[2014/11/27 20:39:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vbox
[2014/11/27 20:32:30 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/27 20:32:28 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/27 19:56:00 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/27 19:55:38 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/27 19:55:38 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/27 19:55:38 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/27 19:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/21 10:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/11/11 12:29:09 | 000,000,000 | ---D | C] -- C:\Users\Newton\Documents\Visual Studio 2013
[2014/11/11 12:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0
[2014/11/11 11:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NuGet
[2014/11/11 11:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet
[2014/11/11 11:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2014/11/11 11:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2014/11/11 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2014/11/11 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
[2014/11/11 11:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer
[2014/11/11 11:15:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2014/11/11 11:10:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2014/11/11 11:10:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2014/11/11 11:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2014/11/11 11:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2014/11/11 11:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014/11/11 11:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
[2014/11/11 11:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 12.0
[2014/11/11 10:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014/11/11 10:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/11/11 10:25:28 | 000,000,000 | ---D | C] -- C:\Windows\en
[2014/11/11 10:24:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014/11/11 10:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2014/11/10 12:13:57 | 000,000,000 | -HSD | C] -- C:\Users\Newton\AppData\Local\EmieUserList
[2014/11/10 12:13:57 | 000,000,000 | -HSD | C] -- C:\Users\Newton\AppData\Local\EmieSiteList
[2014/11/10 11:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft OneDrive
[2014/11/10 11:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2014/11/10 11:23:43 | 000,000,000 | ---D | C] -- C:\Users\Newton\AppData\Local\Windows Live
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/02 09:22:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/01 10:45:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\SpyHunter4.job
[2014/12/01 03:13:23 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/01 03:13:23 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/29 10:17:10 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/27 20:33:43 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/11/27 20:33:42 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/11/27 20:32:29 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/11/27 20:32:29 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/27 20:32:29 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/11/27 20:32:29 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/11/27 20:32:29 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/11/27 20:32:29 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/11/27 20:32:29 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/11/27 20:32:29 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/27 20:32:29 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/11/27 19:59:02 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/27 19:55:41 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/27 19:55:25 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/27 19:55:25 | 000,667,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/27 19:55:25 | 000,127,152 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/13 03:27:14 | 000,493,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/11 14:16:31 | 000,000,632 | RHS- | M] () -- C:\Users\Newton\ntuser.pol
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/27 20:33:43 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/11/27 19:55:41 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/29 11:33:42 | 000,766,376 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/28 15:00:46 | 000,007,610 | ---- | C] () -- C:\Users\Newton\AppData\Local\Resmon.ResmonCfg
[2013/04/30 19:45:26 | 000,000,151 | ---- | C] () -- C:\ProgramData\viw7l.reg
[2011/09/17 18:31:56 | 000,000,632 | RHS- | C] () -- C:\Users\Newton\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 02:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 01:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/09/19 11:36:58 | 000,000,000 | ---D | M] -- C:\Users\Newton\AppData\Roaming\AVAST Software
[2012/12/31 12:41:15 | 000,000,000 | ---D | M] -- C:\Users\Newton\AppData\Roaming\AVG
[2012/06/06 19:18:08 | 000,000,000 | ---D | M] -- C:\Users\Newton\AppData\Roaming\Cocoon Software
[2013/10/06 10:30:42 | 000,000,000 | ---D | M] -- C:\Users\Newton\AppData\Roaming\ICAClient
[2011/09/24 19:25:14 | 000,000,000 | ---D | M] -- C:\Users\Newton\AppData\Roaming\PCDr
[2012/12/30 21:35:49 | 000,000,000 | ---D | M] -- C:\Users\Newton\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >

 

Extras.txt

 

OTL Extras logfile created on: 12/2/2014 10:12:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adele\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.96 Gb Total Physical Memory | 5.36 Gb Available Physical Memory | 67.32% Memory free
15.92 Gb Paging File | 11.25 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.15 Gb Total Space | 737.13 Gb Free Space | 80.20% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 14.83 Gb Total Space | 1.76 Gb Free Space | 11.88% Space Free | Partition Type: FAT32
Drive I: | 979.00 Mb Total Space | 281.52 Mb Free Space | 28.76% Space Free | Partition Type: FAT
 
