I have this screen that pops up on my web pages . I can't remove it uninstall or find it. I have done image restores,virus scans. still there.
can anybody help please.
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
I have this screen that pops up on my web pages . I can't remove it uninstall or find it. I have done image restores,virus scans. still there.
can anybody help please.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Dan (administrator) on DAN-LAPTOP on 07-02-2015 09:04:57
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available profiles: Dan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Wavget.com) C:\Program Files (x86)\TypeItIn\TypeItIn.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\a\internetport3.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2104104 2010-03-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [autoauto] => 33210278.bat
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TypeItIn.lnk
ShortcutTarget: TypeItIn.lnk -> C:\Program Files (x86)\TypeItIn\TypeItIn.exe (Wavget.com)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2918248101-3388894934-2879875847-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2918248101-3388894934-2879875847-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\.DEFAULT -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s7icrnqg.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s7icrnqg.default\user.js
FF Extension: Ebay Button - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s7icrnqg.default\Extensions\[email protected] [2015-02-05]
FF Extension: AddThis - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s7icrnqg.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-02-05]
FF Extension: Classic Theme Restorer - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s7icrnqg.default\Extensions\[email protected] [2015-02-05]
FF Extension: Ebay Negs! - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s7icrnqg.default\Extensions\{265b0520-499e-11d9-9669-0800200c9a66}.xpi [2015-02-05]
FF Extension: media enhance - C:\Program Files (x86)\Mozilla Firefox\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com [2015-02-06]
FF Extension: hdshop - C:\Program Files (x86)\Mozilla Firefox\extensions\3889d70a-3fde-4565-9f53-587ed12a797a@b90fd175-524e-46e6-a91f-624789f3369f.com [2015-02-06]
FF Extension: Advanced SystemCare Surfing Protection - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Software Assist - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Ebay Button - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Canadian English Dictionary - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: United States English Spellchecker - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Conduit Engine - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: IE Tab Plus - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: SpellBound - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{00F2C0C6-2194-484E-9064-44E57787867B}-TRASH [2015-02-06]
FF Extension: ColorfulTabs - C:\Program Files (x86)\Mozilla Firefox\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-02-06]
FF Extension: Garmin Communicator - C:\Program Files (x86)\Mozilla Firefox\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-02-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1C627C3E-126A-4021-AF67-FDBCFE2543FA}-TRASH [2015-02-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Program Files (x86)\Mozilla Firefox\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2015-02-06]
FF Extension: WindowsUpdate - C:\Program Files (x86)\Mozilla Firefox\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b} [2015-02-06]
FF Extension: PDF Download - C:\Program Files (x86)\Mozilla Firefox\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2015-02-06]
FF Extension: AddThis - C:\Program Files (x86)\Mozilla Firefox\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2015-02-06]
FF Extension: Gmail Manager - C:\Program Files (x86)\Mozilla Firefox\extensions\{582195F5-92E7-40a0-A127-DB71295901D7} [2015-02-06]
FF Extension: Show MyIP - C:\Program Files (x86)\Mozilla Firefox\extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}(2) [2015-02-06]
FF Extension: Fast Search by Surf Canyon - C:\Program Files (x86)\Mozilla Firefox\extensions\{75623d5d-4683-402a-b610-ac4bab767c86} [2015-02-06]
FF Extension: Value Apps - C:\Program Files (x86)\Mozilla Firefox\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2015-02-06]
FF Extension: Snip It! Button for eBay - C:\Program Files (x86)\Mozilla Firefox\extensions\{aab35b56-0206-4472-9993-9cb5c09bb722} [2015-02-06]
FF Extension: ReminderFox - C:\Program Files (x86)\Mozilla Firefox\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2015-02-06]
FF Extension: Password Exporter - C:\Program Files (x86)\Mozilla Firefox\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2015-02-06]
FF Extension: Answers - C:\Program Files (x86)\Mozilla Firefox\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} [2015-02-06]
FF Extension: <![CDATA[1-ClickWeather]]> - C:\Program Files (x86)\Mozilla Firefox\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03} [2015-02-06]