Computer Name: NEWTON | User Name: Newton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AE87B63-9C10-4F83-958E-B4F22D978295}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12E43952-DE4C-4BB0-A6E0-1690BF9D7060}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{233A2824-15E9-4681-9F0E-39E1A266E762}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{267BB2CB-C606-494F-9C1A-AA7991A34E40}" = rport=445 | protocol=6 | dir=out | app=system |
"{29658559-981D-4258-A7F1-827014653A60}" = lport=138 | protocol=17 | dir=in | app=system |
"{30A4B028-3F3A-4226-BD07-BD4B1EB1BA40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4821648B-088D-4B4A-8A20-BE5846C48F09}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48A12B64-95FF-44BC-82F5-A74F01D034F4}" = lport=137 | protocol=17 | dir=in | app=system |
"{54EC2879-626A-43E7-9C42-827EDA1FFAC1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{559DC19A-2CD3-4297-8B43-5E019F910C9F}" = rport=139 | protocol=6 | dir=out | app=system |
"{57175BCD-8195-401C-81A2-C2AF075E741B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{75112D12-48E6-4663-87A9-2A68666DC832}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7917FEB2-7CF2-4915-9912-9673AA291541}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8446BD7C-9733-4559-B767-A28BD79B2673}" = lport=10243 | protocol=6 | dir=in | app=system |
"{84D77B6F-80B0-4EBB-910E-BC2F500C2686}" = rport=137 | protocol=17 | dir=out | app=system |
"{887BB781-1365-4482-B9DD-3822C1F4856C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{92BDA28B-02A9-43DA-944B-F0B2457981F6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{9AF0EBD6-BFA8-4B79-8476-ECAFD6EAA049}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C96C976-50DD-4E50-906C-49E404C1A870}" = rport=138 | protocol=17 | dir=out | app=system |
"{9EA3F0E6-E5E4-4B0C-8B60-144BA8B462BA}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A73DE76B-9A81-48FF-A140-AB5DA445A01D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA079AAB-8457-4C4F-A093-E3A5C9955DDF}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\wdexpress.exe |
"{C301CBD6-807A-4CE2-893D-9D237E6D25A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4EA324D-DF5C-432C-9749-CA7F883B953D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0A0F105-715D-429E-A2B0-7F983FE5051D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1EEB416-950F-4B44-8E37-92593F9E1825}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D33648EE-6860-4621-829A-767894B2EA59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D83216B1-AE1E-47B9-9A84-59F3476FD6E8}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8A26FB4-3987-4ECE-BF80-31614826A3B1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E19ED96F-72FA-4D6A-8396-B3A536968087}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F2060692-9A5F-4F9A-877F-270C1197B570}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F81B42C3-9A1E-456C-B8BA-982316537C8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA9BD311-9E40-421C-9F46-10A1D6B49F13}" = lport=139 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{114F36B3-0DAA-4054-BCB9-DF6380B33A5B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{15CCED59-1AA2-43CD-944E-4E25A1A7F642}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{205996A3-AF9E-4637-83FF-B40E75630CCA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2357B62E-9A15-4A7E-A3CB-C52A5254C2A7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{250A2207-A511-4A74-870D-DC859A0B7FE3}" = dir=in | app=c:\users\newton\appdata\local\microsoft\skydrive\skydrive.exe |
"{2629FDD4-9C70-463A-BE0F-6C909CB95F22}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{28DF168F-2FBA-40C7-ADC5-411AFAA1709B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{29924ED5-07FD-4F2B-A7E2-E09593F647A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33BD9FC1-98C1-4D52-A54C-A87A9A89F367}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{3750F2EF-FA9B-4AC4-9AD6-6035B0CC6BDE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3840BF39-8319-44D5-9745-A83BEA854B74}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{411BBE28-17BA-4742-97B8-90E86A8C680C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{45F37A9F-FC75-42E0-91DF-B1B91C4EDBF0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{4EC595DF-4787-4B3E-8AE5-6DC743B6E20D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50F88E36-9705-4DD7-8424-C89F568FB996}" = protocol=1 | dir=in | [email protected],-28543 |
"{5D98952B-E001-4882-A086-830EC9B30687}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F20372C-BF9E-4628-8D89-F6C3D4A309BF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{61DFB25B-4577-419F-BF3C-F9D6C9215133}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7426D568-B4D4-452D-A048-618688EB3D1E}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{77C81DF3-6989-4ED9-887C-46CDF372FD99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{780FCC3C-91AF-42CC-84FB-7D26F8876D43}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{788248E0-A09A-48D3-886E-FA989E085A28}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{7F2648CA-047A-4613-BD0D-357FE911773B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8299F0C7-31A4-4344-A380-A49D89BE7CB1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{89930391-D2D1-409A-B3EE-26DB4A555309}" = protocol=58 | dir=out | [email protected],-28546 |
"{8A39490B-A77A-4D3E-A6DC-6F18DD6FD0AC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8C425435-B3D9-4795-9842-5508CB933E79}" = protocol=58 | dir=in | [email protected],-28545 |
"{9448A22F-5430-4300-84DD-544A674D2A5D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A44048B2-5A89-4685-83B2-4EEB8C647C6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5D1C0F7-C219-48F6-8C95-F9ECB558AE49}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A7733453-4C62-4068-8685-400A9501C71E}" = protocol=1 | dir=out | [email protected],-28544 |
"{B06E9FA3-9180-47ED-9ED3-8B2BC10D7AA1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B73D6676-33FA-4324-8D8B-BB55973C0556}" = protocol=6 | dir=out | app=system |
"{BE074DC4-8268-4071-AFDD-4F712072A0C3}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{C17B0930-5A0F-43E5-8150-20328BFBF521}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{C1B2A4E6-6BCC-41BC-A587-C78F35FB17FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C784E4F3-F7AA-469B-8B0C-2E9E310A796B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{CAC77009-515F-4B2E-A7A6-174FEDCE2FB5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CB564FE3-A888-46F8-8761-F1F54E0EF47D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D463A964-DDA0-451B-B90D-5B4F797515FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4DAA8A5-888D-490B-B47C-8CC900820115}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D77FAB64-7A79-4B26-A286-0ADD48929EC2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DAB02603-A9CF-4C75-B587-BE4689198123}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4A0E2FC-095A-4AF7-ADBD-4D4263B3B309}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E81F0CA4-595D-4B04-BAA1-0796452359A8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{EEDB1851-2CE0-4CA3-BCC2-47BE577377D7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F0528E13-18A6-4DAA-9BE4-BEAE0AA8530D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7E23653-28DB-484B-B66B-4E3205D27B36}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F8EEA38F-F2DD-4308-8654-CB3DA06166CA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FD480786-F81E-4A13-801B-7AB1BB691410}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{05FF8209-C4F1-4C77-BC28-791653156D20}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{299CAA36-AED0-402E-8D85-E20D4FBB9B88}" = Build Tools Language Resources - amd64
"{2C5DC777-D62C-427D-8CC6-90331A734E91}" = Build Tools - amd64
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}" = Microsoft SQL Server 2012 Management Objects  (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5247E16E-BCF8-95AB-1653-B3F8FBF8B3F1}" = Windows Software Development Kit DirectX x64 Remote
"{54C5041B-0E91-4E92-8417-AAA12493C790}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{560D1BE8-7A52-3F63-91B3-E785E5A2175D}" = Microsoft Team Foundation Server 2013 Update 3 Object Model (x64)
"{58FED865-4F13-408D-A5BF-996019C4B936}" = Microsoft SQL Server 2012 Command Line Utilities
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60391499-BB97-3FC7-9F17-2BF560DCE231}" = Microsoft Visual Studio 2013 Express Prerequisites x64 - ENU
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6C026A91-640F-4A23-8B68-05D589CC6F18}" = Microsoft SQL Server 2012 Express LocalDB
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F4525A-470D-F15C-796E-58D9988C3E5F}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A6BA243E-85A3-4635-A269-32949C98AC7F}" = Microsoft SQL Server 2012 Data-Tier App Framework  (x64)
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.78
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.78
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.78
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.14.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B74B199A-EDD4-B657-E055-327D454402D2}" = Windows Software Development Kit DirectX x64 Remote
"{C596D608-3E74-3232-8CA5-DF1DCB9F10DE}" = Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}" = Microsoft SQL Server 2012 Native Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4DEB20D-CACC-4906-B0FC-0952D5A9CBF1}" = Microsoft Visual Studio 2013 Diagnostic Tools - amd64
"{EDC516BF-EA86-36C7-96BD-8AC103496178}" = Microsoft Team Foundation Server 2013 Update 3 Object Model Language Pack (x64) - ENU
"Dell Support Center" = Dell Support Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{0398BFBC-991B-3275-9463-D2BF91B3C80B}" = Microsoft Help Viewer 2.1
"{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}" = Microsoft SQL Server 2012 T-SQL Language Service
"{070C38AC-05CE-43DF-9A20-141332F6AB2B}" = Microsoft System CLR Types for SQL Server 2012
"{0B698858-DAB0-4F9E-A10A-125B274EDA06}" = Microsoft Visual C++  x64 Libraries
"{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}" = Microsoft SQL Server Data Tools - enu (12.0.30919.1)
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{133236FE-E2F7-4313-8BF8-A10ACAAA7CB9}" = Citrix online plug-in (USB)
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18976EBC-40B7-40CB-A55C-99114758073A}" = Microsoft Visual Studio 2013 Diagnostic Tools - x86
"{19A5926D-66E1-46FC-854D-163AA10A52D3}" = Microsoft .NET Framework 4.5.1 SDK
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{1DBDCA41-2BDB-48EC-BB8D-E2B2F8EA83D9}" = Microsoft Azure Shared Components for Visual Studio 2013 - v1.2
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E30CCBB-0773-38D3-8433-C426EF2C0FF0}" = VS Update core components
"{1ef771b4-b774-439e-a015-23dec292d9a4}" = Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 3
"{1F1AA110-D758-30C1-A1B4-5484C72BCACE}" = Microsoft Visual Studio Express 2013 for Windows Desktop - ENU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{205A8E25-7ABE-30AB-929E-80A63A7AFBE3}" = Microsoft Portable Library Multi-Targeting Pack
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28C7344F-E894-4CF5-8D05-EDC7ED71796C}" = Behaviors SDK (Windows) for Visual Studio 2013
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F7DBBE6-8EBC-495C-9041-46A772F4E311}" = Microsoft SQL Server 2012 Management Objects
"{2FC7287D-39DD-4A84-9806-D27D3CCDC51B}" = Citrix online plug-in (Web)
"{30406318-C317-3AAF-899B-E7D0CEB6F548}" = Microsoft Visual Studio 2013 XAML UI Designer
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}" = Prerequisites for SSDT
"{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps
"{3D7CA364-4B7C-352B-8A63-E12CA3AE6659}" = Microsoft Visual Studio 2013 XAML UI Designer - ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4781443E-204D-4D98-8899-18A123C13B1E}" = Microsoft C++ REST SDK for Visual Studio 2013
"{492FCC0B-45E1-383A-A2CF-9E7F305AC200}" = Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU
"{495D0BE3-CA66-4768-9D3E-7CDCA0C2B9F7}" = TypeScript Power Tool
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE57014-05C4-4864-A13D-86517A7E1BA4}" = Microsoft .NET Framework 4.5 SDK
"{5411060C-8F8C-393D-8D3B-26AF2C92FABB}" = Microsoft Visual Studio 2013 Shell (Minimum)
"{56AD3004-0B49-967F-F682-B05650B61A78}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{57287FDF-27E6-45BC-9DD2-A33545C46C1A}" = Citrix online plug-in (HDX)
"{594DB57D-58D1-4AA3-AE6C-BF99484F52F8}" = Behaviors SDK (Windows Phone) for Visual Studio 2013
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5D5CFAD6-9F93-8C63-3EB0-B6A0D3D4BD12}" = Windows Software Development Kit
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62910715-63E3-0AB0-0B29-99140DE1C15E}" = LocalESPC
"{64484316-E4BA-38B3-8954-0358522A8D40}" = Microsoft Visual Studio Express 2013 for Windows Desktop
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{6781FF9B-E87D-4A03-9373-A55A288B83FA}" = Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
"{678800C0-D94E-4513-89CB-478F2B781A0B}" = Microsoft Visual C++ 2013 x86-x64 Compilers
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6C06FEE9-C64E-453F-B8A5-D9E9B79ED040}" = Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F2FDD50-E0F3-4117-B575-78E77F8D11EF}" = Citrix online plug-in (DV)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73629F80-9DFE-421A-908B-C71FBD243E5A}" = Microsoft Report Viewer Add-On for Visual Studio 2013
"{7754915B-C85B-458C-B531-48E286DE96E6}" = Build Tools Language Resources - x86
"{7AE61976-6FE2-4B65-9E1C-4DE44288772B}" = Visual Studio Extensions for Windows Library for JavaScript
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{84D88F57-4130-30FE-A0B6-1E04428FE1F6}" = Microsoft Visual C++ 2013 Core Libraries
"{85253F13-EE42-4850-A3A5-79B90E92D7AC}" = Entity Framework 6.1.1 Tools  for Visual Studio 2013
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90530409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Standard 2002 [English]
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit
"{985EF141-95DD-3934-8F23-7C2C4C61E5F7}" = Microsoft Visual Studio 2013 Shell (Minimum) Resources
"{99FCCA2B-F1FD-E66E-E3B9-AA57FBBF2E66}" = Windows Software Development Kit for Windows Store Apps
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E7DE17D-A9E2-4762-8C10-1E80F5976F4A}" = Microsoft Visual Studio 2013 Preparation
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{A0332229-4EF7-4A36-AED8-E5876EB2DF86}" = Windows Live UX Platform Language Pack
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A1CB8286-CFB3-A985-D799-721A0F2A27F3}" = Windows Software Development Kit DirectX x86 Remote
"{A1CFE5F7-07CA-44D6-B553-BE22B180F660}" = Build Tools - x86
"{A3B8D9FB-CA7D-4487-8CA2-A6A2C8AD1077}" = Microsoft Visual C++  x86 Libraries
"{A6030DAD-1600-F767-C8DD-C722ADFE8FBC}" = Windows Software Development Kit DirectX x86 Remote
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE937DBA-FEFD-3BFE-9860-0591C0F91D61}" = Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E7751E-88ED-36CF-B610-71A1D262E906}" = Team Explorer for Microsoft Visual Studio 2013
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D3517C62-68A5-37CF-92F7-93C029A89681}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12AD0E4-1FCD-4E23-A58A-C983B85E112A}" = TypeScript Tools for Microsoft Visual Studio 2013
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E462BBB9-2FA4-322D-84A8-51A83AB4695D}" = Microsoft NuGet - Visual Studio Express 2013 for Windows Desktop
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5CAE8D2-9F9F-3BEA-AA0F-B5B40611C704}" = Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F8876D7F-9678-46FD-92DA-BB9C7D3B116F}" = Python Tools Redirection Template
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F8F630A7-6789-44D5-8653-3B27969CF337}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avast" = Avast Free Antivirus
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Dell Dock" = Dell Dock
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Microsoft Help Viewer 2.1" = Microsoft Help Viewer 2.1
"Mozilla Firefox 33.1.1 (x86 en-US)" = Mozilla Firefox 33.1.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Shockwave" = Shockwave
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/17/2013 7:17:42 AM | Computer Name = Newton | Source = Application Error | ID = 1000
Description = Faulting application name: FlashUtil64_11_7_700_202_ActiveX.exe, version:
 11.7.700.202, time stamp: 0x5180202b  Faulting module name: ntdll.dll, version: 6.1.7601.18205,
 time stamp: 0x51dba4e7  Exception code: 0xc000041d  Fault offset: 0x0000000000053290
Faulting
 process id: 0x17c8  Faulting application start time: 0x01ce9b3ae98c6b87  Faulting application
 path: C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe  Faulting
 module path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: a1f1c485-072e-11e3-a9e0-842b2bb7bf82
 
Error - 8/18/2013 4:06:48 AM | Computer Name = Newton | Source = Application Error | ID = 1000
Description = Faulting application name: mcshield.exe, version: 14.4.0.387, time
 stamp: 0x4ee2c0e2  Faulting module name: ole32.dll, version: 6.1.7601.17514, time
 stamp: 0x4ce7c92c  Exception code: 0xc0000005  Fault offset: 0x000000000000d89e  Faulting
 process id: 0xaa4  Faulting application start time: 0x01ce995fcd6ec0ba  Faulting application
 path: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe  Faulting module
 path: C:\Windows\system32\ole32.dll  Report Id: 214e6f99-07dd-11e3-a9e0-842b2bb7bf82
 
Error - 8/18/2013 3:33:17 PM | Computer Name = Newton | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16660 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 2bdc    Start
 Time: 01ce9c4975aed803    Termination Time: 28    Application Path: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE    Report Id:  
 
Error - 8/20/2013 5:55:25 AM | Computer Name = Newton | Source = Application Error | ID = 1000
Description = Faulting application name: FlashUtil64_11_7_700_202_ActiveX.exe, version:
 11.7.700.202, time stamp: 0x5180202b  Faulting module name: ntdll.dll, version: 6.1.7601.18205,
 time stamp: 0x51dba4e7  Exception code: 0xc0000005  Fault offset: 0x0000000000053290
Faulting
 process id: 0x1140  Faulting application start time: 0x01ce9d8b58cf6a01  Faulting application
 path: C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe  Faulting
 module path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: a29bf747-097e-11e3-a86f-842b2bb7bf82
 
Error - 8/20/2013 5:56:43 AM | Computer Name = Newton | Source = Application Error | ID = 1000
Description = Faulting application name: FlashUtil64_11_7_700_202_ActiveX.exe, version:
 11.7.700.202, time stamp: 0x5180202b  Faulting module name: ntdll.dll, version: 6.1.7601.18205,
 time stamp: 0x51dba4e7  Exception code: 0xc000041d  Fault offset: 0x0000000000053290
Faulting
 process id: 0x1140  Faulting application start time: 0x01ce9d8b58cf6a01  Faulting application
 path: C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe  Faulting
 module path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: d0f70bd5-097e-11e3-a86f-842b2bb7bf82
 
Error - 8/20/2013 6:13:01 AM | Computer Name = Newton | Source = ESENT | ID = 455
Description = taskhost (4528) WebCacheLocal: Error -1811 occurred while opening
logfile C:\Users\Adele\AppData\Local\Microsoft\Windows\WebCache\V01001CD.log.
 
Error - 8/28/2013 4:03:41 PM | Computer Name = Newton | Source = Application Error | ID = 1000
Description = Faulting application name: FlashUtil64_11_7_700_202_ActiveX.exe, version:
 11.7.700.202, time stamp: 0x5180202b  Faulting module name: ntdll.dll, version: 6.1.7601.18205,
 time stamp: 0x51dba4e7  Exception code: 0xc0000005  Fault offset: 0x0000000000053290
Faulting
 process id: 0x9bc  Faulting application start time: 0x01cea429ae3dca46  Faulting application
 path: C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe  Faulting
 module path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: eea41671-101c-11e3-95fc-842b2bb7bf82
 
Error - 8/31/2013 6:11:07 AM | Computer Name = Newton | Source = Application Error | ID = 1000
Description = Faulting application name: mcshield.exe, version: 14.4.0.387, time
 stamp: 0x4ee2c0e2  Faulting module name: ole32.dll, version: 6.1.7601.17514, time
 stamp: 0x4ce7c92c  Exception code: 0xc0000005  Fault offset: 0x000000000000d89e  Faulting
 process id: 0xba0  Faulting application start time: 0x01cea5a1e17f4c35  Faulting application
 path: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe  Faulting module
 path: C:\Windows\system32\ole32.dll  Report Id: a64e9b62-1225-11e3-9843-842b2bb7bf82
 
Error - 9/5/2013 10:40:37 AM | Computer Name = Newton | Source = Application Error | ID = 1000
Description = Faulting application name: FlashUtil64_11_7_700_202_ActiveX.exe, version:
 11.7.700.202, time stamp: 0x5180202b  Faulting module name: ntdll.dll, version: 6.1.7601.18205,
 time stamp: 0x51dba4e7  Exception code: 0xc0000005  Fault offset: 0x0000000000053290
Faulting
 process id: 0xa14  Faulting application start time: 0x01ceaa45d1daeb86  Faulting application
 path: C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe  Faulting
 module path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: 20b8595c-1639-11e3-9527-842b2bb7bf82
 
Error - 9/10/2013 6:28:47 AM | Computer Name = Newton | Source = Application Error | ID = 1000
Description = Faulting application name: mcshield.exe, version: 14.4.0.387, time
 stamp: 0x4ee2c0e2  Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4a5bdfd0  Exception code: 0xc0000005  Fault offset: 0x000007fef79d75f4
Faulting
 process id: 0xb50  Faulting application start time: 0x01ceaa45a9f5282f  Faulting application
 path: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe  Faulting module
 path: netprofm.dll  Report Id: c63d8fe5-1a03-11e3-9527-842b2bb7bf82
 
[ Dell Events ]
Error - 1/5/2011 10:03:49 AM | Computer Name = Adele-Newton | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
[ Media Center Events ]
Error - 3/23/2014 4:03:54 AM | Computer Name = Newton | Source = MCUpdate | ID = 0
Description = 08:03:54 - Error connecting to the internet.  08:03:54 -     Unable
to contact server.. 
 
Error - 5/19/2014 3:59:20 PM | Computer Name = Newton | Source = MCUpdate | ID = 0
Description = 20:59:20 - Error connecting to the internet.  20:59:20 -     Unable
to contact server.. 
 
Error - 5/19/2014 5:00:22 PM | Computer Name = Newton | Source = MCUpdate | ID = 0
Description = 22:00:22 - Error connecting to the internet.  22:00:22 -     Unable
to contact server.. 
 
Error - 5/19/2014 6:01:14 PM | Computer Name = Newton | Source = MCUpdate | ID = 0
Description = 23:01:14 - Error connecting to the internet.  23:01:14 -     Unable
to contact server.. 
 
Error - 5/19/2014 7:22:11 PM | Computer Name = Newton | Source = MCUpdate | ID = 0
Description = 00:22:11 - Error connecting to the internet.  00:22:11 -     Unable
to contact server.. 
 
Error - 9/6/2014 11:24:17 PM | Computer Name = Newton | Source = MCUpdate | ID = 0
Description = 04:24:16 - Error connecting to the internet.  04:24:16 -     Unable
to contact server.. 
 
Error - 9/7/2014 12:25:05 AM | Computer Name = Newton | Source = MCUpdate | ID = 0
Description = 05:25:05 - Error connecting to the internet.  05:25:05 -     Unable
to contact server.. 
 
Error - 9/7/2014 1:25:58 AM | Computer Name = Newton | Source = MCUpdate | ID = 0
Description = 06:25:58 - Error connecting to the internet.  06:25:58 -     Unable
to contact server.. 
 
Error - 9/7/2014 2:29:47 AM | Computer Name = Newton | Source = MCUpdate | ID = 0
Description = 07:29:47 - Error connecting to the internet.  07:29:47 -     Unable
to contact server.. 
 
Error - 10/7/2014 6:11:28 AM | Computer Name = Newton | Source = MCUpdate | ID = 0
Description = 11:11:28 - Error connecting to the internet.  11:11:28 -     Unable
to contact server.. 
 
[ System Events ]
Error - 11/27/2014 2:36:50 PM | Computer Name = Newton | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 11/27/2014 2:37:03 PM | Computer Name = Newton | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 11/27/2014 4:14:24 PM | Computer Name = Newton | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
 Data: Error Value: 2147549183.
 
Error - 11/27/2014 4:15:22 PM | Computer Name = Newton | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 11/27/2014 4:34:49 PM | Computer Name = Newton | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
 Data: Error Value: 2147549183.
 
Error - 11/28/2014 8:43:19 AM | Computer Name = Newton | Source = DCOM | ID = 10010
Description =
 
Error - 11/29/2014 8:54:59 AM | Computer Name = Newton | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
 Data: Error Value: 2147549183.
 
Error - 11/29/2014 1:29:39 PM | Computer Name = Newton | Source = DCOM | ID = 10010
Description =
 
Error - 11/30/2014 11:05:47 PM | Computer Name = Newton | Source = DCOM | ID = 10010
Description =
 
Error - 12/2/2014 5:22:29 AM | Computer Name = Newton | Source = DCOM | ID = 10010
Description =
 
[ TuneUp Events ]
Error - 6/4/2013 11:34:56 AM | Computer Name = Newton | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 6/4/2013 11:34:56 AM | Computer Name = Newton | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 6/5/2013 3:26:09 PM | Computer Name = Newton | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 6/7/2013 3:10:44 AM | Computer Name = Newton | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 6/7/2013 10:02:33 PM | Computer Name = Newton | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 6/7/2013 10:02:33 PM | Computer Name = Newton | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 6/7/2013 11:52:47 PM | Computer Name = Newton | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 6/7/2013 11:52:48 PM | Computer Name = Newton | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 6/9/2013 7:59:08 AM | Computer Name = Newton | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 6/9/2013 1:09:26 PM | Computer Name = Newton | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
 
< End of report >
 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

The .class sounds like a Java thing.  Clear the Java Cache by following the instructions on

 
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 6 Update 22
 Java 7 Update 45
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
(If you also want the 64 bit version then use the 64 bit version of IE to get it.)
 
I also see that you have a lot of McAfee drivers still active.  These need to go.  
 
Download the McAfee Removal tool
 
 run the McAfee uninstall tool by right clicking and hitting Run As Administrator, reboot when done.
 
Avast keeps a copy of the boot scan in:
 
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt   See if you can find it and either copy and paste the text or attach it to your next post.
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy  (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.
Uninstall Speccy.
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
Ron
 
 
 

  • 0

#3
adelehirst

adelehirst

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi,

 

Many thanks for your help... I must admit I feel this is my own fault as I've been ignoring the java update popups for ages... :s  ekks o well im here now I guess..   anyway heres the output to your instructions...

 

1.  Java is now uninstalled

 

2. McAfee removal tool has been ran

 

3. Boot scan attached to this post

 

4.  Proc exp output attached

 

5.  Speccy output attached (newton.txt)  and speccy uninstalled

 

6.  cleared system and app logs

 

7. just running sfc scan....

 

 

Attached Files


  • 0

#4
adelehirst

adelehirst

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

7.  SFC scan ran and no problems found

 

8.  event viewer tool ran as admin and output attached..

 

 

any further advice/help will be much appreciated.

 

cheers!

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/12/2014 10:27:56
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/12/2014 10:24:16
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004
 
Log: 'System' Date/Time: 08/12/2014 10:24:10
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004
 
Log: 'System' Date/Time: 08/12/2014 10:23:16
Type: Error Category: 403
Event: 413 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
Log: 'System' Date/Time: 08/12/2014 09:51:06
Type: Error Category: 403
Event: 413 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/12/2014 10:23:58
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#18E391066476&1#.
 
Log: 'System' Date/Time: 08/12/2014 10:22:23
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 08/12/2014 09:51:59
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#18E391066476&1#.
 
Log: 'System' Date/Time: 08/12/2014 09:50:22
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 

Attached Files

  • Attached File  VEW.txt   2.15KB   163 downloads

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

I see:

 



Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

 

 

Which is sort of odd because on my Win 7 64 bit the Virtual Disk service is not running but it is on yours.  Normally this service is set to Manual and doesn't run.  Unless you know of a reason why it should be on let's turn it off:  Copy the next 2 lines:
 

sc stop vds
sc config vds start= demand

Now Start, All Programs, Accessories then right click on Command Prompt and Run As Admin.  A black command window should open.  Right click and Paste or Edit then Paste and the copied lines should appear.  Hit Enter.  

 

Reboot.

 

For this one:

 


 

Event: 413 Source: Microsoft-Windows-TaskScheduler Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

 

 

We will need to dig a little deeper.  Have you run ccleaner in the past?  Let's run FRST:
 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system.  (FRST64.exe) If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also copy and paste that along with the FRST.txt into your reply. 
  •  

    • 0

    #6
    adelehirst

    adelehirst

      Member

    • Topic Starter
    • Member
    • PipPip
    • 13 posts

    Done the vds bit..

     

    ran the farbar app... logs attached..  but yeah I have ran cccleaner before if that's of help.

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2014
    Ran by Adele (ATTENTION: The logged in user is not administrator) on NEWTON on 08-12-2014 20:44:01
    Running from C:\Users\Adele\Desktop
    Loaded Profile: Adele (Available profiles: Adele & Newton & Frey & UpdatusUser)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Trusteer Ltd.) C:\Users\Adele\AppData\Local\Trusteer\Rapport\app\bin\RapportService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
    (Trusteer Ltd.) C:\Users\Adele\AppData\Local\Trusteer\Rapport\app\bin\x64\RapportInjService_x64.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-07] (Realtek Semiconductor)
    HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
    HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-27] (AVAST Software)
    HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
    HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [161088 2010-07-21] ()
    HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-11] ()
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-4244251359-3273506151-932239939-1001\...\Run: [Rapportexe] => C:\Users\Adele\AppData\Local\Trusteer\Rapport\app\bin\RapportService.exe [2640152 2014-07-10] (Trusteer Ltd.)
    HKU\S-1-5-21-4244251359-3273506151-932239939-1001\...\Run: [Google Update**.d<*>] => "C:\Users\Adele\AppData\Local\Google\Desktop\Install\{d793df98-6031-5662-95d7-386666cc08ce}\d'x"Ù"\", &h#\. ùû[\{d793df98-6031-5662-95d7-386666cc08ce}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-4244251359-3273506151-932239939-1001\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Adele\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 04dfba2f44dc47d08a2b55626d535671-cad2377586c6103ed7bd112eabd7703e226050b1 --CMPID 0913b
    HKU\S-1-5-21-4244251359-3273506151-932239939-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-21-4244251359-3273506151-932239939-1001\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-4244251359-3273506151-932239939-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-19] (Microsoft Corporation)
    Startup: C:\Users\Adele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Adele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Adele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    GroupPolicyUsers\S-1-5-21-4244251359-3273506151-932239939-1001\User: Group Policy restriction detected <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-4244251359-3273506151-932239939-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-4244251359-3273506151-932239939-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
    SearchScopes: HKLM -> DefaultScope {42222B51-E31E-414C-A5D3-9008172B5B8F} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {42222B51-E31E-414C-A5D3-9008172B5B8F} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {44C38246-F706-4601-80F4-697D7BA309E4} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {44C38246-F706-4601-80F4-697D7BA309E4} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-4244251359-3273506151-932239939-1001 -> DefaultScope {42222B51-E31E-414C-A5D3-9008172B5B8F} URL = 
    SearchScopes: HKU\S-1-5-21-4244251359-3273506151-932239939-1001 -> {42222B51-E31E-414C-A5D3-9008172B5B8F} URL = 
    SearchScopes: HKU\S-1-5-21-4244251359-3273506151-932239939-1001 -> {44C38246-F706-4601-80F4-697D7BA309E4} URL = 
    BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} ->  No File
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} ->  No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-4244251359-3273506151-932239939-1001 -> No Name - {8020143D-5926-4394-A04D-DD0B649DA121} -  No File
    DPF: HKLM-x32 {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20110519041506
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Adele\AppData\Roaming\Mozilla\Firefox\Profiles\xeev7akr.default
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-19]
     