FF Extension: Clipmarks - C:\Program Files (x86)\Mozilla Firefox\extensions\{e1170235-2845-420c-acc3-42261a29dd46} [2015-02-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Autofill Forms - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Morning Coffee - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Vocabulary Highlighter - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
FF Extension: Session Manager - C:\Program Files (x86)\Mozilla Firefox\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-02-06]
FF Extension: Image Zoom - C:\Program Files (x86)\Mozilla Firefox\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2015-02-06]
FF Extension: Ebay Negs! - C:\Program Files (x86)\Mozilla Firefox\extensions\{265b0520-499e-11d9-9669-0800200c9a66}.xpi [2015-02-06]
FF Extension: eBay Sidebar for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2015-02-06]
FF Extension: IE View - C:\Program Files (x86)\Mozilla Firefox\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi [2015-02-06]
FF Extension: ImTranslator - C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2015-02-06]
FF Extension: Calculator - C:\Program Files (x86)\Mozilla Firefox\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}.xpi [2015-02-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-06]
Chrome:
=======
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-06] (SurfRight B.V.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11832 2014-10-11] (Advanced Micro Devices Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R3 bcm44amd64; C:\Windows\System32\DRIVERS\b44amd64.sys [87552 2009-06-10] (Broadcom Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-09] ()
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdide64.sys 4249DA806451D394712B4D66C8652DBB
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 428DDCB79F4377726501867EADA9C2D6
C:\Windows\System32\DRIVERS\avgdiska.sys CDE60914D4ED81291F0CCFDB2CA311B9
C:\Windows\System32\DRIVERS\avgidsdrivera.sys E7E1A0AB30587BF3734A2EC66BBCE743
C:\Windows\System32\DRIVERS\avgidsha.sys B0E4A1F342A3F8B75C4A4ADB044761C9
C:\Windows\System32\DRIVERS\avgldx64.sys 5980222218A0773E2994E524E5BA2464
C:\Windows\System32\DRIVERS\avgloga.sys 197F28711B4B71E6575E5298CCEDC737
C:\Windows\System32\DRIVERS\avgmfx64.sys 53C79A07776F930EADB92F2A8DE17D81
C:\Windows\System32\DRIVERS\avgrkx64.sys C4F9056928B26BCAF15872E46B29184F
C:\Windows\System32\DRIVERS\avgtdia.sys 367185B24132230843EF53B07305720D
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys FB4FDA64F2E8552EAEB5986C3F34462C
C:\Windows\System32\DRIVERS\b44amd64.sys 2BC7C1697B633692A061A4A36ED9DFDD
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rimmpx64.sys 9C23519FC1FD331AAAEDC145AB947293
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SmartDefragDriver.sys E77CB3736A702D46A6FB15FB4A9894E3
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SWDUMon.sys 2E3ACFDA0B792707C59B307ABB6A6E95
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 05AC84ED54DD46092C045F6FBB8C5D3C
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 09:04 - 2015-02-07 09:06 - 00033599 _____ () C:\Users\Dan\Desktop\FRST.txt
2015-02-07 09:04 - 2015-02-07 09:05 - 00000000 ____D () C:\FRST
2015-02-07 09:01 - 2015-02-07 09:01 - 02131968 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2015-02-06 19:12 - 2015-02-06 19:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dan\Desktop\HiJackThis.exe
2015-02-06 16:25 - 2015-02-06 16:25 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-06 16:02 - 2015-02-06 16:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-06 13:48 - 2015-02-06 13:52 - 00000000 ___RD () C:\Users\Dan\Desktop\Utililties
2015-02-06 13:09 - 2015-02-06 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-06 13:05 - 2015-02-06 13:12 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-06 13:05 - 2015-02-06 13:09 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-06 12:42 - 2015-02-06 16:36 - 00000000 ____D () C:\AdwCleaner
2015-02-05 14:11 - 2015-02-06 16:38 - 00000710 _____ () C:\Windows\setupact.log
2015-02-05 14:11 - 2015-02-05 14:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-05 14:10 - 2015-02-05 14:10 - 00005922 _____ () C:\Windows\PFRO.log
2015-02-05 14:09 - 2015-02-05 14:09 - 00000000 _____ () C:\asc_rdflag
2015-02-05 14:07 - 2015-02-05 14:07 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-05 14:07 - 2015-02-05 14:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-05 14:07 - 2015-02-05 14:07 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-05 14:07 - 2015-02-05 14:07 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-05 14:07 - 2015-02-05 14:07 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-05 14:06 - 2015-02-05 14:06 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-05 14:06 - 2015-02-05 14:06 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-05 14:06 - 2015-02-05 14:06 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-05 14:06 - 2015-02-05 14:06 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-05 14:06 - 2015-02-05 14:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-05 14:06 - 2015-02-05 14:06 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-05 14:06 - 2015-02-05 14:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-05 14:06 - 2015-02-05 14:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-05 13:41 - 2015-02-05 13:41 - 18129584 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-05 13:07 - 2015-02-05 13:07 - 02347384 _____ (ESET) C:\Users\Dan\Desktop\esetsmartinstaller_enu.exe