    Chrome: 
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Adele\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Adele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-28]
    CHR Extension: (Google Drive) - C:\Users\Adele\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-28]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Adele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28]
    CHR Extension: (Google Search) - C:\Users\Adele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-28]
    CHR Extension: (Avast Online Security) - C:\Users\Adele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-28]
    CHR Extension: (Google Wallet) - C:\Users\Adele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-28]
    CHR Extension: (Gmail) - C:\Users\Adele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-28]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-27] (Avast Software)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
    R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
    R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
    S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
    S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-27] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-27] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-27] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-27] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-27] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-27] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-27] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-27] ()
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-08] (Malwarebytes Corporation)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-27] (Avast Software)
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-08 20:44 - 2014-12-08 20:44 - 00021307 _____ () C:\Users\Adele\Desktop\FRST.txt
    2014-12-08 20:43 - 2014-12-08 20:44 - 00000000 ____D () C:\FRST
    2014-12-08 20:43 - 2014-12-08 20:43 - 02119680 _____ (Farbar) C:\Users\Adele\Desktop\FRST64.exe
    2014-12-08 20:36 - 2014-12-08 20:37 - 00000197 _____ () C:\Windows\system32\2014-12-08-20-36-58.079-AvastVBoxSVC.exe-3372.log
    2014-12-08 10:28 - 2014-12-08 10:28 - 00002198 _____ () C:\Users\Newton\Desktop\VEW.txt
    2014-12-08 10:27 - 2014-12-08 10:27 - 00002198 _____ () C:\VEW.txt
    2014-12-08 10:26 - 2014-12-08 10:26 - 00061440 _____ ( ) C:\Users\Newton\Desktop\VEW.exe
    2014-12-08 10:24 - 2014-12-08 10:24 - 00000197 _____ () C:\Windows\system32\2014-12-08-10-24-00.050-AvastVBoxSVC.exe-3516.log
    2014-12-08 10:21 - 2014-12-08 10:21 - 00000926 _____ () C:\Users\Newton\Desktop\disable_publisher_not_verified.zip
    2014-12-08 10:03 - 2014-12-08 09:28 - 00008042 _____ () C:\Users\Newton\Desktop\Procexp.txt
    2014-12-08 10:01 - 2014-12-08 10:01 - 00010522 _____ () C:\Users\Newton\Desktop\aswBoot.txt
    2014-12-08 09:54 - 2014-12-08 09:54 - 00000197 _____ () C:\Windows\system32\2014-12-08-09-54-00.064-AvastVBoxSVC.exe-3472.log
    2014-12-08 09:49 - 2014-12-08 09:49 - 00001393 _____ () C:\Users\Newton\Desktop\stuff.txt
    2014-12-08 09:41 - 2014-12-08 09:42 - 00361275 _____ () C:\Users\Newton\Desktop\NEWTON.txt
    2014-12-08 09:36 - 2014-12-08 09:37 - 04890736 _____ (Piriform Ltd) C:\Users\Newton\Desktop\spsetup126.exe
    2014-12-08 09:29 - 2014-12-08 09:29 - 00000000 __SHD () C:\Users\Newton\AppData\Local\EmieBrowserModeList
    2014-12-08 09:28 - 2014-12-08 09:28 - 00008042 _____ () C:\Users\Adele\Desktop\Procexp.txt
    2014-12-08 09:26 - 2014-12-08 09:26 - 00000000 ____D () C:\Users\Newton\AppData\Roaming\Macrovision
    2014-12-08 09:25 - 2014-12-08 09:25 - 00000000 ____D () C:\Users\Newton\AppData\Roaming\Roxio Burn
    2014-12-08 09:21 - 2014-12-08 09:21 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Adele\Desktop\procexp.exe
    2014-12-06 21:21 - 2014-12-06 21:21 - 00000197 _____ () C:\Windows\system32\2014-12-06-21-21-05.081-AvastVBoxSVC.exe-3600.log
    2014-12-06 21:12 - 2014-12-06 21:13 - 03480040 _____ (McAfee, Inc.) C:\Users\Adele\Desktop\MCPR.exe
    2014-12-02 10:21 - 2014-12-02 10:21 - 00091256 _____ () C:\Users\Adele\Desktop\Extras.Txt
    2014-12-02 10:20 - 2014-12-02 11:20 - 00116204 _____ () C:\Users\Adele\Desktop\OTL.Txt
    2014-12-02 10:11 - 2014-12-02 10:11 - 00602112 _____ (OldTimer Tools) C:\Users\Adele\Desktop\OTL.exe
    2014-11-29 12:59 - 2014-11-29 12:59 - 00000197 _____ () C:\Windows\system32\2014-11-29-12-59-57.047-AvastVBoxSVC.exe-3672.log
    2014-11-27 21:43 - 2014-11-27 21:43 - 00000247 _____ () C:\Windows\system32\2014-11-27-21-43-27.014-aswFe.exe-656.log
    2014-11-27 21:39 - 2014-11-27 21:43 - 00000247 _____ () C:\Windows\system32\2014-11-27-21-39-15.047-aswFe.exe-4092.log
    2014-11-27 21:39 - 2014-11-27 21:39 - 00000197 _____ () C:\Windows\system32\2014-11-27-21-39-11.033-AvastVBoxSVC.exe-2400.log
    2014-11-27 20:39 - 2014-11-27 20:57 - 00000000 ____D () C:\Windows\system32\vbox
    2014-11-27 20:39 - 2014-11-27 20:56 - 00000000 ____D () C:\Windows\SysWOW64\vbox
    2014-11-27 20:33 - 2014-11-27 20:33 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2014-11-27 20:32 - 2014-11-27 20:32 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-11-27 20:32 - 2014-11-27 20:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-11-27 19:56 - 2014-12-08 10:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-27 19:55 - 2014-12-08 09:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-27 19:55 - 2014-11-27 19:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-27 19:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-27 19:55 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-27 19:55 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-27 19:53 - 2014-11-27 19:55 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Adele\Desktop\mbam-setup-2.0.3.1025.exe
    2014-11-21 10:47 - 2014-11-21 10:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-18 20:25 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-18 20:25 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-11-18 20:25 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-11-18 20:25 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2014-11-16 09:34 - 2014-11-16 09:34 - 00000000 __SHD () C:\Users\Adele\AppData\Local\EmieBrowserModeList
    2014-11-12 10:46 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-11-12 10:46 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-11-12 10:46 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-12 10:46 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-12 10:46 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-11-12 10:46 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-11-12 10:46 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-12 10:46 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-11-12 10:46 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-11-12 10:46 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-12 10:46 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-12 10:46 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-11-12 10:46 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-12 10:46 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-12 10:46 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-11-12 10:46 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-11-12 10:46 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-11-12 10:46 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-12 10:46 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-11-12 10:46 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-12 10:46 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-11-12 10:46 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-11-12 10:46 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-11-12 10:46 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-11-12 10:46 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-11-12 10:46 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-11-12 10:46 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-11-12 10:46 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-11-12 10:46 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-11-12 10:46 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-11-12 10:46 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-11-12 10:46 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-12 10:46 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-11-12 10:46 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-11-12 10:46 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-12 10:46 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-11-12 10:46 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-12 10:46 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-12 10:46 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-11-12 10:46 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-11-12 10:46 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-12 10:46 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-11-12 10:46 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-11-12 10:46 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-11-12 10:46 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-12 10:46 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-11-12 10:46 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-11-12 10:46 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-11-12 10:46 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-11-12 10:46 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-12 10:46 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-12 10:46 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-11-12 10:46 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-11-12 10:46 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-11-12 10:46 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-11-12 10:46 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-11-12 10:45 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-11-12 10:45 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-11-12 10:45 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-11-12 10:45 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-12 10:45 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-12 10:45 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-12 10:45 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-12 10:45 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-12 10:45 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-11-12 10:45 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-11-12 10:45 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2014-11-12 10:45 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2014-11-12 10:40 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-12 10:40 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-11-12 10:40 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-12 10:40 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-11-12 10:40 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-12 10:40 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-12 10:40 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-12 10:40 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-12 10:40 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-12 10:40 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-12 10:40 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-11-12 10:40 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-11-12 10:40 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-11-12 10:40 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-12 10:40 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-12 10:40 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-12 10:40 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-12 10:40 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-12 10:40 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-12 10:40 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-11-12 10:40 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-11-12 10:40 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-11-12 10:40 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-11-12 10:40 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-11-12 10:40 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-11-12 10:40 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-12 10:40 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-12 10:40 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-11-12 10:40 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-11-12 10:40 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-12 10:40 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2014-11-12 10:39 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-12 10:39 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-11-12 03:02 - 2014-11-12 03:03 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2013
    2014-11-12 03:02 - 2014-11-12 03:03 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2013
    2014-11-11 12:29 - 2014-11-11 12:29 - 00000000 ____D () C:\Users\Newton\Documents\Visual Studio 2013
    2014-11-11 12:25 - 2014-11-11 12:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
    2014-11-11 11:56 - 2014-11-11 11:56 - 00000000 ____D () C:\ProgramData\NuGet
    2014-11-11 11:56 - 2014-11-11 11:56 - 00000000 ____D () C:\Program Files (x86)\NuGet
    2014-11-11 11:21 - 2014-11-11 11:24 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
    2014-11-11 11:21 - 2014-11-11 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
    2014-11-11 11:15 - 2014-11-11 12:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
    2014-11-11 11:15 - 2014-11-11 11:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
    2014-11-11 11:10 - 2014-11-11 11:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
    2014-11-11 11:10 - 2014-11-11 11:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
    2014-11-11 11:10 - 2014-11-11 11:10 - 00000000 ____D () C:\Windows\SysWOW64\1033
    2014-11-11 11:10 - 2014-11-11 11:10 - 00000000 ____D () C:\Windows\system32\1033
    2014-11-11 11:06 - 2014-11-11 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
    2014-11-11 11:06 - 2014-11-11 11:06 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
    2014-11-11 11:04 - 2014-11-11 12:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
    2014-11-11 10:53 - 2014-11-11 10:53 - 01158344 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\wdexpress_full.exe
    2014-11-11 10:48 - 2014-11-11 10:48 - 01831488 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\VS2013.3.exe
    2014-11-11 10:45 - 2014-11-11 10:46 - 05718872 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\vcredist_x64(2).exe
    2014-11-11 10:45 - 2014-11-11 10:46 - 05073240 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\vcredist_x86(1).exe
    2014-11-11 10:45 - 2014-11-11 10:45 - 07188536 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\vcredist_x64(1).exe
    2014-11-11 10:45 - 2014-11-11 10:45 - 06498200 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\vcredist_x86.exe
    2014-11-11 10:45 - 2014-11-11 10:45 - 01415888 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\vcredist_arm.exe
    2014-11-11 10:44 - 2012-03-08 18:40 - 00048488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
    2014-11-11 10:29 - 2014-11-12 03:01 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-11-11 10:28 - 2014-11-11 10:28 - 07186992 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\vcredist_x64.exe
    2014-11-11 10:25 - 2014-11-11 10:25 - 00000000 ____D () C:\Windows\en
    2014-11-11 10:24 - 2014-11-11 10:44 - 00000000 ____D () C:\Program Files\Windows Live
    2014-11-11 10:24 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
    2014-11-11 10:24 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
    2014-11-10 20:11 - 2014-11-10 20:54 - 225431912 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\wlsetup-all.exe
    2014-11-10 20:06 - 2014-11-10 20:07 - 01239752 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\wlsetup-web.exe
    2014-11-10 12:13 - 2014-11-10 12:13 - 00000000 __SHD () C:\Users\Newton\AppData\Local\EmieUserList
    2014-11-10 12:13 - 2014-11-10 12:13 - 00000000 __SHD () C:\Users\Newton\AppData\Local\EmieSiteList
    2014-11-10 11:27 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2014-11-10 11:27 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2014-11-10 11:27 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2014-11-10 11:27 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2014-11-10 11:27 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2014-11-10 11:27 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2014-11-10 11:27 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
    2014-11-10 11:27 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2014-11-10 11:26 - 2014-11-11 10:42 - 00001069 _____ () C:\Windows\DirectX.log
    2014-11-10 11:26 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2014-11-10 11:26 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2014-11-10 11:26 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2014-11-10 11:26 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2014-11-10 11:25 - 2014-11-10 11:25 - 00002176 _____ () C:\Users\Adele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-11-10 11:25 - 2014-11-10 11:25 - 00002102 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-11-10 11:25 - 2014-11-10 11:25 - 00002102 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-11-10 11:25 - 2014-11-10 11:25 - 00000000 ___RD () C:\Users\Adele\OneDrive
    2014-11-10 11:25 - 2014-11-10 11:25 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
    2014-11-10 11:25 - 2014-11-10 11:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
    2014-11-10 11:23 - 2014-11-11 14:01 - 00000000 ____D () C:\Users\Newton\AppData\Local\Windows Live
    2014-11-10 11:22 - 2014-11-10 11:22 - 01239752 _____ (Microsoft Corporation) C:\Users\Adele\Downloads\wlsetup-web(1).exe
    2014-11-10 11:10 - 2014-11-10 11:10 - 01239752 _____ (Microsoft Corporation) C:\Users\Adele\Downloads\wlsetup-web.exe
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-08 20:42 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-08 20:42 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-08 20:41 - 2009-07-14 05:10 - 01469386 _____ () C:\Windows\WindowsUpdate.log
    2014-12-08 20:36 - 2011-01-05 19:25 - 00001232 __RSH () C:\Users\Adele\ntuser.pol
    2014-12-08 20:36 - 2011-01-05 13:41 - 00000000 ____D () C:\Users\Adele
    2014-12-08 20:34 - 2013-11-30 10:18 - 00016476 _____ () C:\Windows\setupact.log
    2014-12-08 20:34 - 2010-12-28 21:59 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-12-08 20:34 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-08 20:33 - 2011-10-08 18:39 - 00000000 ____D () C:\Users\Adele\Documents\Outlook Files
    2014-12-08 10:45 - 2013-11-29 10:47 - 00000396 _____ () C:\Windows\Tasks\SpyHunter4.job
    2014-12-08 10:24 - 2011-09-17 18:31 - 00000632 __RSH () C:\Users\Newton\ntuser.pol
    2014-12-08 10:24 - 2011-01-05 19:32 - 00000000 ____D () C:\Users\Newton\AppData\Local\SoftThinks
    2014-12-08 10:24 - 2011-01-05 19:32 - 00000000 ____D () C:\Users\Newton
    2014-12-08 10:24 - 2011-01-05 13:47 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
    2014-12-08 10:24 - 2010-12-28 13:16 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
    2014-12-08 10:21 - 2012-01-16 20:18 - 00000000 ____D () C:\Users\Newton\AppData\Roaming\WinRAR
    2014-12-08 09:50 - 2013-11-30 10:18 - 00225974 _____ () C:\Windows\PFRO.log
    2014-12-08 09:41 - 2011-01-05 19:31 - 00000000 ____D () C:\Users\Frey
    2014-12-08 09:24 - 2011-09-17 18:32 - 00133352 _____ () C:\Users\Newton\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-27 20:33 - 2014-09-19 11:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-11-27 20:13 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\TAPI
    2014-11-27 19:55 - 2013-06-13 19:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-27 19:55 - 2009-07-14 05:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-27 10:30 - 2014-09-19 11:31 - 00000000 ____D () C:\Program Files\Google
    2014-11-27 10:30 - 2014-09-19 11:27 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-11-26 20:03 - 2014-09-19 11:27 - 00000000 ____D () C:\Users\Newton\AppData\Local\Google
    2014-11-26 19:53 - 2013-05-09 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-15 20:54 - 2011-01-05 13:42 - 00133352 _____ () C:\Users\Adele\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-15 20:53 - 2011-06-08 18:56 - 00000000 ____D () C:\Users\Adele\AppData\Local\Windows Live
    2014-11-13 04:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
    2014-11-13 03:27 - 2009-07-14 04:45 - 00493384 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-13 03:25 - 2014-05-09 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-11-13 03:10 - 2011-07-03 19:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-13 03:06 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-13 03:02 - 2013-05-08 19:05 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-11-11 11:54 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-11-11 11:15 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
    2014-11-11 11:06 - 2010-12-28 13:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-11-11 10:44 - 2010-12-28 13:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    2014-11-11 10:44 - 2010-12-28 13:23 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2014-11-11 10:25 - 2010-12-28 13:24 - 00001376 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    2014-11-11 10:25 - 2010-12-28 13:24 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    2014-11-11 10:24 - 2010-12-28 13:24 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2014-11-11 10:24 - 2010-12-28 13:23 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    2014-11-10 12:13 - 2011-09-17 18:32 - 00001415 _____ () C:\Users\Newton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    ZeroAccess:
    C:\Users\Adele\AppData\Local\Google\Desktop\Install
     
    Files to move or delete:
    ====================
    C:\ProgramData\viw7l.reg
     
     
    Some content of TEMP:
    ====================
    C:\Users\Newton\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Newton\AppData\Local\Temp\procexp64.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.
     
    ==================== End Of Log ============================

    Attached Files


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    You need to log out of Adele and log back in as Newton so that you have admin power.  Then:

     

     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.  COPY AND PASTE DO NOT ATTACH!
     
    After this we will try and fix your task scheduler.
     
     

    • 0

    #8
    adelehirst

    adelehirst

      Member

    • Topic Starter
    • Member
    • PipPip
    • 13 posts

    Fixlog -:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2014
    Ran by Newton at 2014-12-09 10:24:09 Run:1
    Running from C:\Users\Adele\Desktop
    Loaded Profiles: Newton & Frey & UpdatusUser (Available profiles: Adele & Newton & Frey & UpdatusUser)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    ProxyServer: localhost:21320
    BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
    BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Toolbar: HKCU - No Name - {8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} -  No File
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
    S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-07-04] ()
    S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [x]
    S3 hpqwmiex;
    C:\ProgramData\PKP_DLeo.DAT
    C:\ProgramData\PKP_DLes.DAT
    C:\ProgramData\PKP_DLet.DAT
    C:\ProgramData\PKP_DLev.DAT
    C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
    Task: {3E61AE64-0809-4D19-91FC-E89602101DDD} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-10-15] (IObit)
    Task: {43906D32-72F8-4EB9-84FD-22471AA0884A} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-11-04] (IObit)
    Task: {496F03FD-5FFF-4E1B-9D8D-DFD96131FAFE} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-11-08] (IObit)
    Task: {6B026375-BCB7-498B-ACA9-EBD05EEF8CC6} - \BackgroundContainer Startup Task No Task File
    Task: {77D02D23-2882-4103-A493-8B4BB916D478} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\Autoupdate.exe [2013-06-20] ()
    Task: {F8781616-5534-4F40-A524-9D3E273A72BB} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-11-01] (IObit)
    Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

    *****************

    HKU\ProxyServer: localhost:21320\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)" => Key not found.
    "HKCR\CLSID\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)" => Key not found.
    "HKCR\Wow6432Node\CLSID\BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)" => Key not found.
    \\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
    "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
    \\{8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} => Value not found.
    "HKCR\CLSID\{8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2}" => Key not found.
    LiveUpdateSvc => Service not found.
    WinRing0_1_2_0 => Service not found.
    SmartDefragDriver => Service not found.
    HOSTS Anti-PUPs => Service not found.
    hpqwmiex => Service not found.
    "C:\ProgramData\PKP_DLeo.DAT" => File/Directory not found.
    "C:\ProgramData\PKP_DLes.DAT" => File/Directory not found.
    "C:\ProgramData\PKP_DLet.DAT" => File/Directory not found.
    "C:\ProgramData\PKP_DLev.DAT" => File/Directory not found.
    "C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E61AE64-0809-4D19-91FC-E89602101DDD}" => Key not found.
    C:\Windows\System32\Tasks\SmartDefrag_Startup not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43906D32-72F8-4EB9-84FD-22471AA0884A}" => Key not found.
    C:\Windows\System32\Tasks\Driver Booster Update not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{496F03FD-5FFF-4E1B-9D8D-DFD96131FAFE}" => Key not found.
    C:\Windows\System32\Tasks\Driver Booster Scan not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B026375-BCB7-498B-ACA9-EBD05EEF8CC6}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77D02D23-2882-4103-A493-8B4BB916D478}" => Key not found.
    C:\Windows\System32\Tasks\Game_Booster_AutoUpdate not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8781616-5534-4F40-A524-9D3E273A72BB}" => Key not found.
    C:\Windows\System32\Tasks\SmartDefragUpdate not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefragUpdate" => Key not found.
    C:\Windows\Tasks\Driver Booster Update.job not found.