2015-02-04 15:41 - 2015-02-04 15:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-04 10:57 - 2015-02-04 10:57 - 00000000 ____D () C:\Users\Dan\Desktop\Old Firefox Data
2015-02-03 19:35 - 2015-02-03 19:35 - 00000000 __SHD () C:\Users\Dan\AppData\Local\EmieUserList
2015-02-03 19:35 - 2015-02-03 19:35 - 00000000 __SHD () C:\Users\Dan\AppData\Local\EmieSiteList
2015-02-03 19:35 - 2015-02-03 19:35 - 00000000 __SHD () C:\Users\Dan\AppData\Local\EmieBrowserModeList
2015-02-01 10:46 - 2015-02-01 10:46 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-01-26 14:53 - 2015-01-26 14:53 - 00000000 ____D () C:\Users\Dan\AppData\Local\Google
2015-01-22 21:53 - 2015-01-22 21:53 - 01815179 _____ () C:\Users\Dan\Desktop\Untitled_Message.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 08:52 - 2014-05-08 21:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 19:36 - 2014-05-08 20:41 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-06 19:14 - 2014-05-08 19:53 - 00000000 ____D () C:\Users\Dan\AppData\Local\VirtualStore
2015-02-06 16:46 - 2009-07-13 23:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 16:46 - 2009-07-13 23:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 16:38 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 16:02 - 2014-05-08 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-06 12:15 - 2014-11-08 15:48 - 00000000 ___HD () C:\a
2015-02-06 10:01 - 2014-05-08 22:42 - 01525694 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 09:13 - 2014-05-08 20:46 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2015-02-06 09:13 - 2014-05-08 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-05 14:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-05 14:09 - 2014-05-09 00:13 - 55869440 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-02-05 14:09 - 2014-05-09 00:13 - 00229376 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-02-05 14:09 - 2014-05-09 00:13 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-02-05 14:09 - 2014-05-09 00:13 - 00024576 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2015-02-05 14:09 - 2014-05-08 19:53 - 00000000 ____D () C:\Users\Dan
2015-02-05 14:07 - 2014-05-08 21:21 - 00002209 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2015-02-05 13:58 - 2014-05-09 18:38 - 00000000 ____D () C:\ProgramData\InstallMate
2015-02-05 13:41 - 2014-05-08 21:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 13:41 - 2014-05-08 20:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 13:41 - 2014-05-08 20:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 13:39 - 2014-10-10 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2015-02-05 13:39 - 2014-05-08 21:16 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-05 13:07 - 2014-10-17 12:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-05 12:57 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 12:46 - 2014-10-10 14:25 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\ProductData
2015-02-05 12:46 - 2014-05-08 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2015-02-05 12:46 - 2014-05-08 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2015-02-05 12:46 - 2014-05-08 21:16 - 00000000 ____D () C:\ProgramData\IObit
2015-02-05 12:46 - 2014-05-08 21:15 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\IObit
2015-02-05 12:46 - 2014-05-08 20:59 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-05 12:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
2015-02-05 12:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-05 12:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-05 12:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-05 12:45 - 2014-12-14 20:29 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-02-05 12:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-05 12:42 - 2014-10-17 12:19 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-05 12:42 - 2014-05-09 22:13 - 00000000 ____D () C:\ProgramData\Skype
2015-02-05 12:42 - 2014-05-09 21:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-05 12:42 - 2014-05-09 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-02-05 12:42 - 2014-05-09 09:50 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-02-05 12:42 - 2014-05-08 20:45 - 00000000 ____D () C:\ProgramData\AVG2014
2015-02-05 12:42 - 2014-05-08 19:53 - 00000000 ___RD () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-05 12:42 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-05 12:30 - 2014-05-09 00:12 - 43958272 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2015-02-04 18:45 - 2014-12-14 20:29 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-01-25 14:03 - 2014-05-08 22:06 - 00000000 ____D () C:\Windows\system32\MRT