    ==== End of Fixlog ====


    • 0

    #9
    adelehirst

    adelehirst

      Member

    • Topic Starter
    • Member
    • PipPip
    • 13 posts

    FRST.txt -:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2014
    Ran by Newton (administrator) on NEWTON on 09-12-2014 10:25:30
    Running from C:\Users\Adele\Desktop
    Loaded Profiles: Newton & Frey & UpdatusUser (Available profiles: Adele & Newton & Frey & UpdatusUser)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-07] (Realtek Semiconductor)
    HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
    HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-27] (AVAST Software)
    HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
    HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [161088 2010-07-21] ()
    HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-11] ()
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-4244251359-3273506151-932239939-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-21-4244251359-3273506151-932239939-1003\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-4244251359-3273506151-932239939-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-4244251359-3273506151-932239939-1004\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-4244251359-3273506151-932239939-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-19] (Microsoft Corporation)
    Startup: C:\Users\Adele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Adele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Adele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Frey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    GroupPolicyUsers\S-1-5-21-4244251359-3273506151-932239939-1006\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-4244251359-3273506151-932239939-1004\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-4244251359-3273506151-932239939-1001\User: Group Policy restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-4244251359-3273506151-932239939-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-4244251359-3273506151-932239939-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
    HKU\S-1-5-21-4244251359-3273506151-932239939-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
    HKU\S-1-5-21-4244251359-3273506151-932239939-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
    URLSearchHook: HKU\S-1-5-21-4244251359-3273506151-932239939-1003 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    SearchScopes: HKLM -> DefaultScope {42222B51-E31E-414C-A5D3-9008172B5B8F} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {42222B51-E31E-414C-A5D3-9008172B5B8F} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {44C38246-F706-4601-80F4-697D7BA309E4} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {44C38246-F706-4601-80F4-697D7BA309E4} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-4244251359-3273506151-932239939-1003 -> {44C38246-F706-4601-80F4-697D7BA309E4} URL =
    BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} ->  No File
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} ->  No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    DPF: HKLM-x32 {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20110519041506
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Newton\AppData\Roaming\Mozilla\Firefox\Profiles\oawriyoj.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-19]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-27] (Avast Software)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
    S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-27] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-27] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-27] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-27] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-27] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-27] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-27] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-27] ()
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-08] (Malwarebytes Corporation)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-27] (Avast Software)
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-08 20:44 - 2014-12-09 10:25 - 00021418 _____ () C:\Users\Adele\Desktop\FRST.txt
    2014-12-08 20:44 - 2014-12-08 20:44 - 00020241 _____ () C:\Users\Adele\Desktop\Addition.txt
    2014-12-08 20:43 - 2014-12-09 10:25 - 00000000 ____D () C:\FRST
    2014-12-08 20:43 - 2014-12-08 20:43 - 02119680 _____ (Farbar) C:\Users\Adele\Desktop\FRST64.exe
    2014-12-08 20:36 - 2014-12-08 20:37 - 00000197 _____ () C:\Windows\system32\2014-12-08-20-36-58.079-AvastVBoxSVC.exe-3372.log
    2014-12-08 10:28 - 2014-12-08 10:28 - 00002198 _____ () C:\Users\Newton\Desktop\VEW.txt
    2014-12-08 10:27 - 2014-12-08 10:27 - 00002198 _____ () C:\VEW.txt
    2014-12-08 10:26 - 2014-12-08 10:26 - 00061440 _____ ( ) C:\Users\Newton\Desktop\VEW.exe
    2014-12-08 10:24 - 2014-12-08 10:24 - 00000197 _____ () C:\Windows\system32\2014-12-08-10-24-00.050-AvastVBoxSVC.exe-3516.log
    2014-12-08 10:21 - 2014-12-08 10:21 - 00000926 _____ () C:\Users\Newton\Desktop\disable_publisher_not_verified.zip
    2014-12-08 10:03 - 2014-12-08 09:28 - 00008042 _____ () C:\Users\Newton\Desktop\Procexp.txt
    2014-12-08 10:01 - 2014-12-08 10:01 - 00010522 _____ () C:\Users\Newton\Desktop\aswBoot.txt
    2014-12-08 09:54 - 2014-12-08 09:54 - 00000197 _____ () C:\Windows\system32\2014-12-08-09-54-00.064-AvastVBoxSVC.exe-3472.log
    2014-12-08 09:49 - 2014-12-08 09:49 - 00001393 _____ () C:\Users\Newton\Desktop\stuff.txt
    2014-12-08 09:41 - 2014-12-08 09:42 - 00361275 _____ () C:\Users\Newton\Desktop\NEWTON.txt
    2014-12-08 09:36 - 2014-12-08 09:37 - 04890736 _____ (Piriform Ltd) C:\Users\Newton\Desktop\spsetup126.exe
    2014-12-08 09:29 - 2014-12-08 09:29 - 00000000 __SHD () C:\Users\Newton\AppData\Local\EmieBrowserModeList
    2014-12-08 09:28 - 2014-12-08 09:28 - 00008042 _____ () C:\Users\Adele\Desktop\Procexp.txt
    2014-12-08 09:26 - 2014-12-08 09:26 - 00000000 ____D () C:\Users\Newton\AppData\Roaming\Macrovision
    2014-12-08 09:25 - 2014-12-08 09:25 - 00000000 ____D () C:\Users\Newton\AppData\Roaming\Roxio Burn
    2014-12-08 09:21 - 2014-12-08 09:21 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Adele\Desktop\procexp.exe
    2014-12-06 21:21 - 2014-12-06 21:21 - 00000197 _____ () C:\Windows\system32\2014-12-06-21-21-05.081-AvastVBoxSVC.exe-3600.log
    2014-12-06 21:12 - 2014-12-06 21:13 - 03480040 _____ (McAfee, Inc.) C:\Users\Adele\Desktop\MCPR.exe
    2014-12-02 10:21 - 2014-12-02 10:21 - 00091256 _____ () C:\Users\Adele\Desktop\Extras.Txt
    2014-12-02 10:20 - 2014-12-02 11:20 - 00116204 _____ () C:\Users\Adele\Desktop\OTL.Txt
    2014-12-02 10:11 - 2014-12-02 10:11 - 00602112 _____ (OldTimer Tools) C:\Users\Adele\Desktop\OTL.exe
    2014-11-29 12:59 - 2014-11-29 12:59 - 00000197 _____ () C:\Windows\system32\2014-11-29-12-59-57.047-AvastVBoxSVC.exe-3672.log
    2014-11-27 21:43 - 2014-11-27 21:43 - 00000247 _____ () C:\Windows\system32\2014-11-27-21-43-27.014-aswFe.exe-656.log
    2014-11-27 21:39 - 2014-11-27 21:43 - 00000247 _____ () C:\Windows\system32\2014-11-27-21-39-15.047-aswFe.exe-4092.log
    2014-11-27 21:39 - 2014-11-27 21:39 - 00000197 _____ () C:\Windows\system32\2014-11-27-21-39-11.033-AvastVBoxSVC.exe-2400.log
    2014-11-27 20:39 - 2014-11-27 20:57 - 00000000 ____D () C:\Windows\system32\vbox
    2014-11-27 20:39 - 2014-11-27 20:56 - 00000000 ____D () C:\Windows\SysWOW64\vbox
    2014-11-27 20:33 - 2014-11-27 20:33 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2014-11-27 20:32 - 2014-11-27 20:32 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-11-27 20:32 - 2014-11-27 20:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-11-27 19:56 - 2014-12-08 10:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-27 19:55 - 2014-12-08 09:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-27 19:55 - 2014-11-27 19:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-27 19:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-27 19:55 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-27 19:55 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-27 19:53 - 2014-11-27 19:55 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Adele\Desktop\mbam-setup-2.0.3.1025.exe
    2014-11-21 10:47 - 2014-11-21 10:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-18 20:25 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-18 20:25 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-11-18 20:25 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-11-18 20:25 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2014-11-16 09:34 - 2014-11-16 09:34 - 00000000 __SHD () C:\Users\Adele\AppData\Local\EmieBrowserModeList
    2014-11-12 10:46 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-11-12 10:46 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-11-12 10:46 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-12 10:46 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-12 10:46 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-11-12 10:46 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-11-12 10:46 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-12 10:46 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-11-12 10:46 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-11-12 10:46 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-12 10:46 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-12 10:46 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-11-12 10:46 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-12 10:46 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-12 10:46 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-11-12 10:46 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-11-12 10:46 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-11-12 10:46 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-12 10:46 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-11-12 10:46 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-12 10:46 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-11-12 10:46 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-11-12 10:46 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-11-12 10:46 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-11-12 10:46 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-11-12 10:46 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-11-12 10:46 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-11-12 10:46 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-11-12 10:46 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-11-12 10:46 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-11-12 10:46 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-11-12 10:46 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-12 10:46 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-11-12 10:46 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-11-12 10:46 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-12 10:46 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-11-12 10:46 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-12 10:46 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-12 10:46 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-11-12 10:46 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-11-12 10:46 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-12 10:46 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-11-12 10:46 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-11-12 10:46 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-11-12 10:46 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-12 10:46 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-11-12 10:46 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-11-12 10:46 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-11-12 10:46 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-11-12 10:46 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-12 10:46 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-12 10:46 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-11-12 10:46 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-11-12 10:46 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-11-12 10:46 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-11-12 10:46 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-11-12 10:45 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-11-12 10:45 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-11-12 10:45 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-11-12 10:45 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-12 10:45 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-12 10:45 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-12 10:45 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-12 10:45 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-12 10:45 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-11-12 10:45 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-11-12 10:45 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2014-11-12 10:45 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2014-11-12 10:40 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-12 10:40 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-11-12 10:40 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-12 10:40 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-11-12 10:40 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-12 10:40 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-12 10:40 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-12 10:40 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-12 10:40 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-12 10:40 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-12 10:40 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-11-12 10:40 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-11-12 10:40 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-11-12 10:40 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-12 10:40 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-12 10:40 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-12 10:40 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-12 10:40 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-12 10:40 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-12 10:40 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-11-12 10:40 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-11-12 10:40 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-11-12 10:40 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-11-12 10:40 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-11-12 10:40 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-11-12 10:40 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-12 10:40 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-12 10:40 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-11-12 10:40 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-11-12 10:40 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-12 10:40 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2014-11-12 10:39 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-12 10:39 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-11-12 03:02 - 2014-11-12 03:03 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2013
    2014-11-12 03:02 - 2014-11-12 03:03 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2013
    2014-11-11 12:29 - 2014-11-11 12:29 - 00000000 ____D () C:\Users\Newton\Documents\Visual Studio 2013
    2014-11-11 12:25 - 2014-11-11 12:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
    2014-11-11 11:56 - 2014-11-11 11:56 - 00000000 ____D () C:\ProgramData\NuGet
    2014-11-11 11:56 - 2014-11-11 11:56 - 00000000 ____D () C:\Program Files (x86)\NuGet
    2014-11-11 11:21 - 2014-11-11 11:24 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
    2014-11-11 11:21 - 2014-11-11 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
    2014-11-11 11:15 - 2014-11-11 12:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
    2014-11-11 11:15 - 2014-11-11 11:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
    2014-11-11 11:10 - 2014-11-11 11:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
    2014-11-11 11:10 - 2014-11-11 11:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
    2014-11-11 11:10 - 2014-11-11 11:10 - 00000000 ____D () C:\Windows\SysWOW64\1033
    2014-11-11 11:10 - 2014-11-11 11:10 - 00000000 ____D () C:\Windows\system32\1033
    2014-11-11 11:06 - 2014-11-11 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
    2014-11-11 11:06 - 2014-11-11 11:06 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
    2014-11-11 11:04 - 2014-11-11 12:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
    2014-11-11 10:53 - 2014-11-11 10:53 - 01158344 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\wdexpress_full.exe
    2014-11-11 10:48 - 2014-11-11 10:48 - 01831488 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\VS2013.3.exe
    2014-11-11 10:45 - 2014-11-11 10:46 - 05718872 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\vcredist_x64(2).exe
    2014-11-11 10:45 - 2014-11-11 10:46 - 05073240 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\vcredist_x86(1).exe
    2014-11-11 10:45 - 2014-11-11 10:45 - 07188536 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\vcredist_x64(1).exe
    2014-11-11 10:45 - 2014-11-11 10:45 - 06498200 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\vcredist_x86.exe
    2014-11-11 10:45 - 2014-11-11 10:45 - 01415888 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\vcredist_arm.exe
    2014-11-11 10:44 - 2012-03-08 18:40 - 00048488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
    2014-11-11 10:29 - 2014-11-12 03:01 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-11-11 10:28 - 2014-11-11 10:28 - 07186992 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\vcredist_x64.exe
    2014-11-11 10:25 - 2014-11-11 10:25 - 00000000 ____D () C:\Windows\en
    2014-11-11 10:24 - 2014-11-11 10:44 - 00000000 ____D () C:\Program Files\Windows Live
    2014-11-11 10:24 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
    2014-11-11 10:24 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
    2014-11-10 20:11 - 2014-11-10 20:54 - 225431912 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\wlsetup-all.exe
    2014-11-10 20:06 - 2014-11-10 20:07 - 01239752 _____ (Microsoft Corporation) C:\Users\Newton\Downloads\wlsetup-web.exe
    2014-11-10 12:13 - 2014-11-10 12:13 - 00000000 __SHD () C:\Users\Newton\AppData\Local\EmieUserList
    2014-11-10 12:13 - 2014-11-10 12:13 - 00000000 __SHD () C:\Users\Newton\AppData\Local\EmieSiteList
    2014-11-10 11:27 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2014-11-10 11:27 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2014-11-10 11:27 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2014-11-10 11:27 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2014-11-10 11:27 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2014-11-10 11:27 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2014-11-10 11:27 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
    2014-11-10 11:27 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2014-11-10 11:26 - 2014-11-11 10:42 - 00001069 _____ () C:\Windows\DirectX.log
    2014-11-10 11:26 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2014-11-10 11:26 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2014-11-10 11:26 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2014-11-10 11:26 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2014-11-10 11:25 - 2014-11-10 11:25 - 00002176 _____ () C:\Users\Adele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-11-10 11:25 - 2014-11-10 11:25 - 00002102 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-11-10 11:25 - 2014-11-10 11:25 - 00002102 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2014-11-10 11:25 - 2014-11-10 11:25 - 00000000 ___RD () C:\Users\Adele\OneDrive
    2014-11-10 11:25 - 2014-11-10 11:25 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
    2014-11-10 11:25 - 2014-11-10 11:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
    2014-11-10 11:23 - 2014-11-11 14:01 - 00000000 ____D () C:\Users\Newton\AppData\Local\Windows Live
    2014-11-10 11:22 - 2014-11-10 11:22 - 01239752 _____ (Microsoft Corporation) C:\Users\Adele\Downloads\wlsetup-web(1).exe
    2014-11-10 11:10 - 2014-11-10 11:10 - 01239752 _____ (Microsoft Corporation) C:\Users\Adele\Downloads\wlsetup-web.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-09 10:23 - 2014-09-19 11:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-12-09 10:21 - 2011-10-08 18:39 - 00000000 ____D () C:\Users\Adele\Documents\Outlook Files
    2014-12-09 10:21 - 2011-09-17 18:31 - 00000632 __RSH () C:\Users\Newton\ntuser.pol
    2014-12-09 10:21 - 2011-01-05 19:32 - 00000000 ____D () C:\Users\Newton\AppData\Local\SoftThinks
    2014-12-09 10:21 - 2011-01-05 19:32 - 00000000 ____D () C:\Users\Newton
    2014-12-09 10:21 - 2011-01-05 13:47 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
    2014-12-09 10:21 - 2010-12-28 13:16 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
    2014-12-09 10:21 - 2009-07-14 05:10 - 01496027 _____ () C:\Windows\WindowsUpdate.log
    2014-12-08 20:42 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-08 20:42 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-08 20:36 - 2011-01-05 19:25 - 00001232 __RSH () C:\Users\Adele\ntuser.pol
    2014-12-08 20:36 - 2011-01-05 13:41 - 00000000 ____D () C:\Users\Adele
    2014-12-08 20:34 - 2013-11-30 10:18 - 00016476 _____ () C:\Windows\setupact.log
    2014-12-08 20:34 - 2010-12-28 21:59 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-12-08 20:34 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-08 10:45 - 2013-11-29 10:47 - 00000396 _____ () C:\Windows\Tasks\SpyHunter4.job
    2014-12-08 10:21 - 2012-01-16 20:18 - 00000000 ____D () C:\Users\Newton\AppData\Roaming\WinRAR
    2014-12-08 09:50 - 2013-11-30 10:18 - 00225974 _____ () C:\Windows\PFRO.log
    2014-12-08 09:41 - 2011-01-05 19:31 - 00000000 ____D () C:\Users\Frey
    2014-12-08 09:24 - 2011-09-17 18:32 - 00133352 _____ () C:\Users\Newton\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-27 20:33 - 2014-09-19 11:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-11-27 20:32 - 2014-09-19 11:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-11-27 20:13 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\TAPI
    2014-11-27 19:55 - 2013-06-13 19:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-27 19:55 - 2009-07-14 05:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-27 10:30 - 2014-09-19 11:31 - 00000000 ____D () C:\Program Files\Google
    2014-11-27 10:30 - 2014-09-19 11:27 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-11-26 20:03 - 2014-09-19 11:27 - 00000000 ____D () C:\Users\Newton\AppData\Local\Google
    2014-11-26 19:53 - 2013-05-09 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-15 20:54 - 2011-01-05 13:42 - 00133352 _____ () C:\Users\Adele\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-15 20:53 - 2011-06-08 18:56 - 00000000 ____D () C:\Users\Adele\AppData\Local\Windows Live
    2014-11-13 04:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
    2014-11-13 03:27 - 2009-07-14 04:45 - 00493384 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-13 03:25 - 2014-05-09 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-11-13 03:10 - 2011-07-03 19:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-13 03:06 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-13 03:02 - 2013-05-08 19:05 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-11-11 11:54 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-11-11 11:15 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
    2014-11-11 11:06 - 2010-12-28 13:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-11-11 10:44 - 2010-12-28 13:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    2014-11-11 10:44 - 2010-12-28 13:23 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2014-11-11 10:25 - 2010-12-28 13:24 - 00001376 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    2014-11-11 10:25 - 2010-12-28 13:24 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    2014-11-11 10:24 - 2010-12-28 13:24 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2014-11-11 10:24 - 2010-12-28 13:23 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    2014-11-10 12:13 - 2011-09-17 18:32 - 00001415 _____ () C:\Users\Newton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    ZeroAccess:
    C:\Users\Adele\AppData\Local\Google\Desktop\Install

    Files to move or delete:
    ====================
    C:\ProgramData\viw7l.reg

    Some content of TEMP:
    ====================
    C:\Users\Newton\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Newton\AppData\Local\Temp\procexp64.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2013-06-08 10:19

    ==================== End Of Log ============================


    • 0

    #10
    adelehirst

    adelehirst

      Member

    • Topic Starter
    • Member
    • PipPip
    • 13 posts

    Addition.txt

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2014
    Ran by Newton at 2014-12-09 10:25:48
    Running from C:\Users\Adele\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
    Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
    Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Build Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
    Build Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    Build Tools Language Resources - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
    Build Tools Language Resources - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
    Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
    Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
    DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
    Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
    Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
    Microsoft Visio Standard 2002 [English] (HKLM-x32\...\{90530409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 3 (HKLM-x32\...\{1ef771b4-b774-439e-a015-23dec292d9a4}) (Version: 12.0.30723.0 - Microsoft Corporation)
    Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
    Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
    NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
    NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
    NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
    NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
    PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
    Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Python Tools Redirection Template (x32 Version: 1.0 - Microsoft Corporation) Hidden
    Rapport (x32 Version: 3.5.1307.109 - Trusteer) Hidden
    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
    Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
    Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
    Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
    TypeScript Power Tool (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
    TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
    Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft Corporation)
    VS Update core components (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
    WinRAR 4.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points  =========================

    11-11-2014 10:42:47 Installed DirectX
    11-11-2014 10:43:49 WLSetup
    11-11-2014 10:46:18 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    11-11-2014 10:50:01 Removed Visual Studio 2010 x64 Redistributables
    11-11-2014 10:53:54 Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 3
    12-11-2014 03:00:21 Windows Update
    13-11-2014 03:00:34 Windows Update
    18-11-2014 12:40:55 Windows Update
    19-11-2014 03:00:12 Windows Update
    25-11-2014 12:01:28 avast! antivirus system restore point
    25-11-2014 12:43:03 Windows Update
    27-11-2014 20:18:15 avast! antivirus system restore point
    28-11-2014 13:50:24 Windows Update
    02-12-2014 10:48:53 Windows Update
    05-12-2014 18:45:01 Windows Update
    06-12-2014 21:09:29 Removed Java 7 Update 45
    06-12-2014 21:11:00 Removed Java™ 6 Update 22 (64-bit)
    08-12-2014 09:24:21 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {152AEC2D-3711-42B4-9C9B-C8CBFD2F2BA1} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    Task: {20C1908A-8EE4-4FC2-A603-71A44FB059F3} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
    Task: {29B60F45-78D0-4DF7-9E16-888CE01E439C} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-08-05] ()
    Task: {3A3EDBF1-65E8-4A87-A34E-C79908599D10} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
    Task: {53B42C95-142C-4744-B062-5C57BD7A95E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
    Task: {5C367FF4-CFEF-47B4-8463-C7AC04BE1C5A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-27] (AVAST Software)
    Task: {5DDB9E7D-F4A3-402E-A11D-5A0736A658C2} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-08-05] (PC-Doctor, Inc.)
    Task: {6C335548-49D0-4128-9378-8F09AA541D0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-06] (Adobe Systems Incorporated)
    Task: {B1501375-1DA1-44A9-829D-87C30D1AB01A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-05] (PC-Doctor, Inc.)
    Task: {CA92FD1D-9531-4421-B709-05D6A4A1B377} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
    Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
    Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-11-27 20:32 - 2014-11-27 20:32 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-11-27 20:32 - 2014-11-27 20:32 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2013-11-29 11:02 - 2013-08-09 20:07 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2010-12-28 13:16 - 2010-08-11 17:19 - 00781536 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    2010-12-28 13:16 - 2010-07-21 09:35 - 00161088 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    2010-09-03 00:28 - 2010-09-03 00:28 - 00518640 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    2010-09-03 00:29 - 2010-09-03 00:29 - 01411568 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
    2014-12-08 20:31 - 2014-12-08 20:31 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120801\algo.dll
    2014-11-27 20:32 - 2014-11-27 20:32 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2010-12-28 13:16 - 2010-08-11 17:19 - 00056544 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
    2010-12-28 13:16 - 2010-08-11 17:19 - 00113888 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
    2010-12-28 13:16 - 2010-08-11 17:19 - 00126176 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
    2010-12-28 13:15 - 2009-10-02 12:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
    2010-12-28 13:16 - 2010-08-11 17:19 - 01121504 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
    2010-12-28 13:16 - 2010-08-11 17:19 - 00077024 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
    2010-12-28 13:16 - 2010-08-11 17:19 - 00232672 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
    2010-12-28 13:16 - 2010-08-11 17:19 - 00072928 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
    2010-12-28 13:16 - 2010-08-11 17:19 - 00109792 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
    2010-12-28 13:16 - 2010-08-11 17:19 - 00119008 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
    2010-12-28 13:16 - 2010-08-11 17:19 - 00023776 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
    2010-12-28 13:16 - 2010-08-11 17:19 - 00023776 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
    2010-08-30 02:34 - 2010-08-30 02:34 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
    2014-11-27 20:32 - 2014-11-27 20:32 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2010-09-03 00:28 - 2010-09-03 00:28 - 00645616 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Adele\Documents\crib1.jpg:Q30lsldxJoudresxAaaqpcawXc
    AlternateDataStreams: C:\Users\Adele\Documents\crib1.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\Newton\Downloads\109-0961_IMG.JPG:Q30lsldxJoudresxAaaqpcawXc
    AlternateDataStreams: C:\Users\Newton\Downloads\109-0961_IMG.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\Newton\Downloads\Adams 20th - table group.JPG:Q30lsldxJoudresxAaaqpcawXc
    AlternateDataStreams: C:\Users\Newton\Downloads\Adams 20th - table group.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\Newton\Downloads\My 20th - House Group.JPG:Q30lsldxJoudresxAaaqpcawXc
    AlternateDataStreams: C:\Users\Newton\Downloads\My 20th - House Group.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\Newton\Downloads\Vic_Taz_Will_Anna_Me_Jules-End_uni.JPG:Q30lsldxJoudresxAaaqpcawXc
    AlternateDataStreams: C:\Users\Newton\Downloads\Vic_Taz_Will_Anna_Me_Jules-End_uni.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Newton^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
    MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
    MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
    MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

    ========================= Accounts: ==========================

    Adele (S-1-5-21-4244251359-3273506151-932239939-1001 - Limited - Enabled) => C:\Users\Adele
    Administrator (S-1-5-21-4244251359-3273506151-932239939-500 - Administrator - Disabled)
    Frey (S-1-5-21-4244251359-3273506151-932239939-1004 - Limited - Enabled) => C:\Users\Frey
    Guest (S-1-5-21-4244251359-3273506151-932239939-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4244251359-3273506151-932239939-1002 - Limited - Enabled)
    Newton (S-1-5-21-4244251359-3273506151-932239939-1003 - Administrator - Enabled) => C:\Users\Newton
    UpdatusUser (S-1-5-21-4244251359-3273506151-932239939-1006 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (12/08/2014 08:34:16 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Error: (12/08/2014 08:31:03 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

    Error: (12/08/2014 10:24:16 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
    Description: Unexpected failure. Error code: D@01010004

    Error: (12/08/2014 10:24:10 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
    Description: Unexpected failure. Error code: D@01010004

    Error: (12/08/2014 10:23:16 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Error: (12/08/2014 09:51:06 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel® Core™ i7 CPU 870 @ 2.93GHz
    Percentage of memory in use: 26%
    Total physical RAM: 8151.08 MB
    Available physical RAM: 6006.81 MB
    Total Pagefile: 16300.34 MB
    Available Pagefile: 13789.98 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:919.15 GB) (Free:725.18 GB) NTFS
    Drive i: (USB) (Removable) (Total:0.96 GB) (Free:0.27 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 58000000)
    Partition 1: (Not Active) - (Size=118 MB) - (Type=DE)
    Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=919.1 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (Size: 980 MB) (Disk ID: EB5BC5ED)
    Partition 1: (Not Active) - (Size=979 MB) - (Type=06)

    ==================== End Of Log ============================


    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    FRST says it found something that looks like a Zero Access infection so we had better run Combofix

     

    ComboFix
     
    :!: It must be saved to your desktop, do not run it from your browser:!:
     
    :!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
     
     
    Download and Save this file --  to your Desktop -- from either of these two sources:
     
    Double click on ComboFix to start the program.  
     