==================== Files in the root of some directories =======
2014-05-08 23:23 - 2014-05-16 08:23 - 0000035 _____ () C:\Users\Dan\AppData\Roaming\WB.CFG
2014-05-08 21:39 - 2014-05-08 21:39 - 0007605 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\Quarantine.exe
C:\Users\Dan\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {bdea04c2-d733-11e3-99e3-d7e47db2a828}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {bdea04c4-d733-11e3-99e3-d7e47db2a828}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {bdea04c2-d733-11e3-99e3-d7e47db2a828}
nx OptIn
Windows Boot Loader
-------------------
identifier {bdea04c4-d733-11e3-99e3-d7e47db2a828}
device ramdisk=[C:]\Recovery\bdea04c4-d733-11e3-99e3-d7e47db2a828\Winre.wim,{bdea04c5-d733-11e3-99e3-d7e47db2a828}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\bdea04c4-d733-11e3-99e3-d7e47db2a828\Winre.wim,{bdea04c5-d733-11e3-99e3-d7e47db2a828}
systemroot \windows
nx OptIn
winpe Yes
Resume from Hibernate
---------------------
identifier {bdea04c2-d733-11e3-99e3-d7e47db2a828}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems Yes
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {bdea04c5-d733-11e3-99e3-d7e47db2a828}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\bdea04c4-d733-11e3-99e3-d7e47db2a828\boot.sdi
LastRegBack: 2014-05-08 22:39
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Dan at 2015-02-07 09:06:56
Running from C:\Users\Dan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon MG5400 series On-screen Manual (HKLM-x32\...\Canon MG5400 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG5400 series User Registration (HKLM-x32\...\Canon MG5400 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DVDFab 9.1.4.2 (29/04/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.13.0 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinZip 12.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}) (Version: 12.1.8519 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2918248101-3388894934-2879875847-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2918248101-3388894934-2879875847-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2918248101-3388894934-2879875847-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2918248101-3388894934-2879875847-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2918248101-3388894934-2879875847-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
05-02-2015 13:00:44 Windows Backup
05-02-2015 14:04:21 Windows Modules Installer
05-02-2015 14:34:49 Windows Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {51FCBECD-8693-41F9-AE8B-67076D904659} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
Task: {9E8B22ED-66DE-41ED-865E-95E7A90CB07A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {D3D9FDBB-20DE-49BC-8EFB-E00C3636300E} - System32\Tasks\ASC7_SkipUac_Dan => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {D8C2A90A-321B-4B2D-A236-970E0D56F5B1} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {DE9531EF-20C0-4F2C-81CC-61E6C4A36D93} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
Task: {E15EE83C-BE38-442D-B0D5-242B78E4F263} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {F66FE089-A9A2-4FEF-BBA4-DB552C168B1E} - System32\Tasks\{7A899063-791B-4ADC-B79B-E8A4CEC9F5CA} => C:\Users\Dan\Desktop\DOWNLOADS\Synaptics_v15_2_7_C_XP64_Vista64_Win7-64.exe
Task: {F99FACF5-C305-432C-AF69-73018946A221} - System32\Tasks\Driver Booster SkipUAC (Dan) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-05 12:52 - 2014-11-03 16:37 - 00007168 _____ () C:\a\internetport3.exe
2014-05-08 21:21 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-05-08 21:21 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2015-02-06 16:04 - 2015-02-06 16:04 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-05 13:41 - 2015-02-05 13:41 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\Control Panel\Desktop\\Wallpaper ->
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2918248101-3388894934-2879875847-500 - Administrator - Disabled)
Dan (S-1-5-21-2918248101-3388894934-2879875847-1000 - Administrator - Enabled) => C:\Users\Dan
Guest (S-1-5-21-2918248101-3388894934-2879875847-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2015 06:15:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: avgsysa.dll, version: 14.0.0.4800, time stamp: 0x536a4985
Exception code: 0xc0000005
Fault offset: 0x0000000000058b9b
Faulting process id: 0x7b0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (02/06/2015 04:39:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 01:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 01:01:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:15:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:15:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/06/2015 00:12:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (02/06/2015 00:11:37 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c
Error: (02/06/2015 10:49:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 10:48:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (02/07/2015 01:31:52 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Error: (02/06/2015 04:39:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (02/06/2015 01:46:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (02/06/2015 01:01:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (02/06/2015 00:16:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (02/06/2015 00:15:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%1053
Error: (02/06/2015 00:15:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error: (02/06/2015 11:24:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/06/2015 11:24:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/06/2015 11:24:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
Error: (02/06/2015 06:15:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4avgsysa.dll14.0.0.4800536a4985c00000050000000000058b9b7b001d0425540f188aeC:\Windows\Explorer.EXEC:\Program Files (x86)\AVG\AVG2014\avgsysa.dllf9d34c84-ae55-11e4-8c0f-0019b97ac856
Error: (02/06/2015 04:39:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 01:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 01:01:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:15:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:15:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dan\Desktop\esetsmartinstaller_enu.exe
Error: (02/06/2015 00:12:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
Error: (02/06/2015 00:11:37 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c
Error: (02/06/2015 10:49:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 10:48:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dan\Desktop\esetsmartinstaller_enu.exe
==================== Memory info ===========================
Processor: AMD Turion 64 X2 Mobile Technology TL-50
Percentage of memory in use: 50%
Total physical RAM: 3966.05 MB
Available physical RAM: 1976.73 MB
Total Pagefile: 7930.28 MB
Available Pagefile: 6141.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.52 GB) (Free:39.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Start CreateRestorePoint: CloseProcesses: Emptytemp: Task: {51FCBECD-8693-41F9-AE8B-67076D904659} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe C:\Program Files (x86)\IObit Task: {D3D9FDBB-20DE-49BC-8EFB-E00C3636300E} - System32\Tasks\ASC7_SkipUac_Dan => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit) Task: {D8C2A90A-321B-4B2D-A236-970E0D56F5B1} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit) Task: {DE9531EF-20C0-4F2C-81CC-61E6C4A36D93} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe Task: {E15EE83C-BE38-442D-B0D5-242B78E4F263} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit) Task: {F99FACF5-C305-432C-AF69-73018946A221} - System32\Tasks\Driver Booster SkipUAC (Dan) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe 2015-02-05 12:52 - 2014-11-03 16:37 - 00007168 _____ () C:\a\internetport3.exe C:\a\ 2014-05-08 21:21 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll 2014-05-08 21:21 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll FF Extension: Conduit Engine - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06] SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [S-1-5-21-2918248101-3388894934-2879875847-1000] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-2918248101-3388894934-2879875847-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877 End
Here you Go
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Dan at 2015-02-08 08:01:17 Run:1
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available profiles: Dan)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {51FCBECD-8693-41F9-AE8B-67076D904659} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
C:\Program Files (x86)\IObit
Task: {D3D9FDBB-20DE-49BC-8EFB-E00C3636300E} - System32\Tasks\ASC7_SkipUac_Dan => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {D8C2A90A-321B-4B2D-A236-970E0D56F5B1} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {DE9531EF-20C0-4F2C-81CC-61E6C4A36D93} -
System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
Task: {E15EE83C-BE38-442D-B0D5-242B78E4F263} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {F99FACF5-C305-432C-AF69-73018946A221} - System32\Tasks\Driver Booster SkipUAC (Dan) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
2015-02-05 12:52 - 2014-11-03 16:37 - 00007168 _____ () C:\a\internetport3.exe
C:\a\
2014-05-08 21:21 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-05-08 21:21 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
FF Extension: Conduit Engine - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-02-06]
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 ->
DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2918248101-3388894934-2879875847-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2918248101-3388894934-2879875847-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
End
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51FCBECD-8693-41F9-AE8B-67076D904659}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51FCBECD-8693-41F9-AE8B-67076D904659}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key deleted successfully.
C:\Program Files (x86)\IObit => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3D9FDBB-20DE-49BC-8EFB-E00C3636300E} => Key not found.
C:\Windows\System32\Tasks\ASC7_SkipUac_Dan not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_SkipUac_Dan => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8C2A90A-321B-4B2D-A236-970E0D56F5B1} => Key not found.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {DE9531EF-20C0-4F2C-81CC-61E6C4A36D93} - => Key not found.
System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E15EE83C-BE38-442D-B0D5-242B78E4F263} => Key not found.
C:\Windows\System32\Tasks\SmartDefrag3_Update not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag3_Update => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F99FACF5-C305-432C-AF69-73018946A221}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F99FACF5-C305-432C-AF69-73018946A221}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Dan) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Dan)" => Key deleted successfully.
C:\a\internetport3.exe => Moved successfully.
"C:\a" directory move:
C:\a\57097757.zip => Moved successfully.
C:\a\72895555.bat => Moved successfully.
C:\a\FdFC5Ba05A.exe => Moved successfully.
C:\a\FiddlerCore.dll => Moved successfully.
C:\a\loading.gif => Moved successfully.
C:\a\ping.txt => Moved successfully.
Could not move "C:\a" directory. => Scheduled to move on reboot.
"C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll" => File/Directory not found.
"C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll" => File/Directory not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] => Moved successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\SearchScopes: HKU\S-1-5-20 ->\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-20 -> => Value not found.
DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-2918248101-3388894934-2879875847-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-08 08:03:50)<=
C:\a => Is moved successfully.
==== End of Fixlog 08:03:50 ====
# AdwCleaner v4.110 - Logfile created 08/02/2015 at 08:35:25
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dan - DAN-LAPTOP
# Running from : C:\Users\Dan\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [15230 bytes] - [06/02/2015 12:43:03]
AdwCleaner[R1].txt - [15290 bytes] - [06/02/2015 12:47:42]
AdwCleaner[R2].txt - [1921 bytes] - [06/02/2015 16:32:47]
AdwCleaner[R3].txt - [1276 bytes] - [08/02/2015 08:12:29]
AdwCleaner[R4].txt - [1191 bytes] - [08/02/2015 08:24:02]
AdwCleaner[S0].txt - [16396 bytes] - [06/02/2015 12:57:31]
AdwCleaner[S1].txt - [2009 bytes] - [06/02/2015 16:36:30]
AdwCleaner[S2].txt - [1346 bytes] - [08/02/2015 08:17:12]
AdwCleaner[S3].txt - [1119 bytes] - [08/02/2015 08:35:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1178 bytes] ##########
Hello Valinorum,
I thought I had removed it a few times. Only to have it show up again will surfing the net .Not all site have this pop up Geeks site does and makes it very hard to read the screen at all.
It seems to be gone.At this point I'll surf and run know trouble sites to see if it appears. It seems to spawn showing on more and more sites as it goes.
Advance care and defrag that was removed could you make recommendations for replacements?
I do appreciate your efforts and time to this point thank you
.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 2/8/2015
Scan Time: 11:19:28 AM
Logfile: malware log scan.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.08.04
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dan
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331037
Time Elapsed: 23 min, 50 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Eset
C:\Program Files (x86)\Mozilla Firefox\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Mozilla Firefox\extensions\3889d70a-3fde-4565-9f53-587ed12a797a@b90fd175-524e-46e6-a91f-624789f3369f.com\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Dan\Documents\Old Firefox Data\os108p1e.default-1393465284968\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Dan\Documents\Old Firefox Data\os108p1e.default-1393465284968\extensions\3889d70a-3fde-4565-9f53-587ed12a797a@b90fd175-524e-46e6-a91f-624789f3369f.com\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
Oh please,proceed to your prevention speech. I'll monitor PC to check if the malware reappears.
Thanks
♣ Removal of Tools and Quarantined Files ♣
♣ Prevention and Future Guidelines ♣
Hello Valinorum,
Advance care and defrag that were removed could you make recommendations for replacements?
any help here
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.