     
     
        * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
        
        
        * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
     
    A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
     
    A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
     
     
     
    Let's see if you get an error when you try to access task scheduler.  In the search box type:
     
    task and wait.  Task scheduler should show up.  Right click on it and Run As Admin.  Does it come up?  Click on Task Scheduler Library and look in the right pane.  You should see a list of tasks and after each one should be Ready.

    • 0

    #12
    adelehirst

    adelehirst

      Member

    • Topic Starter
    • Member
    • PipPip
    • 13 posts

    combofix.txt -:

     

    ComboFix 14-12-10.03 - Newton 10/12/2014  19:11:30.1.8 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8151.6356 [GMT 0:00]
    Running from: c:\users\Adele\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-11-10 to 2014-12-10  )))))))))))))))))))))))))))))))
    .
    .
    2014-12-09 08:24 . 2014-12-09 08:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C221116-40F6-4877-821C-308BF0370564}\offreg.dll
    2014-12-09 08:23 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C221116-40F6-4877-821C-308BF0370564}\mpengine.dll
    2014-12-08 20:43 . 2014-12-09 10:26 -------- d-----w- C:\FRST
    2014-12-08 09:29 . 2014-12-08 09:29 -------- d-sh--w- c:\users\Newton\AppData\Local\EmieBrowserModeList
    2014-12-08 09:26 . 2014-12-08 09:26 -------- d-----w- c:\users\Newton\AppData\Roaming\Macrovision
    2014-12-08 09:25 . 2014-12-08 09:25 -------- d-----w- c:\users\Newton\AppData\Roaming\Roxio Burn
    2014-11-27 20:39 . 2014-11-27 20:57 -------- d-----w- c:\windows\system32\vbox
    2014-11-27 20:39 . 2014-11-27 20:56 -------- d-----w- c:\windows\SysWow64\vbox
    2014-11-27 20:32 . 2014-11-27 20:32 364512 ----a-w- c:\windows\system32\aswBoot.exe
    2014-11-27 20:32 . 2014-11-27 20:32 43152 ----a-w- c:\windows\avastSS.scr
    2014-11-27 19:56 . 2014-12-08 10:01 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-27 19:55 . 2014-12-08 09:24 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-11-27 19:55 . 2014-11-21 06:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-27 19:55 . 2014-11-21 06:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-27 19:55 . 2014-11-21 06:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-18 20:25 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-18 20:25 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-18 20:25 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-18 20:25 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-11-16 09:34 . 2014-11-16 09:34 -------- d-sh--w- c:\users\Adele\AppData\Local\EmieBrowserModeList
    2014-11-12 10:45 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
    2014-11-12 10:45 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
    2014-11-12 10:45 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-11-12 10:45 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-11-12 10:45 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
    2014-11-12 10:45 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-11-12 10:45 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-11-12 10:45 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-11-12 10:45 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-11-12 10:45 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-11-12 10:45 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2014-11-12 10:45 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
    2014-11-12 10:39 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-11-12 10:39 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-11-11 12:29 . 2014-11-12 03:03 1113664 ----a-w- c:\programdata\Microsoft\WDExpress\12.0\1033\ResourceCache.dll
    2014-11-11 12:25 . 2014-11-11 12:25 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
    2014-11-11 11:56 . 2014-11-11 11:56 -------- d-----w- c:\programdata\NuGet
    2014-11-11 11:56 . 2014-11-11 11:56 -------- d-----w- c:\program files (x86)\NuGet
    2014-11-11 11:37 . 2014-11-11 11:37 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
    2014-11-11 11:21 . 2014-11-11 11:24 -------- d-----w- c:\program files (x86)\Windows Kits
    2014-11-11 11:21 . 2014-11-11 11:21 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
    2014-11-11 11:15 . 2014-11-11 11:15 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
    2014-11-11 11:15 . 2014-11-11 12:18 -------- d-----w- c:\program files (x86)\Microsoft SDKs
    2014-11-11 11:10 . 2014-11-11 11:10 -------- d-----w- c:\windows\SysWow64\1033
    2014-11-11 11:10 . 2014-11-11 11:10 -------- d-----w- c:\windows\system32\1033
    2014-11-11 11:10 . 2014-11-11 11:54 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
    2014-11-11 11:10 . 2014-11-11 11:54 -------- d-----w- c:\program files\Microsoft SQL Server
    2014-11-11 11:06 . 2014-11-11 11:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2014-11-11 11:04 . 2014-11-11 12:28 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 12.0
    2014-11-11 10:54 . 2014-11-11 10:54 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
    2014-11-11 10:44 . 2012-03-08 18:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2014-11-11 10:41 . 2014-11-11 10:41 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fe19f6be1cffd9b04\MeshBetaRemover.exe
    2014-11-11 10:40 . 2014-11-11 10:40 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fa53880e1cffd9b02\DSETUP.dll
    2014-11-11 10:40 . 2014-11-11 10:40 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fa53880e1cffd9b02\DXSETUP.exe
    2014-11-11 10:40 . 2014-11-11 10:40 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fa53880e1cffd9b02\dsetup32.dll
    2014-11-11 10:40 . 2014-11-11 10:40 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f87513771cffd9b01\DSETUP.dll
    2014-11-11 10:40 . 2014-11-11 10:40 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f87513771cffd9b01\DXSETUP.exe
    2014-11-11 10:40 . 2014-11-11 10:40 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f87513771cffd9b01\dsetup32.dll
    2014-11-11 10:29 . 2014-11-12 03:01 -------- d-----w- c:\programdata\Package Cache
    2014-11-11 10:25 . 2014-11-11 10:25 -------- d-----w- c:\windows\en
    2014-11-11 10:24 . 2014-11-11 10:44 -------- dc----w- c:\windows\system32\DRVSTORE
    2014-11-11 10:24 . 2014-11-11 10:44 -------- d-----w- c:\program files\Windows Live
    2014-11-11 10:24 . 2009-09-04 17:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
    2014-11-11 10:24 . 2009-09-04 17:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-27 20:33 . 2014-09-19 11:27 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-11-27 20:32 . 2014-09-19 11:27 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-11-27 20:32 . 2014-09-19 11:27 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-11-27 20:32 . 2014-09-19 11:27 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-11-27 20:32 . 2014-09-19 11:27 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-11-27 20:32 . 2014-09-19 11:27 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-11-27 20:32 . 2014-09-19 11:27 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-11-27 20:32 . 2014-09-19 11:27 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-11-13 03:02 . 2013-05-08 19:05 103374192 ----a-w- c:\windows\system32\MRT.exe
    2014-11-10 11:27 . 2010-06-24 10:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-11-04 14:30 . 2013-11-28 19:33 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-09-25 02:08 . 2014-10-01 16:53 371712 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-25 01:40 . 2014-10-01 16:53 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
    "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
    "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-27 5226600]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]
    "DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
    "STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2010-08-11 120032]
    .
    c:\users\Adele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
    .
    c:\users\Frey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2010-5-28 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "UpdReg"=c:\windows\UpdReg.EXE
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
    S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 15:28]
    .
    2013-02-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
    .
    2013-01-22 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
    - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
    .
    2013-06-10 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-11-27 20:32 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
    "fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: leicester.gov.uk\remote1
    TCP: DhcpNameServer = 192.168.1.254
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110519041506
    FF - ProfilePath - c:\users\Newton\AppData\Roaming\Mozilla\Firefox\Profiles\oawriyoj.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
    ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
    ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
    c:\users\Adele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
    ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
    ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
    AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4244251359-3273506151-932239939-1001_Classes\CLSID]
    @DACL=(02 0000)
    .
    [HKEY_USERS\S-1-5-21-4244251359-3273506151-932239939-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    @DACL=(02 0000)
    @="SyncingOverlayHandler Class"
    .
    [HKEY_USERS\S-1-5-21-4244251359-3273506151-932239939-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    @DACL=(02 0000)
    @="ErrorOverlayHandler Class"
    .
    [HKEY_USERS\S-1-5-21-4244251359-3273506151-932239939-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}]
    @DACL=(02 0000)
    @="SkyDriveEx"
    .
    [HKEY_USERS\S-1-5-21-4244251359-3273506151-932239939-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    @DACL=(02 0000)
    @="UpToDateOverlayHandler Class"
    .
    [HKEY_USERS\S-1-5-21-4244251359-3273506151-932239939-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}]
    @DACL=(02 0000)
    @="SyncFileInformationProvider Class"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-12-10  19:19:11
    ComboFix-quarantined-files.txt  2014-12-10 19:19
    .
    Pre-Run: 774,989,664,256 bytes free
    Post-Run: 774,818,156,544 bytes free
    .
    - - End Of File - - 505824725F36AF67146065064657047C

     

     

    not sure where you mean by typing task n wait in the search box??  which search box???
     


    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

     

    If you hit the Start ball then right above it is a search box.  Type in Task and you should see Task Scheduler at the top.

     

    1. Open Task Scheduler and click OK when prompted with the error. It may seem like you are receiving the same error over and over, but this is really due to the number of tasks which are broken. Make a note of the number of times you are prompted with the the selected task "{0}" error. This is the number of task files that are out of sync with the registry.
    2. Start with the first folder under Windows tasks (Task Scheduler(Local)\Task Scheduler Library\Microsoft\Windows) and select each folder in turn until you receive the the selected task "{0}" error. This folder contains files that are not in sync with the task scheduler.
    3. Open Windows Explorer and navigate to the tasks file folder (%SystemFolder%\Tasks\Microsoft\Windows) and find the folder which corresponds to the folder in which you received the error.
    4. For some tasks you will be able to determine which files need to be deleted by comparing the list in the Task Scheduler with the list of files in Explorer. Some tasks will only have a single file in explorer, or, in one case I had 2 and the first was missing. Once Task Scheduler encounters this error it will no longer display tasks so it makes the job of getting the two in sync a little more difficult. Once you have determined which files exist in the File Folder but do not exist in the Task Scheduler folder, delete those files.
    5. IMPORTANT - Close and Re-open Task Scheduler. Once the error is encountered, Task Scheduler no longer displays the tasks so you need to close it and restart in order to continue your synchronization effort.
    6. Continue to select folders in Task Scheduler under Windows tasks until you encounter the error again and repeat the process of determining which file exists on the file system, but not in Task Scheduler.

    • 0

    #14
    adelehirst

    adelehirst

      Member

    • Topic Starter
    • Member
    • PipPip
    • 13 posts

    Ive started running through this however I am still receiving an error when I load up taskscheduler but when I start running trough the folders the error oes not occur when any of the folders are clicked on in task explorer, however, I can see from looking in windows explorer these folders do have files in them.... but no error is showing or files when the folders are clicked upon in task scheduler...  this seems to start from the folder titled 'loction' which has files in it in windows explorer but does not in task scheduler nor does it error....   hope that is clear??  many thanks  adele.


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    In Task Scheduler look up to the top and find the View button.. There should be an option to View Hidden Tasks.  Make sure that is checked.

     

    Where exactly is this loction located?


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP