beepbeep
-
Posts
60 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by beepbeep
-
It happened again today, I am reading an article and for no reason it refreshes back to the original page. Why would that happen?
-
I have just done a full scan with Avast and it said some files could not be scanned
-
I have just finished Malware full scan and it hasn't found anything.
-
I wonder if I might have something unwanted in my computer. I opened the daily mail and then opened different articles I wanted to read but when I started to read them they went to the homepage. This heppened to every article. What can I do?
-
We have run a Full Avast scan and this picked something up it has cleared it and it all seems ok now.
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014 Ran by Mark at 2014-12-19 09:54:49 Running from E:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation) Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.) Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Packard Bell) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Packard Bell) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Packard Bell) Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 32.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-GB)) (Version: 32.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG) Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Packard Bell) Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Packard Bell) Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Packard Bell) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vision Defense (HKLM-x32\...\{FEAB15DC-2074-4CB0-B624-1229404A578F}_is1) (Version: - Vision Defense) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden Wise Care 365 2.99 (HKLM-x32\...\Wise Care 365_is1) (Version: 2.99 - WiseCleaner.com, Inc.) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 05-12-2014 08:19:58 Created by Wise Care 365 11-12-2014 10:02:39 Windows Update 16-12-2014 07:03:24 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {194F557E-EFA8-4F3C-8671-6DE96E8D11BC} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated) Task: {44EC852F-EB09-4827-AC59-D9DA5E8F3DF5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {46A36B33-13E6-479A-A8D3-92E6FF1AE97B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {5018B6E5-7FA6-4A44-90B6-169F1A920D19} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2012-08-30] () Task: {589D6E12-7AD4-4929-A024-BB3D57676C76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28] (Google Inc.) Task: {5ADFD9AB-639F-4B37-8966-04F7BCCC76F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28] (Google Inc.) Task: {5C5FAD3F-6869-4C43-80F2-E8EEAB1A120B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-05-31] () Task: {7B2E35F5-D8EF-4B05-A7B0-097AD5AC457B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-28] (AVAST Software) Task: {9C1842DE-362D-4E5A-85BF-832DC1539256} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2012-06-22] () Task: {ACE8C142-958E-4720-B88D-4C18BC59802E} - System32\Tasks\{178B568D-6F37-49AD-BEB3-9CF7E2A2E9AC} => pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe" Task: {B115584B-53A8-4598-8C11-8E8A572118F8} - System32\Tasks\{3225B69A-1DFF-41C2-B118-8702A9F61C2F} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsPlugin Task: {B2452456-3666-4D58-B67B-7DF98A8EB290} - \ASP No Task File <==== ATTENTION Task: {BC98BC30-1F4C-4EF4-80D9-4208E4EEEF6D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MARK-Mark Mark => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation) Task: {C73B4E44-0823-4B66-964B-93002ACBE74F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {CDF73B74-C058-45BC-8177-D9CFE9C502C3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-03] (Adobe Systems Incorporated) Task: {FA18E692-D990-47A8-B54B-21C71ECDD8B7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-01-28 13:45 - 2013-01-28 13:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-01-28 13:42 - 2013-01-28 13:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2013-01-28 13:47 - 2013-01-28 13:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-12-18 08:21 - 2014-12-18 08:21 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121800\algo.dll 2014-12-19 07:37 - 2014-12-19 07:37 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121801\algo.dll 2014-05-28 14:22 - 2014-05-28 14:22 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-12-19 07:37 - 2014-12-19 07:37 - 00196608 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\1.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00102400 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\10.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00958464 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\11.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00905216 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\12.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 01880064 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\13.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00184320 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\14.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00180224 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\15.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00086016 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\16.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00159744 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\18.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00090112 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\19.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00077824 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\2.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00118784 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\20.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00155648 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\21.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00086016 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\22.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00163840 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\23.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 01835008 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\4.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00110592 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\5.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00114688 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\6.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00184320 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\8.mdd 2014-12-19 07:37 - 2014-12-19 07:37 - 00086016 _____ () C:\Users\Mark\AppData\Local\Temp\wrd10004.~lk\9.mdd 2012-10-17 04:07 - 2012-06-25 17:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2014-12-12 07:40 - 2014-12-06 01:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-12 07:40 - 2014-12-06 01:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-12 07:40 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-12 07:40 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Mark\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1978372828-636451710-408125832-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-1978372828-636451710-408125832-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1978372828-636451710-408125832-1005 - Limited - Enabled) Mark (S-1-5-21-1978372828-636451710-408125832-1001 - Administrator - Enabled) => C:\Users\Mark ==================== Faulty Device Manager Devices ============= Name: Broadcom NetLink Gigabit Ethernet Description: Broadcom NetLink Gigabit Ethernet Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Broadcom Corporation Service: k57nd60a Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/18/2014 08:53:13 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (12/16/2014 08:06:57 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (12/16/2014 07:04:06 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (12/14/2014 06:59:52 PM) (Source: ESENT) (EventID: 455) (User: ) Description: SettingSyncHost (3164) {A2D17091-30AF-4C8B-B402-EE6C25A5D8C7}: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Mark\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00002.log. Error: (12/14/2014 09:37:08 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (12/14/2014 09:17:55 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (12/14/2014 09:00:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: delegate_execute.exe, version: 39.0.2171.95, time stamp: 0x54823f01 Faulting module name: delegate_execute.exe, version: 39.0.2171.95, time stamp: 0x54823f01 Exception code: 0xc0000005 Fault offset: 0x00037db3 Faulting process ID: 0xdb8 Faulting application start time: 0xdelegate_execute.exe0 Faulting application path: delegate_execute.exe1 Faulting module path: delegate_execute.exe2 Report ID: delegate_execute.exe3 Faulting package full name: delegate_execute.exe4 Faulting package-relative application ID: delegate_execute.exe5 Error: (12/12/2014 10:33:56 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (12/12/2014 09:21:08 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (12/12/2014 08:50:37 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (12/19/2014 07:37:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (12/19/2014 07:37:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (12/19/2014 07:37:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (12/19/2014 07:37:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (12/19/2014 07:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (12/18/2014 08:22:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (12/18/2014 08:21:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (12/18/2014 08:21:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (12/18/2014 08:21:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (12/18/2014 08:21:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avast! HardwareID service failed to start due to the following error: %%127 Microsoft Office Sessions: ========================= Error: (12/18/2014 08:53:13 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (12/16/2014 08:06:57 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (12/16/2014 07:04:06 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (12/14/2014 06:59:52 PM) (Source: ESENT) (EventID: 455) (User: ) Description: SettingSyncHost3164{A2D17091-30AF-4C8B-B402-EE6C25A5D8C7}: C:\Users\Mark\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00002.log-1811 (0xfffff8ed) Error: (12/14/2014 09:37:08 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (12/14/2014 09:17:55 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (12/14/2014 09:00:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: delegate_execute.exe39.0.2171.9554823f01delegate_execute.exe39.0.2171.9554823f01c000000500037db3db801d0177c6d9888e3C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exeb68edd78-836f-11e4-bf51-cf1835d876e1 Error: (12/12/2014 10:33:56 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (12/12/2014 09:21:08 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (12/12/2014 08:50:37 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 ==================== Memory info =========================== Processor: Intel® Celeron® CPU B830 @ 1.80GHz Percentage of memory in use: 44% Total physical RAM: 3909.28 MB Available physical RAM: 2166.81 MB Total Pagefile: 4613.28 MB Available Pagefile: 2821.74 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:445.75 GB) (Free:379.16 GB) NTFS Drive e: () (Removable) (Total:7.64 GB) (Free:4.67 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: FE6878C5) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 7.7 GB) (Disk ID: ED32AD0C) Partition 1: (Not Active) - (Size=7.7 GB) - (Type=0B) ==================== End Of Log ============================
-
I have just run Farbar: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 Ran by Mark (administrator) on MARK on 19-12-2014 09:53:31 Running from E:\ Loaded Profile: Mark (Available profiles: Mark & Administrator) Platform: Windows 8.1 (X64) OS Language: English (United Kingdom) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Multidmedia Limited ) C:\Program Files (x86)\Vision Defense\Vision Defense.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Qualcomm Atheros Commnucations)) HKU\S-1-5-21-1978372828-636451710-408125832-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.) HKU\S-1-5-21-1978372828-636451710-408125832-1001\...\RunOnce: [Adobe Speed Launcher] => 1418974654 HKU\S-1-5-21-1978372828-636451710-408125832-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\visiondefense.lnk ShortcutTarget: visiondefense.lnk -> C:\Program Files (x86)\Vision Defense\Vision Defense.exe (Multidmedia Limited ) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1978372828-636451710-408125832-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?pc=UP97&ocid=UP97DHP HKU\S-1-5-21-1978372828-636451710-408125832-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {6F699FA9-8BFF-49BA-83C1-0B067BE380B5} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\d05zjs7h.default FF SearchEngineOrder.3: Bing FF Homepage: hxxp://uk.msn.com/?pc=UP97&ocid=UP97DHP FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\d05zjs7h.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\d05zjs7h.default\searchplugins\bingp.xml FF Extension: Adblock Plus - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\d05zjs7h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-25] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-28] Chrome: ======= CHR HomePage: Default -> hxxp://uk.msn.com/?pc=UP97&ocid=UP97DHP CHR StartupUrls: Default -> "https://www.google.co.uk/?gfe_rd=cr&ei=MPSFU-_RNqTR8gfBk4DQDA#q=bude+webcam" CHR DefaultSearchKeyword: Default -> bing.com_ CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms} CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97 CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-28] CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-28] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04] CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-28] CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-28] CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-28] CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-28] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-28] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-28] (AVAST Software) R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-17] (Dritek System INC.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-28] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-28] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-28] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-28] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-28] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-28] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-28] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-28] () S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-16] (Malwarebytes Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-17] (Dritek System Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-18 15:05 - 2014-12-18 15:05 - 00000000 ____D () C:\Users\Mark\Desktop\The Silva Method - Success and Self-Confidence 2014-12-18 09:53 - 2014-12-18 09:53 - 00000726 _____ () C:\WINDOWS\setupact.log 2014-12-18 09:53 - 2014-12-18 09:53 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-12-18 08:20 - 2014-12-18 08:20 - 00004028 _____ () C:\WINDOWS\PFRO.log 2014-12-17 18:43 - 2014-12-19 09:41 - 00253107 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-16 06:58 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-16 06:58 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-12 14:09 - 2014-12-12 14:10 - 00000000 ____D () C:\Users\Mark\Downloads\Inspiring photos 2014-12-12 06:56 - 2014-11-26 21:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-12-12 06:56 - 2014-11-26 21:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-11 19:20 - 2014-12-11 19:20 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2014-12-11 11:49 - 2014-10-30 23:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-11 11:49 - 2014-10-30 23:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-11 11:48 - 2014-10-31 23:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-11 11:48 - 2014-10-31 23:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-11 10:30 - 2014-12-03 23:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2014-12-11 10:30 - 2014-12-02 23:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-12-11 10:30 - 2014-12-02 23:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-12-11 10:29 - 2014-12-03 23:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-12-11 10:29 - 2014-12-02 23:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2014-12-11 10:29 - 2014-12-02 23:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-12-11 10:29 - 2014-12-02 23:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-12-11 10:26 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-11 10:25 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-11 10:25 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-11 10:25 - 2014-11-22 02:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-11 10:25 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-11 10:25 - 2014-11-22 02:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-11 10:25 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-11 10:25 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-11 10:25 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-11 10:25 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-11 10:25 - 2014-11-22 02:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-11 10:25 - 2014-11-22 02:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-11 10:25 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-11 10:25 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-11 10:25 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-11 10:25 - 2014-11-22 01:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-11 10:25 - 2014-11-22 01:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-11 10:25 - 2014-11-22 01:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-11 10:25 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-11 10:25 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-11 10:25 - 2014-11-22 01:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-11 10:25 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-11 10:25 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-11 10:25 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-11 10:25 - 2014-11-22 01:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-11 10:25 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-11 10:25 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-11 10:25 - 2014-11-22 01:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-11 10:25 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-11 10:25 - 2014-11-22 01:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-11 10:25 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-11 10:25 - 2014-11-22 01:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-11 10:25 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-11 10:25 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-11 10:25 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-11 10:25 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-11 10:25 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-11 10:25 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-11 10:25 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-11 10:25 - 2014-10-13 02:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-11 10:25 - 2014-10-13 02:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-11 10:25 - 2014-10-13 02:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-11 10:25 - 2014-10-13 02:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-11 08:30 - 2014-11-10 02:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-11 08:30 - 2014-11-10 01:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-11 08:30 - 2014-11-07 04:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-11 08:30 - 2014-11-07 03:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-05 15:44 - 2014-12-19 07:40 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C9A242F8-3951-43BC-968E-27E7D3383047} 2014-12-05 13:29 - 2014-12-05 13:53 - 57052868 _____ () C:\Users\Mark\Desktop\M4 - 04-Sales Copy Strategy and Tactics to Sell More of Your Product.mp4 2014-12-03 11:43 - 2014-12-19 09:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-12-03 11:43 - 2014-12-03 11:43 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-11-24 14:59 - 2014-11-24 15:07 - 00030355 _____ () C:\Users\Mark\Downloads\Mark I'Anson Property Deal Analyser V2.xlsx 2014-11-24 14:59 - 2014-11-24 15:06 - 00173947 _____ () C:\Users\Mark\Downloads\Property Sourcing 101 - Essentials Workshop Template Adverts.pptx 2014-11-22 08:40 - 2014-12-01 07:25 - 00000000 ____D () C:\Users\Mark\Documents\MARK-BUSINESS 2014-11-22 08:33 - 2014-11-22 08:37 - 00000000 ____D () C:\Users\Mark\Documents\CLIENTS 2014-11-19 15:24 - 2014-11-19 15:24 - 00000000 __SHD () C:\Users\Mark\AppData\Local\EmieBrowserModeList 2014-11-19 08:12 - 2014-11-09 23:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-11-19 08:12 - 2014-11-09 23:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-11-19 08:12 - 2014-11-09 23:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2014-11-19 08:12 - 2014-11-09 23:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 09:53 - 2014-05-16 13:09 - 00000000 ____D () C:\FRST 2014-12-19 09:46 - 2014-05-28 15:44 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Skype 2014-12-19 09:39 - 2014-06-06 15:03 - 00004950 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARK-Mark Mark 2014-12-19 09:39 - 2014-05-28 14:18 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-19 09:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-19 07:39 - 2014-07-24 06:04 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS 2014-12-19 07:37 - 2014-11-05 09:22 - 00000000 ___RD () C:\Users\Mark\OneDrive 2014-12-19 07:37 - 2014-05-28 07:30 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Wise Care 365 2014-12-19 07:36 - 2014-05-28 14:18 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-19 07:36 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-18 15:09 - 2014-09-24 16:21 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-18 10:30 - 2014-10-31 09:17 - 00005120 _____ () C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-18 09:34 - 2014-05-28 05:36 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1978372828-636451710-408125832-1001 2014-12-18 08:51 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-18 08:51 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-16 15:33 - 2013-03-02 07:42 - 00000000 ____D () C:\Users\Mark\Documents\ALEX 2014-12-16 08:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-16 07:36 - 2014-05-28 07:48 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-14 19:28 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-13 06:48 - 2014-05-31 07:59 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-11 19:20 - 2014-09-24 18:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-12-11 19:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB 2014-12-11 19:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB 2014-12-11 19:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-11 19:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2014-12-11 11:27 - 2014-05-31 08:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-12-11 11:20 - 2014-05-30 15:55 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-11 11:16 - 2014-05-30 15:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-11 11:16 - 2013-08-22 13:25 - 00008192 ___SH () C:\WINDOWS\system32\config\ELAM 2014-12-11 10:19 - 2014-05-28 07:47 - 00001126 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-11 10:19 - 2014-05-28 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-11 10:19 - 2014-05-28 07:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-11 10:05 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-11 10:05 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-10 18:28 - 2014-06-10 12:36 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-10 17:07 - 2014-04-08 18:34 - 00000000 ____D () C:\Users\Mark\Documents\Progressive Property 2014-12-09 09:32 - 2013-01-01 11:19 - 00000000 ____D () C:\Users\Mark\Documents\Marcella Swipes 2014-12-08 08:11 - 2014-05-28 15:44 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-08 08:11 - 2014-05-28 15:44 - 00000000 ____D () C:\ProgramData\Skype 2014-11-30 14:01 - 2012-12-31 14:20 - 00000000 ____D () C:\Users\Mark\AppData\Local\Packages 2014-11-22 08:43 - 2014-01-11 09:23 - 00000000 ____D () C:\Users\Mark\Documents\Camtasia Studio 2014-11-22 08:35 - 2014-10-23 15:41 - 00000000 ____D () C:\Users\Mark\Documents\Golf 2014-11-21 06:14 - 2014-05-28 07:47 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-11-21 06:14 - 2014-05-28 07:47 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-05-28 07:47 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-19 08:13 ==================== End Of Log ============================
-
My husband clicked on something and now a box keeps popping up that won't close. It say: This page at janhitmejaari.com - microsoft real time web monitor has detected Liam.x virus on the system due to unsafe browsing. When you try to close the box it won't close. What can I do?
-
Hi I ended up taking the computer to a local guy to fix it. It was the registry files missing after Skype rep told me to delete files. Anyway it's all working again. Thank you for your help as well.
-
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01 Ran by User (administrator) on USER-PC on 12-08-2014 09:40:07 Running from C:\Users\User\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Multidmedia Limited ) C:\Program Files (x86)\Vision Defense\Vision Defense.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Farbar) C:\Users\User\Downloads\FRST64(2).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor) HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-10] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1474768639-1737181589-514141678-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-05] (Google Inc.) HKU\S-1-5-21-1474768639-1737181589-514141678-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-1474768639-1737181589-514141678-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios) HKU\S-1-5-21-1474768639-1737181589-514141678-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TalkTalk Setup CD Reporting Tool.exe () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\visiondefense.lnk ShortcutTarget: visiondefense.lnk -> C:\Program Files (x86)\Vision Defense\Vision Defense.exe (Multidmedia Limited ) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {81D594C2-04A0-4259-90F4-BD7B25340AAC} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN16397273002052910&UM=1 BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default FF Homepage: www.google.co.uk FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: PageRank for Firefox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\Extensions\pagerank@any-tech.ws.xpi [2012-08-02] FF Extension: StumbleUpon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2013-04-20] FF Extension: Property Bee - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\Extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi [2012-09-15] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-02] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-24] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-24] CHR Extension: (cconatinuaeeteosavve) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfomdijgjiomlfpmgbneopffnlemlljl [2013-06-04] CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-02] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-24] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-11-19] (Adobe Systems) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-11] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U3 Anetatoaaic; No ImagePath R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-11] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-11] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-11] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-11] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-11] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-11] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-11] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-12 09:26 - 2014-08-12 09:26 - 00012119 _____ () C:\Users\User\Desktop\1.txt 2014-08-12 09:09 - 2014-08-12 09:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-12 09:08 - 2014-08-12 09:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-12 09:08 - 2014-08-12 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-12 09:08 - 2014-08-12 09:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-12 09:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-12 09:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-12 09:07 - 2014-08-12 09:07 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64(2).exe 2014-08-12 09:02 - 2014-08-12 09:02 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe 2014-08-12 07:48 - 2014-08-12 07:48 - 00000000 ____D () C:\Users\User\AppData\Local\{3C116C6C-2B0B-495B-92B6-7B5704386779} 2014-08-11 19:47 - 2014-08-11 19:48 - 00000000 ____D () C:\Users\User\AppData\Local\{8AD31469-A7B6-441D-B1B4-D9EC8BF3E402} 2014-08-11 13:20 - 2014-08-12 09:35 - 00000224 _____ () C:\Windows\setupact.log 2014-08-11 13:20 - 2014-08-11 13:20 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-11 13:11 - 2014-08-11 13:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\WiseUpdate 2014-08-11 08:37 - 2014-08-11 08:38 - 00029728 _____ () C:\Users\User\Downloads\Addition.txt 2014-08-11 08:36 - 2014-08-12 09:40 - 00021489 _____ () C:\Users\User\Downloads\FRST.txt 2014-08-11 08:36 - 2014-08-12 09:40 - 00000000 ____D () C:\FRST 2014-08-11 08:35 - 2014-08-11 08:35 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2014-08-11 08:31 - 2014-08-11 08:31 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.scr 2014-08-11 07:47 - 2014-08-11 07:47 - 00000000 ____D () C:\Users\User\AppData\Local\{978C1CCD-C7E2-4F4B-BF58-B277ED124726} 2014-08-10 18:37 - 2014-08-10 18:37 - 00000020 _____ () C:\Windows\Øø¿ 2014-08-10 17:05 - 2014-08-10 17:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-10 16:07 - 2014-08-10 16:07 - 00000000 ____D () C:\Users\User\AppData\Local\{31E75C00-6ADF-4103-987B-D3F6CAF0BAFB} 2014-08-10 13:56 - 2014-08-10 13:56 - 00000134 _____ () C:\Users\User\Desktop\Internet Explorer Troubleshooting.url 2014-08-10 11:59 - 2014-08-10 11:59 - 02077392 _____ (Microsoft Corporation) C:\Users\User\Downloads\IE11-Windows6.1.exe 2014-08-10 11:32 - 2014-08-10 11:32 - 01551008 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\skypesetup(1).exe 2014-08-10 11:32 - 2014-08-10 11:32 - 00003134 _____ () C:\Windows\System32\Tasks\{C6477BE5-03D4-4918-AC82-E44D44A370C2} 2014-08-10 11:28 - 2014-08-10 11:28 - 00000561 _____ () C:\Users\User\Downloads\css.zip 2014-08-10 08:43 - 2014-08-10 08:43 - 00000000 ____D () C:\Users\User\AppData\Local\{69B4AD83-BAA5-4E48-BBAA-8FC633574B9B} 2014-08-09 20:42 - 2014-08-09 20:42 - 00000000 ____D () C:\Users\User\AppData\Local\{2537390F-61AA-40E2-8C4A-39CDC2EB1B56} 2014-08-09 08:42 - 2014-08-09 08:42 - 00000000 ____D () C:\Users\User\AppData\Local\{C79AB55A-62EF-40BC-A041-1A22DD368CFB} 2014-08-08 20:42 - 2014-08-08 20:42 - 00000000 ____D () C:\Users\User\AppData\Local\{1E417506-EAE0-4CA0-BD76-C1AFAC6040E3} 2014-08-08 08:41 - 2014-08-08 08:41 - 00000000 ____D () C:\Users\User\AppData\Local\{E93612CA-022A-40F4-AF8C-43E5EBDABD24} 2014-08-07 20:41 - 2014-08-07 20:41 - 00000000 ____D () C:\Users\User\AppData\Local\{47394201-543C-4638-9149-D13C5A0690E5} 2014-08-07 08:41 - 2014-08-07 08:41 - 00000000 ____D () C:\Users\User\AppData\Local\{853F9A4B-2D04-4FEF-909B-018970FC030E} 2014-08-06 20:40 - 2014-08-06 20:40 - 00000000 ____D () C:\Users\User\AppData\Local\{25A5D269-238C-470B-BE16-268F3AEC5A92} 2014-08-06 10:24 - 2014-08-06 10:24 - 00115432 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-06 08:40 - 2014-08-06 08:40 - 00000000 ____D () C:\Users\User\AppData\Local\{D3B2A5F7-655C-4E9E-98BF-9AF9713374F8} 2014-08-05 20:39 - 2014-08-05 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\{55916C93-6244-452C-BA38-27F9E2105DA7} 2014-08-05 08:39 - 2014-08-05 08:39 - 00000000 ____D () C:\Users\User\AppData\Local\{FBEB232A-B783-4F89-934D-674C669DAF67} 2014-08-04 20:39 - 2014-08-04 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\{38B82AFF-38FC-4412-9062-F2E712C99898} 2014-08-04 12:14 - 2014-08-04 12:14 - 00000000 ____D () C:\Users\User\Documents\Updater 2014-08-04 08:38 - 2014-08-04 08:39 - 00000000 ____D () C:\Users\User\AppData\Local\{D6778506-5A31-4222-8824-326D294CF641} 2014-08-03 20:38 - 2014-08-03 20:38 - 00000000 ____D () C:\Users\User\AppData\Local\{F04C2325-EB2B-4D59-B677-18CA7DC3CBF4} 2014-08-03 08:38 - 2014-08-03 08:38 - 00000000 ____D () C:\Users\User\AppData\Local\{72BB4C27-948E-4448-BC43-9A7046D1A544} 2014-08-02 20:37 - 2014-08-02 20:38 - 00000000 ____D () C:\Users\User\AppData\Local\{EA983E21-1EBE-45B1-9A9F-63AAE80ABE0A} 2014-08-02 08:37 - 2014-08-02 08:37 - 00000000 ____D () C:\Users\User\AppData\Local\{0A2CA0C7-5BE3-4F30-82EE-2EA453FC6045} 2014-08-01 20:37 - 2014-08-01 20:37 - 00000000 ____D () C:\Users\User\AppData\Local\{A90A0B75-2A0B-4404-9BC9-F02F35E770B2} 2014-08-01 08:37 - 2014-08-01 08:37 - 00000000 ____D () C:\Users\User\AppData\Local\{2E281637-8D11-4CB2-8F37-8A66F3C160E9} 2014-07-31 20:36 - 2014-07-31 20:36 - 00000000 ____D () C:\Users\User\AppData\Local\{1B218C7E-00E5-4088-93DE-A6F764A7D2C2} 2014-07-31 08:36 - 2014-07-31 08:36 - 00000000 ____D () C:\Users\User\AppData\Local\{734C47F4-8B17-4D64-B18A-C8E356F01548} 2014-07-31 04:06 - 2014-05-14 17:23 - 00700384 ____N (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-07-31 04:06 - 2014-05-14 17:23 - 00044512 ____N (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-07-31 04:06 - 2014-05-14 17:23 - 00038880 ____N (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-07-30 20:35 - 2014-07-30 20:36 - 00000000 ____D () C:\Users\User\AppData\Local\{9A529490-352B-452A-82C8-8AB6DFA8F69D} 2014-07-30 08:35 - 2014-07-30 08:35 - 00000000 ____D () C:\Users\User\AppData\Local\{93C5A0CE-7077-4296-B59B-9979435ACABD} 2014-07-29 20:35 - 2014-07-29 20:35 - 00000000 ____D () C:\Users\User\AppData\Local\{14B52461-FCB3-4EB6-ABD4-EDA0380A70B2} 2014-07-29 08:34 - 2014-07-29 08:35 - 00000000 ____D () C:\Users\User\AppData\Local\{3FBEDCF5-0102-4282-B79A-6AA48391F89A} 2014-07-28 20:34 - 2014-07-28 20:34 - 00000000 ____D () C:\Users\User\AppData\Local\{35CE915D-9DD2-413E-8A27-B09F007ABC73} 2014-07-28 08:34 - 2014-07-28 08:34 - 00000000 ____D () C:\Users\User\AppData\Local\{0CC3042D-BFC8-4BA1-8B56-E12507D5639F} 2014-07-27 20:33 - 2014-07-27 20:34 - 00000000 ____D () C:\Users\User\AppData\Local\{C2A665F8-6D6F-48E0-BE73-D31B67D1BC5E} 2014-07-27 08:33 - 2014-07-27 08:33 - 00000000 ____D () C:\Users\User\AppData\Local\{AFB813BB-337E-4781-A97D-F3D079C71202} 2014-07-26 20:33 - 2014-07-26 20:33 - 00000000 ____D () C:\Users\User\AppData\Local\{E6555A06-E4F7-473E-A142-499EE3FC1002} 2014-07-26 08:32 - 2014-07-26 08:33 - 00000000 ____D () C:\Users\User\AppData\Local\{95EFCA16-0880-4D8D-A8D6-E4A1D6783366} 2014-07-25 20:26 - 2014-07-25 20:26 - 00000000 ____D () C:\Users\User\AppData\Local\{89A1B035-E81A-4BF8-A90C-1240D9D15D2A} 2014-07-25 08:26 - 2014-07-25 08:26 - 00000000 ____D () C:\Users\User\AppData\Local\{696B8B77-022A-4166-92D8-28247415019A} 2014-07-24 20:25 - 2014-07-24 20:25 - 00000000 ____D () C:\Users\User\AppData\Local\{C6A19A19-8FDA-423D-8865-B6F668E68B90} 2014-07-24 08:25 - 2014-07-24 08:25 - 00000000 ____D () C:\Users\User\AppData\Local\{F88E373A-997E-44EA-96A5-A4B43B9F1134} 2014-07-23 20:24 - 2014-07-23 20:25 - 00000000 ____D () C:\Users\User\AppData\Local\{4F89C185-D7AF-41A4-975A-8AB4620572BB} 2014-07-23 12:38 - 2014-07-23 12:42 - 299567486 _____ () C:\Users\User\Downloads\Audio.zip 2014-07-23 11:09 - 2014-07-23 11:09 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-23 11:09 - 2014-07-23 11:09 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-07-23 08:24 - 2014-07-23 08:24 - 00000000 ____D () C:\Users\User\AppData\Local\{B93F3412-8F01-4D81-8D67-999CF1F971C8} 2014-07-22 20:24 - 2014-07-22 20:24 - 00000000 ____D () C:\Users\User\AppData\Local\{95E7AD8E-0C70-401A-B805-38DC2605FD71} 2014-07-22 08:23 - 2014-07-22 08:24 - 00000000 ____D () C:\Users\User\AppData\Local\{99C6B4F6-3F05-4F2C-8136-0BCF0B57F592} 2014-07-21 20:23 - 2014-07-21 20:23 - 00000000 ____D () C:\Users\User\AppData\Local\{311C97D2-32B7-4014-8CE8-473747FA57F1} 2014-07-21 16:38 - 2014-07-21 16:38 - 12231958 _____ () C:\Users\User\Downloads\DP Mar 2014 - updated by Andrew.pptx 2014-07-21 08:23 - 2014-07-21 08:23 - 00000000 ____D () C:\Users\User\AppData\Local\{5B4CC727-AEE9-48E4-AC78-9E4C47A09DB1} 2014-07-20 20:22 - 2014-07-20 20:23 - 00000000 ____D () C:\Users\User\AppData\Local\{E8CAB33C-9991-40E4-A0B7-4FA32D003C44} 2014-07-20 08:22 - 2014-07-20 08:22 - 00000000 ____D () C:\Users\User\AppData\Local\{C1B5BFB2-BEEE-478F-8918-47929037721A} 2014-07-19 20:22 - 2014-07-19 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\{96DB0404-B93A-40DC-B472-9FAD9AD4214B} 2014-07-19 08:22 - 2014-07-19 08:22 - 00000000 ____D () C:\Users\User\AppData\Local\{BB118FAD-5807-4700-BCA1-4C95BB253F3A} 2014-07-18 20:21 - 2014-07-18 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\{F7F41CA6-DDA6-43F4-9C7C-510DF864A93D} 2014-07-18 08:20 - 2014-07-18 08:20 - 00000000 ____D () C:\Users\User\AppData\Local\{EA71133B-A32D-4535-B414-62B439AFD652} 2014-07-17 20:20 - 2014-07-17 20:20 - 00000000 ____D () C:\Users\User\AppData\Local\{ED34583A-9302-44F0-AC23-6E07CD8ED050} 2014-07-17 08:19 - 2014-07-17 08:19 - 00000000 ____D () C:\Users\User\AppData\Local\{2F33F488-E1FB-4E99-8046-716344C897D0} 2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\User\AppData\Local\{AC6611B0-134F-4161-BCC3-8119988AE8D4} 2014-07-16 08:18 - 2014-07-16 08:19 - 00000000 ____D () C:\Users\User\AppData\Local\{CCC090DF-01DD-4753-819F-F14022909E94} 2014-07-15 20:18 - 2014-07-15 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\{96DD099B-9457-45DF-9DDF-D48AA7A6A85B} 2014-07-15 08:18 - 2014-07-15 08:18 - 00000000 ____D () C:\Users\User\AppData\Local\{A9882D1A-B19B-497F-86D1-9B3641B0E8DA} 2014-07-14 20:17 - 2014-07-14 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\{BF74A961-3ADC-45BA-8F80-70A01D6BC2F6} 2014-07-14 08:17 - 2014-07-14 08:17 - 00000000 ____D () C:\Users\User\AppData\Local\{6647C923-A635-4F67-B663-9F5224A460A2} 2014-07-13 20:17 - 2014-07-13 20:17 - 00000000 ____D () C:\Users\User\AppData\Local\{0D66674A-5B6F-418B-A0D4-984AE3270635} 2014-07-13 08:17 - 2014-07-13 08:17 - 00000000 ____D () C:\Users\User\AppData\Local\{EAEEF6BD-B079-4063-8712-94CF3950CDF7} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-12 09:40 - 2014-08-11 08:36 - 00021489 _____ () C:\Users\User\Downloads\FRST.txt 2014-08-12 09:40 - 2014-08-11 08:36 - 00000000 ____D () C:\FRST 2014-08-12 09:36 - 2012-07-06 08:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2014-08-12 09:35 - 2014-08-12 09:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-12 09:35 - 2014-08-11 13:20 - 00000224 _____ () C:\Windows\setupact.log 2014-08-12 09:35 - 2014-06-21 17:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-12 09:35 - 2014-05-28 08:26 - 00000420 _____ () C:\Windows\Tasks\Wise Care 365.job 2014-08-12 09:35 - 2014-05-28 08:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Wise Care 365 2014-08-12 09:35 - 2013-06-12 09:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-08-12 09:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-12 09:34 - 2014-07-12 07:30 - 00596848 _____ () C:\Windows\WindowsUpdate.log 2014-08-12 09:26 - 2014-08-12 09:26 - 00012119 _____ () C:\Users\User\Desktop\1.txt 2014-08-12 09:15 - 2012-07-05 18:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-12 09:08 - 2014-08-12 09:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-12 09:08 - 2014-08-12 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-12 09:08 - 2014-08-12 09:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-12 09:08 - 2013-01-01 15:33 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-12 09:08 - 2012-08-04 17:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes 2014-08-12 09:08 - 2012-08-04 17:12 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-12 09:07 - 2014-08-12 09:07 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64(2).exe 2014-08-12 09:02 - 2014-08-12 09:02 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe 2014-08-12 08:46 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-12 08:42 - 2012-08-04 12:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-12 07:48 - 2014-08-12 07:48 - 00000000 ____D () C:\Users\User\AppData\Local\{3C116C6C-2B0B-495B-92B6-7B5704386779} 2014-08-12 07:22 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-12 07:22 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-11 19:48 - 2014-08-11 19:47 - 00000000 ____D () C:\Users\User\AppData\Local\{8AD31469-A7B6-441D-B1B4-D9EC8BF3E402} 2014-08-11 19:46 - 2012-07-06 10:12 - 00000000 ____D () C:\Users\User\Documents\PASSWORDS 2014-08-11 13:48 - 2014-06-23 12:47 - 00000000 ____D () C:\Users\User\Desktop\Rob Moore 2014-08-11 13:20 - 2014-08-11 13:20 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-11 13:18 - 2012-07-05 07:20 - 00000000 ____D () C:\Windows\Panther 2014-08-11 13:12 - 2014-08-11 13:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\WiseUpdate 2014-08-11 08:56 - 2014-01-22 16:06 - 00000000 ____D () C:\Users\User\Documents\Averil 2014-08-11 08:38 - 2014-08-11 08:37 - 00029728 _____ () C:\Users\User\Downloads\Addition.txt 2014-08-11 08:35 - 2014-08-11 08:35 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2014-08-11 08:31 - 2014-08-11 08:31 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.scr 2014-08-11 07:47 - 2014-08-11 07:47 - 00000000 ____D () C:\Users\User\AppData\Local\{978C1CCD-C7E2-4F4B-BF58-B277ED124726} 2014-08-11 07:10 - 2012-07-06 10:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-10 18:37 - 2014-08-10 18:37 - 00000020 _____ () C:\Windows\Øø¿ 2014-08-10 18:37 - 2012-07-05 16:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-08-10 18:37 - 2012-07-05 16:20 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2014-08-10 18:37 - 2012-07-05 16:18 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2014-08-10 18:37 - 2012-07-05 16:16 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-08-10 18:37 - 2012-07-05 16:15 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2014-08-10 17:56 - 2012-07-06 08:42 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-10 17:56 - 2012-07-06 08:42 - 00000000 ____D () C:\ProgramData\Skype 2014-08-10 17:05 - 2014-08-10 17:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-10 16:07 - 2014-08-10 16:07 - 00000000 ____D () C:\Users\User\AppData\Local\{31E75C00-6ADF-4103-987B-D3F6CAF0BAFB} 2014-08-10 16:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-08-10 16:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-10 15:59 - 2014-04-26 05:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-10 15:59 - 2012-07-13 10:36 - 00000000 ____D () C:\ProgramData\pdf995 2014-08-10 15:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-08-10 15:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-08-10 13:56 - 2014-08-10 13:56 - 00000134 _____ () C:\Users\User\Desktop\Internet Explorer Troubleshooting.url 2014-08-10 11:59 - 2014-08-10 11:59 - 02077392 _____ (Microsoft Corporation) C:\Users\User\Downloads\IE11-Windows6.1.exe 2014-08-10 11:32 - 2014-08-10 11:32 - 01551008 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\skypesetup(1).exe 2014-08-10 11:32 - 2014-08-10 11:32 - 00003134 _____ () C:\Windows\System32\Tasks\{C6477BE5-03D4-4918-AC82-E44D44A370C2} 2014-08-10 11:28 - 2014-08-10 11:28 - 00000561 _____ () C:\Users\User\Downloads\css.zip 2014-08-10 08:43 - 2014-08-10 08:43 - 00000000 ____D () C:\Users\User\AppData\Local\{69B4AD83-BAA5-4E48-BBAA-8FC633574B9B} 2014-08-09 20:42 - 2014-08-09 20:42 - 00000000 ____D () C:\Users\User\AppData\Local\{2537390F-61AA-40E2-8C4A-39CDC2EB1B56} 2014-08-09 08:42 - 2014-08-09 08:42 - 00000000 ____D () C:\Users\User\AppData\Local\{C79AB55A-62EF-40BC-A041-1A22DD368CFB} 2014-08-08 20:42 - 2014-08-08 20:42 - 00000000 ____D () C:\Users\User\AppData\Local\{1E417506-EAE0-4CA0-BD76-C1AFAC6040E3} 2014-08-08 08:41 - 2014-08-08 08:41 - 00000000 ____D () C:\Users\User\AppData\Local\{E93612CA-022A-40F4-AF8C-43E5EBDABD24} 2014-08-07 20:41 - 2014-08-07 20:41 - 00000000 ____D () C:\Users\User\AppData\Local\{47394201-543C-4638-9149-D13C5A0690E5} 2014-08-07 08:41 - 2014-08-07 08:41 - 00000000 ____D () C:\Users\User\AppData\Local\{853F9A4B-2D04-4FEF-909B-018970FC030E} 2014-08-06 20:40 - 2014-08-06 20:40 - 00000000 ____D () C:\Users\User\AppData\Local\{25A5D269-238C-470B-BE16-268F3AEC5A92} 2014-08-06 10:24 - 2014-08-06 10:24 - 00115432 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-06 08:40 - 2014-08-06 08:40 - 00000000 ____D () C:\Users\User\AppData\Local\{D3B2A5F7-655C-4E9E-98BF-9AF9713374F8} 2014-08-05 20:39 - 2014-08-05 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\{55916C93-6244-452C-BA38-27F9E2105DA7} 2014-08-05 08:39 - 2014-08-05 08:39 - 00000000 ____D () C:\Users\User\AppData\Local\{FBEB232A-B783-4F89-934D-674C669DAF67} 2014-08-04 20:39 - 2014-08-04 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\{38B82AFF-38FC-4412-9062-F2E712C99898} 2014-08-04 12:14 - 2014-08-04 12:14 - 00000000 ____D () C:\Users\User\Documents\Updater 2014-08-04 08:39 - 2014-08-04 08:38 - 00000000 ____D () C:\Users\User\AppData\Local\{D6778506-5A31-4222-8824-326D294CF641} 2014-08-03 20:38 - 2014-08-03 20:38 - 00000000 ____D () C:\Users\User\AppData\Local\{F04C2325-EB2B-4D59-B677-18CA7DC3CBF4} 2014-08-03 08:38 - 2014-08-03 08:38 - 00000000 ____D () C:\Users\User\AppData\Local\{72BB4C27-948E-4448-BC43-9A7046D1A544} 2014-08-02 20:38 - 2014-08-02 20:37 - 00000000 ____D () C:\Users\User\AppData\Local\{EA983E21-1EBE-45B1-9A9F-63AAE80ABE0A} 2014-08-02 08:37 - 2014-08-02 08:37 - 00000000 ____D () C:\Users\User\AppData\Local\{0A2CA0C7-5BE3-4F30-82EE-2EA453FC6045} 2014-08-01 20:37 - 2014-08-01 20:37 - 00000000 ____D () C:\Users\User\AppData\Local\{A90A0B75-2A0B-4404-9BC9-F02F35E770B2} 2014-08-01 08:37 - 2014-08-01 08:37 - 00000000 ____D () C:\Users\User\AppData\Local\{2E281637-8D11-4CB2-8F37-8A66F3C160E9} 2014-07-31 20:36 - 2014-07-31 20:36 - 00000000 ____D () C:\Users\User\AppData\Local\{1B218C7E-00E5-4088-93DE-A6F764A7D2C2} 2014-07-31 16:38 - 2012-09-26 14:05 - 00000000 ____D () C:\Users\User\Documents\Beep 2014-07-31 08:36 - 2014-07-31 08:36 - 00000000 ____D () C:\Users\User\AppData\Local\{734C47F4-8B17-4D64-B18A-C8E356F01548} 2014-07-30 20:36 - 2014-07-30 20:35 - 00000000 ____D () C:\Users\User\AppData\Local\{9A529490-352B-452A-82C8-8AB6DFA8F69D} 2014-07-30 08:35 - 2014-07-30 08:35 - 00000000 ____D () C:\Users\User\AppData\Local\{93C5A0CE-7077-4296-B59B-9979435ACABD} 2014-07-30 08:00 - 2014-05-28 08:26 - 00000400 _____ () C:\Windows\Tasks\Wise Turbo Checker.job 2014-07-29 20:35 - 2014-07-29 20:35 - 00000000 ____D () C:\Users\User\AppData\Local\{14B52461-FCB3-4EB6-ABD4-EDA0380A70B2} 2014-07-29 08:35 - 2014-07-29 08:34 - 00000000 ____D () C:\Users\User\AppData\Local\{3FBEDCF5-0102-4282-B79A-6AA48391F89A} 2014-07-28 20:34 - 2014-07-28 20:34 - 00000000 ____D () C:\Users\User\AppData\Local\{35CE915D-9DD2-413E-8A27-B09F007ABC73} 2014-07-28 08:34 - 2014-07-28 08:34 - 00000000 ____D () C:\Users\User\AppData\Local\{0CC3042D-BFC8-4BA1-8B56-E12507D5639F} 2014-07-27 20:34 - 2014-07-27 20:33 - 00000000 ____D () C:\Users\User\AppData\Local\{C2A665F8-6D6F-48E0-BE73-D31B67D1BC5E} 2014-07-27 08:33 - 2014-07-27 08:33 - 00000000 ____D () C:\Users\User\AppData\Local\{AFB813BB-337E-4781-A97D-F3D079C71202} 2014-07-26 20:33 - 2014-07-26 20:33 - 00000000 ____D () C:\Users\User\AppData\Local\{E6555A06-E4F7-473E-A142-499EE3FC1002} 2014-07-26 08:33 - 2014-07-26 08:32 - 00000000 ____D () C:\Users\User\AppData\Local\{95EFCA16-0880-4D8D-A8D6-E4A1D6783366} 2014-07-25 20:26 - 2014-07-25 20:26 - 00000000 ____D () C:\Users\User\AppData\Local\{89A1B035-E81A-4BF8-A90C-1240D9D15D2A} 2014-07-25 08:26 - 2014-07-25 08:26 - 00000000 ____D () C:\Users\User\AppData\Local\{696B8B77-022A-4166-92D8-28247415019A} 2014-07-25 06:26 - 2013-03-14 21:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-25 06:26 - 2013-03-14 21:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-24 21:15 - 2013-03-14 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-24 20:25 - 2014-07-24 20:25 - 00000000 ____D () C:\Users\User\AppData\Local\{C6A19A19-8FDA-423D-8865-B6F668E68B90} 2014-07-24 08:25 - 2014-07-24 08:25 - 00000000 ____D () C:\Users\User\AppData\Local\{F88E373A-997E-44EA-96A5-A4B43B9F1134} 2014-07-23 20:25 - 2014-07-23 20:24 - 00000000 ____D () C:\Users\User\AppData\Local\{4F89C185-D7AF-41A4-975A-8AB4620572BB} 2014-07-23 12:42 - 2014-07-23 12:38 - 299567486 _____ () C:\Users\User\Downloads\Audio.zip 2014-07-23 11:09 - 2014-07-23 11:09 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-23 11:09 - 2014-07-23 11:09 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-07-23 11:09 - 2013-06-17 14:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-23 11:09 - 2013-06-17 14:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-23 11:09 - 2012-10-16 18:37 - 00000000 ____D () C:\Program Files\Java 2014-07-23 08:24 - 2014-07-23 08:24 - 00000000 ____D () C:\Users\User\AppData\Local\{B93F3412-8F01-4D81-8D67-999CF1F971C8} 2014-07-22 20:24 - 2014-07-22 20:24 - 00000000 ____D () C:\Users\User\AppData\Local\{95E7AD8E-0C70-401A-B805-38DC2605FD71} 2014-07-22 08:24 - 2014-07-22 08:23 - 00000000 ____D () C:\Users\User\AppData\Local\{99C6B4F6-3F05-4F2C-8136-0BCF0B57F592} 2014-07-21 20:23 - 2014-07-21 20:23 - 00000000 ____D () C:\Users\User\AppData\Local\{311C97D2-32B7-4014-8CE8-473747FA57F1} 2014-07-21 16:38 - 2014-07-21 16:38 - 12231958 _____ () C:\Users\User\Downloads\DP Mar 2014 - updated by Andrew.pptx 2014-07-21 08:23 - 2014-07-21 08:23 - 00000000 ____D () C:\Users\User\AppData\Local\{5B4CC727-AEE9-48E4-AC78-9E4C47A09DB1} 2014-07-20 20:23 - 2014-07-20 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\{E8CAB33C-9991-40E4-A0B7-4FA32D003C44} 2014-07-20 08:22 - 2014-07-20 08:22 - 00000000 ____D () C:\Users\User\AppData\Local\{C1B5BFB2-BEEE-478F-8918-47929037721A} 2014-07-19 20:22 - 2014-07-19 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\{96DB0404-B93A-40DC-B472-9FAD9AD4214B} 2014-07-19 08:22 - 2014-07-19 08:22 - 00000000 ____D () C:\Users\User\AppData\Local\{BB118FAD-5807-4700-BCA1-4C95BB253F3A} 2014-07-18 20:22 - 2014-07-18 20:21 - 00000000 ____D () C:\Users\User\AppData\Local\{F7F41CA6-DDA6-43F4-9C7C-510DF864A93D} 2014-07-18 13:46 - 2012-07-06 10:03 - 00000000 ____D () C:\Users\User\Documents\Copywriting Jobs Done 2014-07-18 11:18 - 2013-09-30 09:28 - 00000000 ____D () C:\Users\User\Documents\Clickbank-Articles 2014-07-18 10:04 - 2012-07-06 09:59 - 00000000 ____D () C:\Users\User\Documents\My Webs 2014-07-18 10:02 - 2014-06-24 13:22 - 00000000 ____D () C:\Users\User\Documents\Property 2014-07-18 10:00 - 2014-01-08 13:28 - 00000000 ____D () C:\Users\User\Documents\AFFILIATE-CPA 2014-07-18 08:20 - 2014-07-18 08:20 - 00000000 ____D () C:\Users\User\AppData\Local\{EA71133B-A32D-4535-B414-62B439AFD652} 2014-07-18 06:38 - 2012-07-06 10:13 - 00000000 ____D () C:\Users\User\Documents\address 2014-07-17 20:20 - 2014-07-17 20:20 - 00000000 ____D () C:\Users\User\AppData\Local\{ED34583A-9302-44F0-AC23-6E07CD8ED050} 2014-07-17 08:19 - 2014-07-17 08:19 - 00000000 ____D () C:\Users\User\AppData\Local\{2F33F488-E1FB-4E99-8046-716344C897D0} 2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\User\AppData\Local\{AC6611B0-134F-4161-BCC3-8119988AE8D4} 2014-07-16 08:19 - 2014-07-16 08:18 - 00000000 ____D () C:\Users\User\AppData\Local\{CCC090DF-01DD-4753-819F-F14022909E94} 2014-07-15 20:18 - 2014-07-15 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\{96DD099B-9457-45DF-9DDF-D48AA7A6A85B} 2014-07-15 08:18 - 2014-07-15 08:18 - 00000000 ____D () C:\Users\User\AppData\Local\{A9882D1A-B19B-497F-86D1-9B3641B0E8DA} 2014-07-14 20:18 - 2014-07-14 20:17 - 00000000 ____D () C:\Users\User\AppData\Local\{BF74A961-3ADC-45BA-8F80-70A01D6BC2F6} 2014-07-14 08:17 - 2014-07-14 08:17 - 00000000 ____D () C:\Users\User\AppData\Local\{6647C923-A635-4F67-B663-9F5224A460A2} 2014-07-13 20:17 - 2014-07-13 20:17 - 00000000 ____D () C:\Users\User\AppData\Local\{0D66674A-5B6F-418B-A0D4-984AE3270635} 2014-07-13 08:17 - 2014-07-13 08:17 - 00000000 ____D () C:\Users\User\AppData\Local\{EAEEF6BD-B079-4063-8712-94CF3950CDF7} ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 07:20 ==================== End Of Log ========================== I did not get theAddition.txt file
-
My problem is this: my daughter logged me out of skype and then when we tried to login we couldn't. So I uninstalled skype and tried to remove IE (Mircosoft help told me to do that). It didn't work so I did a system restore, Skype then worked but when I open the computer I get: The Ordinal 791 could not be located in the dynamic link library iertutil.dll - I also get this message in my Windows Live Mail, I can't see the email messages, it only shows me that they have come in but nothing else, I can't email either. I was told to post in here because it seems I have viruses. I just scanned my system with Malware and found I had 54 objects. I quarantined these. The log is below. But I still have the problem - what do I do now Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/08/2014 Scan Time: 09:09:21 Logfile: 1.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.12.03 Rootkit Database: v2014.08.04.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: User Scan Type: Threat Scan Result: Completed Objects Scanned: 294897 Time Elapsed: 16 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\toolbarImages, Quarantined, [7c37586d007ba88e276c38838a788f71], Files: 52 PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.129813684258939747.search.history, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.129813684258939747.search.selectedEngineId, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.129813684258939747.search.settings, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.AlertService, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.AlertsInfoData, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.appOptions, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.cookiesRepo, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.NotificationSettings, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.NOTIFICATION_ID.alert_login_service, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.NOTIFICATION_ID.notifications-repository, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.NOTIFICATION_ID.notifications-servicemap, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.NOTIFICATION_ID.notifications-service_1647765, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_translation, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_appsMetadata, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_appTrackingFirstTime, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_gottenAppsContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_login, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_otherAppsContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_searchAPI, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_serviceMap, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_toolbarContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_toolbarSettings, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_translation, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_appsMetadata, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_appTrackingFirstTime, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_gottenAppsContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_login, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_otherAppsContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_searchAPI, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_serviceMap, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_toolbarContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_toolbarSettings, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.NOTIFICATION_ID.notifications_serviceMap, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_toolbarSettings, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_translation, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\toolbar_initializing_logger.txt, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\uninstallData, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\uninstallUrl, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.searchProtectorData, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.skin, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_appsMetadata, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_appTrackingFirstTime, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_gottenAppsContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_login, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_otherAppsContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_searchAPI, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_serviceMap, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_toolbarContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\toolbarImages\http___storage_conduit_com_53_307_CT3072253_Images_634520779497696087.png, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif, Quarantined, [7c37586d007ba88e276c38838a788f71], PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\toolbarImages\storage.conduit.com, Quarantined, [7c37586d007ba88e276c38838a788f71], Physical Sectors: 0 (No malicious items detected) (end)
-
Done that and have added it all. What do I do now?
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01 Ran by User at 2014-08-11 08:37:32 Running from C:\Users\User\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Artisteer 2 (HKLM-x32\...\Artisteer 2) (Version: 2.4 - Extensoft) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) Camtasia Studio 7 (HKLM-x32\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform) CoffeeCup Free FTP (HKLM-x32\...\{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}) (Version: 4.5.12 - CoffeeCup Software Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) Evernote v. 4.5.7 (HKLM-x32\...\{0BE73D3C-B5AF-11E1-933A-984BE15F174E}) (Version: 4.5.7.7146 - Evernote Corp.) FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse) FreshKey (HKLM-x32\...\FreshKey) (Version: 1.0.0 - Infomastery, LLC) FreshKey (x32 Version: 1.0.0 - Infomastery, LLC) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden GoToMeeting 5.8.0.1189 (HKCU\...\GoToMeeting) (Version: 5.8.0.1189 - CitrixOnline) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle) Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden Java 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Keyword Optimizer Pro 2 (HKLM-x32\...\Keyword Optimizer Pro 22.0.1.6) (Version: 2.0.1.6 - InnAnTech Industries Inc.) <==== ATTENTION Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia) Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.88.77 - Alliance Software Pty Ltd) Market Samurai (x32 Version: 0.88.77 - Alliance Software Pty Ltd) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Camera Codec Pack (HKLM\...\{601B8608-C901-428C-8125-53585CA54124}) (Version: 16.3.1483.0410 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Publisher 2002 (HKLM-x32\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Pdf995 (HKLM-x32\...\Pdf995) (Version: - ) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.52 - NCH Software) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Vision Defense (HKLM-x32\...\{FEAB15DC-2074-4CB0-B624-1229404A578F}_is1) (Version: - Vision Defense) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Windows Driver Package - Hewlett-Packard Image (12/28/2006 8.0.0.0) (HKLM\...\4C806F98217A7FD4E853F458FF399F052625F21C) (Version: 12/28/2006 8.0.0.0 - Hewlett-Packard) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.9.2014.0 - BillP Studios) Wise Care 365 2.99 (HKLM-x32\...\Wise Care 365_is1) (Version: 2.99 - WiseCleaner.com, Inc.) Wise Registry Cleaner 8.03 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1474768639-1737181589-514141678-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1474768639-1737181589-514141678-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1189\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1474768639-1737181589-514141678-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1474768639-1737181589-514141678-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1474768639-1737181589-514141678-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1474768639-1737181589-514141678-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 30-07-2014 05:58:17 Windows Update 31-07-2014 03:06:10 Windows Update 05-08-2014 05:59:06 Windows Update 09-08-2014 04:38:13 Windows Update 10-08-2014 10:22:34 Removed Skype Click to Call 10-08-2014 10:23:13 Removed Skype™ 6.18 10-08-2014 10:31:27 Removed Skype™ 6.18 10-08-2014 11:40:10 Windows Modules Installer 10-08-2014 12:55:39 Windows Modules Installer 10-08-2014 14:12:50 Removed Skype™ 6.18 10-08-2014 14:18:37 Restore Operation 10-08-2014 15:02:23 avast! antivirus system restore point 10-08-2014 15:07:48 Windows Update 10-08-2014 17:34:47 Installed DirectX 10-08-2014 17:35:11 Installed DirectX ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B50BF15-5A4D-474D-9E57-A878CFB94401} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1474768639-1737181589-514141678-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {1A953EDF-E440-4236-BB43-46A50698C4CE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-11] (AVAST Software) Task: {332D8213-1C2F-479B-92D8-7257B3EBC97C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1474768639-1737181589-514141678-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {63035793-F026-46A8-A90C-4CE7D65450A0} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-01-21] (WiseCleaner.COM) Task: {73ECCE27-9ED1-4BA6-B435-A073AF394324} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05] (Google Inc.) Task: {9822EF93-F660-477F-91B9-BE9B16EB71E7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1474768639-1737181589-514141678-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {9E088F55-7448-42E5-B30F-8FDD57E07E37} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-12-09] (WiseCleaner.com) Task: {A452B784-3A79-4275-A3FF-91A765228AA0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {A4CBE281-6020-4A8B-A1A6-AA4CD8967A48} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1474768639-1737181589-514141678-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {A73AD801-80D2-4BAE-9658-AF008873BABF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {A80B31F4-EE09-4D35-B599-CF1610B9FE7D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1474768639-1737181589-514141678-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {CE5F267F-1333-4336-8907-E99F09ABD968} - System32\Tasks\RealCreateProcessScheduledTask8035393S-1-5-21-1474768639-1737181589-514141678-1000 => c:\program files (x86)\real\realplayer\realplay.exe Task: {CECA2DA4-D5C5-493E-A984-33F205D69C05} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F369923E-4EFD-458B-A6CE-B958A54154B7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05] (Google Inc.) Task: {F6ACBA8B-7F23-47B9-AF51-E682D6509A34} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1474768639-1737181589-514141678-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {FB2AEF0F-E083-4741-A5E7-DABF73297F74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe ==================== Loaded Modules (whitelisted) ============= 2012-07-13 10:36 - 2012-04-26 15:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll 2012-07-18 10:25 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-07-11 14:02 - 2014-07-11 14:02 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-08-10 19:12 - 2014-08-10 19:12 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081001\algo.dll 2014-08-11 08:35 - 2014-08-11 08:35 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081100\algo.dll 2014-05-28 09:03 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll 2014-07-11 14:02 - 2014-07-11 14:02 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-08-10 17:05 - 2014-08-10 17:05 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-07-09 13:42 - 2014-07-09 13:42 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/11/2014 07:11:09 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/10/2014 07:08:12 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler IEHistory cannot be loaded. Error description: (HRESULT : 0x800700b6). Error: (08/10/2014 07:03:58 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler IEHistory cannot be loaded. Error description: (HRESULT : 0x800700b6). Error: (08/10/2014 05:56:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/10/2014 04:34:46 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler IEHistory cannot be loaded. Error description: (HRESULT : 0x800700b6). Error: (08/10/2014 04:12:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SoftwareUpdate.exe, version: 2.1.3.127, time stamp: 0x4de6dd5a Faulting module name: SoftwareUpdate.exe, version: 2.1.3.127, time stamp: 0x4de6dd5a Exception code: 0xc0000005 Fault offset: 0x000052e6 Faulting process id: 0x119c Faulting application start time: 0xSoftwareUpdate.exe0 Faulting application path: SoftwareUpdate.exe1 Faulting module path: SoftwareUpdate.exe2 Report Id: SoftwareUpdate.exe3 Error: (08/10/2014 04:06:49 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler IEHistory cannot be loaded. Error description: (HRESULT : 0x800700b6). Error: (08/10/2014 04:03:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/10/2014 04:02:34 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler IEHistory cannot be loaded. Error description: (HRESULT : 0x800700b6). Error: (08/10/2014 04:02:26 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000022. System errors: ============= Error: (08/10/2014 01:47:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Modules Installer service terminated with the following error: %%6719 Error: (08/10/2014 01:47:01 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control. Error: (08/06/2014 07:17:48 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (07/25/2014 09:09:02 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (07/25/2014 09:08:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/25/2014 09:08:32 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (07/21/2014 09:53:36 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (07/18/2014 08:59:14 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (07/09/2014 09:51:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2971850). Error: (07/09/2014 09:51:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 4061.12 MB Available physical RAM: 2106.41 MB Total Pagefile: 8120.41 MB Available Pagefile: 5992.39 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:784.86 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 758E44BF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End Of Log ============================
-
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01 Ran by User (administrator) on USER-PC on 11-08-2014 08:36:36 Running from C:\Users\User\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor) HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-10] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1474768639-1737181589-514141678-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-05] (Google Inc.) HKU\S-1-5-21-1474768639-1737181589-514141678-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-1474768639-1737181589-514141678-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios) HKU\S-1-5-21-1474768639-1737181589-514141678-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TalkTalk Setup CD Reporting Tool.exe () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\visiondefense.lnk ShortcutTarget: visiondefense.lnk -> C:\Program Files (x86)\Vision Defense\Vision Defense.exe (Multidmedia Limited ) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {81D594C2-04A0-4259-90F4-BD7B25340AAC} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN16397273002052910&UM=1 BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default FF Homepage: www.google.co.uk FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: PageRank for Firefox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\Extensions\pagerank@any-tech.ws.xpi [2012-08-02] FF Extension: StumbleUpon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2013-04-20] FF Extension: Property Bee - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\Extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi [2012-09-15] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-02] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-24] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-24] CHR Extension: (cconatinuaeeteosavve) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfomdijgjiomlfpmgbneopffnlemlljl [2013-06-04] CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-02] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-24] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-11] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-11-19] (Adobe Systems) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-11] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U3 Anetatoaaic; No ImagePath R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-11] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-11] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-11] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-11] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-11] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-11] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-11] () R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-11 08:36 - 2014-08-11 08:37 - 00020730 _____ () C:\Users\User\Downloads\FRST.txt 2014-08-11 08:36 - 2014-08-11 08:36 - 00000000 ____D () C:\FRST 2014-08-11 08:35 - 2014-08-11 08:35 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2014-08-11 08:32 - 2014-08-11 08:32 - 00025141 _____ () C:\Users\User\Desktop\dds.txt 2014-08-11 08:32 - 2014-08-11 08:32 - 00008575 _____ () C:\Users\User\Desktop\attach.txt 2014-08-11 08:31 - 2014-08-11 08:31 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.scr 2014-08-11 07:47 - 2014-08-11 07:47 - 00000000 ____D () C:\Users\User\AppData\Local\{978C1CCD-C7E2-4F4B-BF58-B277ED124726} 2014-08-10 18:37 - 2014-08-10 18:37 - 00000020 _____ () C:\Windows\Øø¿ 2014-08-10 18:35 - 2014-08-10 18:35 - 00000359 _____ () C:\Windows\DirectX.log 2014-08-10 17:05 - 2014-08-10 17:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-10 16:07 - 2014-08-10 16:07 - 00000000 ____D () C:\Users\User\AppData\Local\{31E75C00-6ADF-4103-987B-D3F6CAF0BAFB} 2014-08-10 16:04 - 2014-08-10 16:04 - 00001926 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-10 13:56 - 2014-08-10 13:56 - 00000134 _____ () C:\Users\User\Desktop\Internet Explorer Troubleshooting.url 2014-08-10 11:59 - 2014-08-10 11:59 - 02077392 _____ (Microsoft Corporation) C:\Users\User\Downloads\IE11-Windows6.1.exe 2014-08-10 11:32 - 2014-08-10 11:32 - 01551008 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\skypesetup(1).exe 2014-08-10 11:32 - 2014-08-10 11:32 - 00003134 _____ () C:\Windows\System32\Tasks\{C6477BE5-03D4-4918-AC82-E44D44A370C2} 2014-08-10 11:28 - 2014-08-10 11:28 - 00000561 _____ () C:\Users\User\Downloads\css.zip 2014-08-10 08:43 - 2014-08-10 08:43 - 00000000 ____D () C:\Users\User\AppData\Local\{69B4AD83-BAA5-4E48-BBAA-8FC633574B9B} 2014-08-09 20:42 - 2014-08-09 20:42 - 00000000 ____D () C:\Users\User\AppData\Local\{2537390F-61AA-40E2-8C4A-39CDC2EB1B56} 2014-08-09 08:42 - 2014-08-09 08:42 - 00000000 ____D () C:\Users\User\AppData\Local\{C79AB55A-62EF-40BC-A041-1A22DD368CFB} 2014-08-08 20:42 - 2014-08-08 20:42 - 00000000 ____D () C:\Users\User\AppData\Local\{1E417506-EAE0-4CA0-BD76-C1AFAC6040E3} 2014-08-08 08:41 - 2014-08-08 08:41 - 00000000 ____D () C:\Users\User\AppData\Local\{E93612CA-022A-40F4-AF8C-43E5EBDABD24} 2014-08-07 20:41 - 2014-08-07 20:41 - 00000000 ____D () C:\Users\User\AppData\Local\{47394201-543C-4638-9149-D13C5A0690E5} 2014-08-07 08:41 - 2014-08-07 08:41 - 00000000 ____D () C:\Users\User\AppData\Local\{853F9A4B-2D04-4FEF-909B-018970FC030E} 2014-08-06 20:40 - 2014-08-06 20:40 - 00000000 ____D () C:\Users\User\AppData\Local\{25A5D269-238C-470B-BE16-268F3AEC5A92} 2014-08-06 10:24 - 2014-08-06 10:24 - 00115432 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-06 08:40 - 2014-08-06 08:40 - 00000000 ____D () C:\Users\User\AppData\Local\{D3B2A5F7-655C-4E9E-98BF-9AF9713374F8} 2014-08-05 20:39 - 2014-08-05 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\{55916C93-6244-452C-BA38-27F9E2105DA7} 2014-08-05 08:39 - 2014-08-05 08:39 - 00000000 ____D () C:\Users\User\AppData\Local\{FBEB232A-B783-4F89-934D-674C669DAF67} 2014-08-04 20:39 - 2014-08-04 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\{38B82AFF-38FC-4412-9062-F2E712C99898} 2014-08-04 12:59 - 2014-08-04 13:00 - 129610521 _____ () C:\Users\User\Desktop\Final PP Course - final.pptx 2014-08-04 12:14 - 2014-08-04 12:14 - 00000000 ____D () C:\Users\User\Documents\Updater 2014-08-04 08:38 - 2014-08-04 08:39 - 00000000 ____D () C:\Users\User\AppData\Local\{D6778506-5A31-4222-8824-326D294CF641} 2014-08-03 20:38 - 2014-08-03 20:38 - 00000000 ____D () C:\Users\User\AppData\Local\{F04C2325-EB2B-4D59-B677-18CA7DC3CBF4} 2014-08-03 08:38 - 2014-08-03 08:38 - 00000000 ____D () C:\Users\User\AppData\Local\{72BB4C27-948E-4448-BC43-9A7046D1A544} 2014-08-02 20:37 - 2014-08-02 20:38 - 00000000 ____D () C:\Users\User\AppData\Local\{EA983E21-1EBE-45B1-9A9F-63AAE80ABE0A} 2014-08-02 08:37 - 2014-08-02 08:37 - 00000000 ____D () C:\Users\User\AppData\Local\{0A2CA0C7-5BE3-4F30-82EE-2EA453FC6045} 2014-08-01 20:37 - 2014-08-01 20:37 - 00000000 ____D () C:\Users\User\AppData\Local\{A90A0B75-2A0B-4404-9BC9-F02F35E770B2} 2014-08-01 08:37 - 2014-08-01 08:37 - 00000000 ____D () C:\Users\User\AppData\Local\{2E281637-8D11-4CB2-8F37-8A66F3C160E9} 2014-07-31 20:36 - 2014-07-31 20:36 - 00000000 ____D () C:\Users\User\AppData\Local\{1B218C7E-00E5-4088-93DE-A6F764A7D2C2} 2014-07-31 08:36 - 2014-07-31 08:36 - 00000000 ____D () C:\Users\User\AppData\Local\{734C47F4-8B17-4D64-B18A-C8E356F01548} 2014-07-31 04:06 - 2014-05-14 17:23 - 00700384 ____N (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-07-31 04:06 - 2014-05-14 17:23 - 00044512 ____N (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-07-31 04:06 - 2014-05-14 17:23 - 00038880 ____N (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-07-30 20:35 - 2014-07-30 20:36 - 00000000 ____D () C:\Users\User\AppData\Local\{9A529490-352B-452A-82C8-8AB6DFA8F69D} 2014-07-30 08:35 - 2014-07-30 08:35 - 00000000 ____D () C:\Users\User\AppData\Local\{93C5A0CE-7077-4296-B59B-9979435ACABD} 2014-07-29 20:35 - 2014-07-29 20:35 - 00000000 ____D () C:\Users\User\AppData\Local\{14B52461-FCB3-4EB6-ABD4-EDA0380A70B2} 2014-07-29 08:34 - 2014-07-29 08:35 - 00000000 ____D () C:\Users\User\AppData\Local\{3FBEDCF5-0102-4282-B79A-6AA48391F89A} 2014-07-28 20:34 - 2014-07-28 20:34 - 00000000 ____D () C:\Users\User\AppData\Local\{35CE915D-9DD2-413E-8A27-B09F007ABC73} 2014-07-28 08:34 - 2014-07-28 08:34 - 00000000 ____D () C:\Users\User\AppData\Local\{0CC3042D-BFC8-4BA1-8B56-E12507D5639F} 2014-07-27 20:33 - 2014-07-27 20:34 - 00000000 ____D () C:\Users\User\AppData\Local\{C2A665F8-6D6F-48E0-BE73-D31B67D1BC5E} 2014-07-27 08:33 - 2014-07-27 08:33 - 00000000 ____D () C:\Users\User\AppData\Local\{AFB813BB-337E-4781-A97D-F3D079C71202} 2014-07-26 20:33 - 2014-07-26 20:33 - 00000000 ____D () C:\Users\User\AppData\Local\{E6555A06-E4F7-473E-A142-499EE3FC1002} 2014-07-26 08:32 - 2014-07-26 08:33 - 00000000 ____D () C:\Users\User\AppData\Local\{95EFCA16-0880-4D8D-A8D6-E4A1D6783366} 2014-07-25 20:26 - 2014-07-25 20:26 - 00000000 ____D () C:\Users\User\AppData\Local\{89A1B035-E81A-4BF8-A90C-1240D9D15D2A} 2014-07-25 09:08 - 2014-08-11 07:10 - 00000672 _____ () C:\Windows\setupact.log 2014-07-25 09:08 - 2014-07-25 09:08 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-25 08:26 - 2014-07-25 08:26 - 00000000 ____D () C:\Users\User\AppData\Local\{696B8B77-022A-4166-92D8-28247415019A} 2014-07-25 08:11 - 2014-07-23 12:42 - 299567486 _____ () C:\Users\User\Desktop\Audio.zip 2014-07-24 20:25 - 2014-07-24 20:25 - 00000000 ____D () C:\Users\User\AppData\Local\{C6A19A19-8FDA-423D-8865-B6F668E68B90} 2014-07-24 08:25 - 2014-07-24 08:25 - 00000000 ____D () C:\Users\User\AppData\Local\{F88E373A-997E-44EA-96A5-A4B43B9F1134} 2014-07-23 20:24 - 2014-07-23 20:25 - 00000000 ____D () C:\Users\User\AppData\Local\{4F89C185-D7AF-41A4-975A-8AB4620572BB} 2014-07-23 12:38 - 2014-07-23 12:42 - 299567486 _____ () C:\Users\User\Downloads\Audio.zip 2014-07-23 11:09 - 2014-07-23 11:09 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-23 11:09 - 2014-07-23 11:09 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-07-23 08:24 - 2014-07-23 08:24 - 00000000 ____D () C:\Users\User\AppData\Local\{B93F3412-8F01-4D81-8D67-999CF1F971C8} 2014-07-22 20:24 - 2014-07-22 20:24 - 00000000 ____D () C:\Users\User\AppData\Local\{95E7AD8E-0C70-401A-B805-38DC2605FD71} 2014-07-22 08:23 - 2014-07-22 08:24 - 00000000 ____D () C:\Users\User\AppData\Local\{99C6B4F6-3F05-4F2C-8136-0BCF0B57F592} 2014-07-21 20:23 - 2014-07-21 20:23 - 00000000 ____D () C:\Users\User\AppData\Local\{311C97D2-32B7-4014-8CE8-473747FA57F1} 2014-07-21 16:38 - 2014-07-21 16:38 - 12231958 _____ () C:\Users\User\Downloads\DP Mar 2014 - updated by Andrew.pptx 2014-07-21 08:23 - 2014-07-21 08:23 - 00000000 ____D () C:\Users\User\AppData\Local\{5B4CC727-AEE9-48E4-AC78-9E4C47A09DB1} 2014-07-20 20:22 - 2014-07-20 20:23 - 00000000 ____D () C:\Users\User\AppData\Local\{E8CAB33C-9991-40E4-A0B7-4FA32D003C44} 2014-07-20 08:22 - 2014-07-20 08:22 - 00000000 ____D () C:\Users\User\AppData\Local\{C1B5BFB2-BEEE-478F-8918-47929037721A} 2014-07-19 20:22 - 2014-07-19 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\{96DB0404-B93A-40DC-B472-9FAD9AD4214B} 2014-07-19 08:22 - 2014-07-19 08:22 - 00000000 ____D () C:\Users\User\AppData\Local\{BB118FAD-5807-4700-BCA1-4C95BB253F3A} 2014-07-18 20:21 - 2014-07-18 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\{F7F41CA6-DDA6-43F4-9C7C-510DF864A93D} 2014-07-18 08:20 - 2014-07-18 08:20 - 00000000 ____D () C:\Users\User\AppData\Local\{EA71133B-A32D-4535-B414-62B439AFD652} 2014-07-17 20:20 - 2014-07-17 20:20 - 00000000 ____D () C:\Users\User\AppData\Local\{ED34583A-9302-44F0-AC23-6E07CD8ED050} 2014-07-17 08:19 - 2014-07-17 08:19 - 00000000 ____D () C:\Users\User\AppData\Local\{2F33F488-E1FB-4E99-8046-716344C897D0} 2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\User\AppData\Local\{AC6611B0-134F-4161-BCC3-8119988AE8D4} 2014-07-16 08:18 - 2014-07-16 08:19 - 00000000 ____D () C:\Users\User\AppData\Local\{CCC090DF-01DD-4753-819F-F14022909E94} 2014-07-15 20:18 - 2014-07-15 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\{96DD099B-9457-45DF-9DDF-D48AA7A6A85B} 2014-07-15 08:18 - 2014-07-15 08:18 - 00000000 ____D () C:\Users\User\AppData\Local\{A9882D1A-B19B-497F-86D1-9B3641B0E8DA} 2014-07-14 20:17 - 2014-07-14 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\{BF74A961-3ADC-45BA-8F80-70A01D6BC2F6} 2014-07-14 08:17 - 2014-07-14 08:17 - 00000000 ____D () C:\Users\User\AppData\Local\{6647C923-A635-4F67-B663-9F5224A460A2} 2014-07-13 20:17 - 2014-07-13 20:17 - 00000000 ____D () C:\Users\User\AppData\Local\{0D66674A-5B6F-418B-A0D4-984AE3270635} 2014-07-13 08:17 - 2014-07-13 08:17 - 00000000 ____D () C:\Users\User\AppData\Local\{EAEEF6BD-B079-4063-8712-94CF3950CDF7} 2014-07-12 08:46 - 2014-07-12 08:46 - 00000000 ____D () C:\Users\User\AppData\Local\{8FC90E9A-76F5-4B05-B0A6-BCB87725B6D4} 2014-07-12 07:30 - 2014-08-11 07:14 - 00563538 _____ () C:\Windows\WindowsUpdate.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-11 08:37 - 2014-08-11 08:36 - 00020730 _____ () C:\Users\User\Downloads\FRST.txt 2014-08-11 08:36 - 2014-08-11 08:36 - 00000000 ____D () C:\FRST 2014-08-11 08:35 - 2014-08-11 08:35 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2014-08-11 08:32 - 2014-08-11 08:32 - 00025141 _____ () C:\Users\User\Desktop\dds.txt 2014-08-11 08:32 - 2014-08-11 08:32 - 00008575 _____ () C:\Users\User\Desktop\attach.txt 2014-08-11 08:31 - 2014-08-11 08:31 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.scr 2014-08-11 08:30 - 2012-07-06 08:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2014-08-11 08:15 - 2012-07-05 18:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-11 07:47 - 2014-08-11 07:47 - 00000000 ____D () C:\Users\User\AppData\Local\{978C1CCD-C7E2-4F4B-BF58-B277ED124726} 2014-08-11 07:42 - 2012-08-04 12:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-11 07:18 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-11 07:18 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-11 07:16 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-11 07:14 - 2014-07-12 07:30 - 00563538 _____ () C:\Windows\WindowsUpdate.log 2014-08-11 07:11 - 2014-06-21 17:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-11 07:11 - 2014-05-28 08:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Wise Care 365 2014-08-11 07:10 - 2014-07-25 09:08 - 00000672 _____ () C:\Windows\setupact.log 2014-08-11 07:10 - 2014-05-28 08:26 - 00000420 _____ () C:\Windows\Tasks\Wise Care 365.job 2014-08-11 07:10 - 2012-07-06 10:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-11 07:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-10 20:15 - 2012-07-06 10:12 - 00000000 ____D () C:\Users\User\Documents\PASSWORDS 2014-08-10 18:37 - 2014-08-10 18:37 - 00000020 _____ () C:\Windows\Øø¿ 2014-08-10 18:37 - 2012-07-05 16:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-08-10 18:37 - 2012-07-05 16:20 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2014-08-10 18:37 - 2012-07-05 16:18 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2014-08-10 18:37 - 2012-07-05 16:16 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-08-10 18:37 - 2012-07-05 16:15 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2014-08-10 18:35 - 2014-08-10 18:35 - 00000359 _____ () C:\Windows\DirectX.log 2014-08-10 17:56 - 2012-07-06 08:42 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-10 17:56 - 2012-07-06 08:42 - 00000000 ____D () C:\ProgramData\Skype 2014-08-10 17:05 - 2014-08-10 17:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-10 16:07 - 2014-08-10 16:07 - 00000000 ____D () C:\Users\User\AppData\Local\{31E75C00-6ADF-4103-987B-D3F6CAF0BAFB} 2014-08-10 16:04 - 2014-08-10 16:04 - 00001926 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-10 16:04 - 2013-06-12 09:35 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-08-10 16:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-08-10 16:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-10 15:59 - 2014-04-26 05:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-10 15:59 - 2012-07-13 10:36 - 00000000 ____D () C:\ProgramData\pdf995 2014-08-10 15:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-08-10 15:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-08-10 13:56 - 2014-08-10 13:56 - 00000134 _____ () C:\Users\User\Desktop\Internet Explorer Troubleshooting.url 2014-08-10 13:48 - 2012-07-05 07:20 - 00000000 ____D () C:\Windows\Panther 2014-08-10 11:59 - 2014-08-10 11:59 - 02077392 _____ (Microsoft Corporation) C:\Users\User\Downloads\IE11-Windows6.1.exe 2014-08-10 11:32 - 2014-08-10 11:32 - 01551008 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\skypesetup(1).exe 2014-08-10 11:32 - 2014-08-10 11:32 - 00003134 _____ () C:\Windows\System32\Tasks\{C6477BE5-03D4-4918-AC82-E44D44A370C2} 2014-08-10 11:28 - 2014-08-10 11:28 - 00000561 _____ () C:\Users\User\Downloads\css.zip 2014-08-10 08:43 - 2014-08-10 08:43 - 00000000 ____D () C:\Users\User\AppData\Local\{69B4AD83-BAA5-4E48-BBAA-8FC633574B9B} 2014-08-09 20:42 - 2014-08-09 20:42 - 00000000 ____D () C:\Users\User\AppData\Local\{2537390F-61AA-40E2-8C4A-39CDC2EB1B56} 2014-08-09 08:42 - 2014-08-09 08:42 - 00000000 ____D () C:\Users\User\AppData\Local\{C79AB55A-62EF-40BC-A041-1A22DD368CFB} 2014-08-08 20:42 - 2014-08-08 20:42 - 00000000 ____D () C:\Users\User\AppData\Local\{1E417506-EAE0-4CA0-BD76-C1AFAC6040E3} 2014-08-08 08:41 - 2014-08-08 08:41 - 00000000 ____D () C:\Users\User\AppData\Local\{E93612CA-022A-40F4-AF8C-43E5EBDABD24} 2014-08-07 20:41 - 2014-08-07 20:41 - 00000000 ____D () C:\Users\User\AppData\Local\{47394201-543C-4638-9149-D13C5A0690E5} 2014-08-07 08:41 - 2014-08-07 08:41 - 00000000 ____D () C:\Users\User\AppData\Local\{853F9A4B-2D04-4FEF-909B-018970FC030E} 2014-08-06 20:40 - 2014-08-06 20:40 - 00000000 ____D () C:\Users\User\AppData\Local\{25A5D269-238C-470B-BE16-268F3AEC5A92} 2014-08-06 10:24 - 2014-08-06 10:24 - 00115432 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-06 08:40 - 2014-08-06 08:40 - 00000000 ____D () C:\Users\User\AppData\Local\{D3B2A5F7-655C-4E9E-98BF-9AF9713374F8} 2014-08-05 20:39 - 2014-08-05 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\{55916C93-6244-452C-BA38-27F9E2105DA7} 2014-08-05 08:39 - 2014-08-05 08:39 - 00000000 ____D () C:\Users\User\AppData\Local\{FBEB232A-B783-4F89-934D-674C669DAF67} 2014-08-04 20:39 - 2014-08-04 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\{38B82AFF-38FC-4412-9062-F2E712C99898} 2014-08-04 19:52 - 2014-01-22 16:06 - 00000000 ____D () C:\Users\User\Documents\Averil 2014-08-04 13:00 - 2014-08-04 12:59 - 129610521 _____ () C:\Users\User\Desktop\Final PP Course - final.pptx 2014-08-04 12:14 - 2014-08-04 12:14 - 00000000 ____D () C:\Users\User\Documents\Updater 2014-08-04 08:39 - 2014-08-04 08:38 - 00000000 ____D () C:\Users\User\AppData\Local\{D6778506-5A31-4222-8824-326D294CF641} 2014-08-03 20:38 - 2014-08-03 20:38 - 00000000 ____D () C:\Users\User\AppData\Local\{F04C2325-EB2B-4D59-B677-18CA7DC3CBF4} 2014-08-03 08:38 - 2014-08-03 08:38 - 00000000 ____D () C:\Users\User\AppData\Local\{72BB4C27-948E-4448-BC43-9A7046D1A544} 2014-08-02 20:38 - 2014-08-02 20:37 - 00000000 ____D () C:\Users\User\AppData\Local\{EA983E21-1EBE-45B1-9A9F-63AAE80ABE0A} 2014-08-02 08:37 - 2014-08-02 08:37 - 00000000 ____D () C:\Users\User\AppData\Local\{0A2CA0C7-5BE3-4F30-82EE-2EA453FC6045} 2014-08-01 20:37 - 2014-08-01 20:37 - 00000000 ____D () C:\Users\User\AppData\Local\{A90A0B75-2A0B-4404-9BC9-F02F35E770B2} 2014-08-01 08:37 - 2014-08-01 08:37 - 00000000 ____D () C:\Users\User\AppData\Local\{2E281637-8D11-4CB2-8F37-8A66F3C160E9} 2014-07-31 20:36 - 2014-07-31 20:36 - 00000000 ____D () C:\Users\User\AppData\Local\{1B218C7E-00E5-4088-93DE-A6F764A7D2C2} 2014-07-31 16:38 - 2012-09-26 14:05 - 00000000 ____D () C:\Users\User\Documents\Beep 2014-07-31 08:36 - 2014-07-31 08:36 - 00000000 ____D () C:\Users\User\AppData\Local\{734C47F4-8B17-4D64-B18A-C8E356F01548} 2014-07-30 20:36 - 2014-07-30 20:35 - 00000000 ____D () C:\Users\User\AppData\Local\{9A529490-352B-452A-82C8-8AB6DFA8F69D} 2014-07-30 08:35 - 2014-07-30 08:35 - 00000000 ____D () C:\Users\User\AppData\Local\{93C5A0CE-7077-4296-B59B-9979435ACABD} 2014-07-30 08:00 - 2014-05-28 08:26 - 00000400 _____ () C:\Windows\Tasks\Wise Turbo Checker.job 2014-07-29 20:35 - 2014-07-29 20:35 - 00000000 ____D () C:\Users\User\AppData\Local\{14B52461-FCB3-4EB6-ABD4-EDA0380A70B2} 2014-07-29 08:35 - 2014-07-29 08:34 - 00000000 ____D () C:\Users\User\AppData\Local\{3FBEDCF5-0102-4282-B79A-6AA48391F89A} 2014-07-28 20:34 - 2014-07-28 20:34 - 00000000 ____D () C:\Users\User\AppData\Local\{35CE915D-9DD2-413E-8A27-B09F007ABC73} 2014-07-28 08:34 - 2014-07-28 08:34 - 00000000 ____D () C:\Users\User\AppData\Local\{0CC3042D-BFC8-4BA1-8B56-E12507D5639F} 2014-07-27 20:34 - 2014-07-27 20:33 - 00000000 ____D () C:\Users\User\AppData\Local\{C2A665F8-6D6F-48E0-BE73-D31B67D1BC5E} 2014-07-27 08:33 - 2014-07-27 08:33 - 00000000 ____D () C:\Users\User\AppData\Local\{AFB813BB-337E-4781-A97D-F3D079C71202} 2014-07-26 20:33 - 2014-07-26 20:33 - 00000000 ____D () C:\Users\User\AppData\Local\{E6555A06-E4F7-473E-A142-499EE3FC1002} 2014-07-26 08:33 - 2014-07-26 08:32 - 00000000 ____D () C:\Users\User\AppData\Local\{95EFCA16-0880-4D8D-A8D6-E4A1D6783366} 2014-07-25 20:26 - 2014-07-25 20:26 - 00000000 ____D () C:\Users\User\AppData\Local\{89A1B035-E81A-4BF8-A90C-1240D9D15D2A} 2014-07-25 09:08 - 2014-07-25 09:08 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-25 08:26 - 2014-07-25 08:26 - 00000000 ____D () C:\Users\User\AppData\Local\{696B8B77-022A-4166-92D8-28247415019A} 2014-07-25 06:26 - 2013-03-14 21:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-25 06:26 - 2013-03-14 21:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-24 21:15 - 2013-03-14 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-24 20:25 - 2014-07-24 20:25 - 00000000 ____D () C:\Users\User\AppData\Local\{C6A19A19-8FDA-423D-8865-B6F668E68B90} 2014-07-24 08:25 - 2014-07-24 08:25 - 00000000 ____D () C:\Users\User\AppData\Local\{F88E373A-997E-44EA-96A5-A4B43B9F1134} 2014-07-23 20:25 - 2014-07-23 20:24 - 00000000 ____D () C:\Users\User\AppData\Local\{4F89C185-D7AF-41A4-975A-8AB4620572BB} 2014-07-23 12:42 - 2014-07-25 08:11 - 299567486 _____ () C:\Users\User\Desktop\Audio.zip 2014-07-23 12:42 - 2014-07-23 12:38 - 299567486 _____ () C:\Users\User\Downloads\Audio.zip 2014-07-23 11:09 - 2014-07-23 11:09 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-23 11:09 - 2014-07-23 11:09 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-07-23 11:09 - 2013-06-17 14:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-23 11:09 - 2013-06-17 14:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-23 11:09 - 2012-10-16 18:37 - 00000000 ____D () C:\Program Files\Java 2014-07-23 08:24 - 2014-07-23 08:24 - 00000000 ____D () C:\Users\User\AppData\Local\{B93F3412-8F01-4D81-8D67-999CF1F971C8} 2014-07-22 20:24 - 2014-07-22 20:24 - 00000000 ____D () C:\Users\User\AppData\Local\{95E7AD8E-0C70-401A-B805-38DC2605FD71} 2014-07-22 08:24 - 2014-07-22 08:23 - 00000000 ____D () C:\Users\User\AppData\Local\{99C6B4F6-3F05-4F2C-8136-0BCF0B57F592} 2014-07-21 20:23 - 2014-07-21 20:23 - 00000000 ____D () C:\Users\User\AppData\Local\{311C97D2-32B7-4014-8CE8-473747FA57F1} 2014-07-21 16:38 - 2014-07-21 16:38 - 12231958 _____ () C:\Users\User\Downloads\DP Mar 2014 - updated by Andrew.pptx 2014-07-21 08:23 - 2014-07-21 08:23 - 00000000 ____D () C:\Users\User\AppData\Local\{5B4CC727-AEE9-48E4-AC78-9E4C47A09DB1} 2014-07-20 20:23 - 2014-07-20 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\{E8CAB33C-9991-40E4-A0B7-4FA32D003C44} 2014-07-20 08:22 - 2014-07-20 08:22 - 00000000 ____D () C:\Users\User\AppData\Local\{C1B5BFB2-BEEE-478F-8918-47929037721A} 2014-07-19 20:22 - 2014-07-19 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\{96DB0404-B93A-40DC-B472-9FAD9AD4214B} 2014-07-19 08:22 - 2014-07-19 08:22 - 00000000 ____D () C:\Users\User\AppData\Local\{BB118FAD-5807-4700-BCA1-4C95BB253F3A} 2014-07-18 20:22 - 2014-07-18 20:21 - 00000000 ____D () C:\Users\User\AppData\Local\{F7F41CA6-DDA6-43F4-9C7C-510DF864A93D} 2014-07-18 13:46 - 2012-07-06 10:03 - 00000000 ____D () C:\Users\User\Documents\Copywriting Jobs Done 2014-07-18 11:23 - 2014-06-23 12:47 - 00000000 ____D () C:\Users\User\Desktop\Rob Moore 2014-07-18 11:18 - 2013-09-30 09:28 - 00000000 ____D () C:\Users\User\Documents\Clickbank-Articles 2014-07-18 10:04 - 2012-07-06 09:59 - 00000000 ____D () C:\Users\User\Documents\My Webs 2014-07-18 10:02 - 2014-06-24 13:22 - 00000000 ____D () C:\Users\User\Documents\Property 2014-07-18 10:00 - 2014-01-08 13:28 - 00000000 ____D () C:\Users\User\Documents\AFFILIATE-CPA 2014-07-18 08:20 - 2014-07-18 08:20 - 00000000 ____D () C:\Users\User\AppData\Local\{EA71133B-A32D-4535-B414-62B439AFD652} 2014-07-18 06:38 - 2012-07-06 10:13 - 00000000 ____D () C:\Users\User\Documents\address 2014-07-17 20:20 - 2014-07-17 20:20 - 00000000 ____D () C:\Users\User\AppData\Local\{ED34583A-9302-44F0-AC23-6E07CD8ED050} 2014-07-17 08:19 - 2014-07-17 08:19 - 00000000 ____D () C:\Users\User\AppData\Local\{2F33F488-E1FB-4E99-8046-716344C897D0} 2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\User\AppData\Local\{AC6611B0-134F-4161-BCC3-8119988AE8D4} 2014-07-16 08:19 - 2014-07-16 08:18 - 00000000 ____D () C:\Users\User\AppData\Local\{CCC090DF-01DD-4753-819F-F14022909E94} 2014-07-15 20:18 - 2014-07-15 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\{96DD099B-9457-45DF-9DDF-D48AA7A6A85B} 2014-07-15 08:18 - 2014-07-15 08:18 - 00000000 ____D () C:\Users\User\AppData\Local\{A9882D1A-B19B-497F-86D1-9B3641B0E8DA} 2014-07-14 20:18 - 2014-07-14 20:17 - 00000000 ____D () C:\Users\User\AppData\Local\{BF74A961-3ADC-45BA-8F80-70A01D6BC2F6} 2014-07-14 08:17 - 2014-07-14 08:17 - 00000000 ____D () C:\Users\User\AppData\Local\{6647C923-A635-4F67-B663-9F5224A460A2} 2014-07-13 20:17 - 2014-07-13 20:17 - 00000000 ____D () C:\Users\User\AppData\Local\{0D66674A-5B6F-418B-A0D4-984AE3270635} 2014-07-13 08:17 - 2014-07-13 08:17 - 00000000 ____D () C:\Users\User\AppData\Local\{EAEEF6BD-B079-4063-8712-94CF3950CDF7} 2014-07-12 08:46 - 2014-07-12 08:46 - 00000000 ____D () C:\Users\User\AppData\Local\{8FC90E9A-76F5-4B05-B0A6-BCB87725B6D4} ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 07:20 ==================== End Of Log ============================
-
DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.60.2 Run by User at 8:32:05 on 2014-08-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2303 [GMT 1:00] . AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uSearch Bar = Preserve mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe StartupFolder: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TalkTalk Setup CD Reporting Tool.exe StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VISION~1.LNK - C:\Program Files (x86)\Vision Defense\Vision Defense.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:221 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{68F549D3-7AA5-415F-8635-239532367632} : DHCPNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-6-2 65776] R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-6-2 224896] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-6-2 1041168] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-6-2 427360] R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-23 29208] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-6-2 79184] R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-6-2 92008] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-11 50344] R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176] R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-7-4 77936] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2014-5-28 580232] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-10 111616] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-6 1255736] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2014-1-12 29288] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2014-1-12 29288] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2014-1-12 29288] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2014-1-12 29288] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2014-1-12 29288] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L" . =============== Created Last 30 ================ . 2014-08-11 06:47:25 -------- d-----w- C:\Users\User\AppData\Local\{978C1CCD-C7E2-4F4B-BF58-B277ED124726} 2014-08-10 15:08:36 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{911446B9-D608-4906-A78A-C551EA65ADF9}\mpengine.dll 2014-08-10 15:07:05 -------- d-----w- C:\Users\User\AppData\Local\{31E75C00-6ADF-4103-987B-D3F6CAF0BAFB} 2014-08-10 07:43:06 -------- d-----w- C:\Users\User\AppData\Local\{69B4AD83-BAA5-4E48-BBAA-8FC633574B9B} 2014-08-09 19:42:41 -------- d-----w- C:\Users\User\AppData\Local\{2537390F-61AA-40E2-8C4A-39CDC2EB1B56} 2014-08-09 07:42:25 -------- d-----w- C:\Users\User\AppData\Local\{C79AB55A-62EF-40BC-A041-1A22DD368CFB} 2014-08-08 19:42:00 -------- d-----w- C:\Users\User\AppData\Local\{1E417506-EAE0-4CA0-BD76-C1AFAC6040E3} 2014-08-08 07:41:48 -------- d-----w- C:\Users\User\AppData\Local\{E93612CA-022A-40F4-AF8C-43E5EBDABD24} 2014-08-07 19:41:23 -------- d-----w- C:\Users\User\AppData\Local\{47394201-543C-4638-9149-D13C5A0690E5} 2014-08-07 07:41:10 -------- d-----w- C:\Users\User\AppData\Local\{853F9A4B-2D04-4FEF-909B-018970FC030E} 2014-08-06 19:40:45 -------- d-----w- C:\Users\User\AppData\Local\{25A5D269-238C-470B-BE16-268F3AEC5A92} 2014-08-06 07:40:08 -------- d-----w- C:\Users\User\AppData\Local\{D3B2A5F7-655C-4E9E-98BF-9AF9713374F8} 2014-08-05 19:39:43 -------- d-----w- C:\Users\User\AppData\Local\{55916C93-6244-452C-BA38-27F9E2105DA7} 2014-08-05 07:39:31 -------- d-----w- C:\Users\User\AppData\Local\{FBEB232A-B783-4F89-934D-674C669DAF67} 2014-08-04 19:39:05 -------- d-----w- C:\Users\User\AppData\Local\{38B82AFF-38FC-4412-9062-F2E712C99898} 2014-08-04 07:38:53 -------- d-----w- C:\Users\User\AppData\Local\{D6778506-5A31-4222-8824-326D294CF641} 2014-08-03 19:38:28 -------- d-----w- C:\Users\User\AppData\Local\{F04C2325-EB2B-4D59-B677-18CA7DC3CBF4} 2014-08-03 07:38:16 -------- d-----w- C:\Users\User\AppData\Local\{72BB4C27-948E-4448-BC43-9A7046D1A544} 2014-08-02 19:37:52 -------- d-----w- C:\Users\User\AppData\Local\{EA983E21-1EBE-45B1-9A9F-63AAE80ABE0A} 2014-08-02 07:37:40 -------- d-----w- C:\Users\User\AppData\Local\{0A2CA0C7-5BE3-4F30-82EE-2EA453FC6045} 2014-08-01 19:37:15 -------- d-----w- C:\Users\User\AppData\Local\{A90A0B75-2A0B-4404-9BC9-F02F35E770B2} 2014-08-01 07:37:02 -------- d-----w- C:\Users\User\AppData\Local\{2E281637-8D11-4CB2-8F37-8A66F3C160E9} 2014-07-31 19:36:37 -------- d-----w- C:\Users\User\AppData\Local\{1B218C7E-00E5-4088-93DE-A6F764A7D2C2} 2014-07-31 07:36:25 -------- d-----w- C:\Users\User\AppData\Local\{734C47F4-8B17-4D64-B18A-C8E356F01548} 2014-07-30 19:35:59 -------- d-----w- C:\Users\User\AppData\Local\{9A529490-352B-452A-82C8-8AB6DFA8F69D} 2014-07-30 07:35:47 -------- d-----w- C:\Users\User\AppData\Local\{93C5A0CE-7077-4296-B59B-9979435ACABD} 2014-07-29 19:35:23 -------- d-----w- C:\Users\User\AppData\Local\{14B52461-FCB3-4EB6-ABD4-EDA0380A70B2} 2014-07-29 07:34:58 -------- d-----w- C:\Users\User\AppData\Local\{3FBEDCF5-0102-4282-B79A-6AA48391F89A} 2014-07-28 19:34:33 -------- d-----w- C:\Users\User\AppData\Local\{35CE915D-9DD2-413E-8A27-B09F007ABC73} 2014-07-28 07:34:21 -------- d-----w- C:\Users\User\AppData\Local\{0CC3042D-BFC8-4BA1-8B56-E12507D5639F} 2014-07-27 19:33:57 -------- d-----w- C:\Users\User\AppData\Local\{C2A665F8-6D6F-48E0-BE73-D31B67D1BC5E} 2014-07-27 07:33:31 -------- d-----w- C:\Users\User\AppData\Local\{AFB813BB-337E-4781-A97D-F3D079C71202} 2014-07-26 19:33:07 -------- d-----w- C:\Users\User\AppData\Local\{E6555A06-E4F7-473E-A142-499EE3FC1002} 2014-07-26 07:32:55 -------- d-----w- C:\Users\User\AppData\Local\{95EFCA16-0880-4D8D-A8D6-E4A1D6783366} 2014-07-25 19:26:35 -------- d-----w- C:\Users\User\AppData\Local\{89A1B035-E81A-4BF8-A90C-1240D9D15D2A} 2014-07-25 07:26:10 -------- d-----w- C:\Users\User\AppData\Local\{696B8B77-022A-4166-92D8-28247415019A} 2014-07-24 19:25:46 -------- d-----w- C:\Users\User\AppData\Local\{C6A19A19-8FDA-423D-8865-B6F668E68B90} 2014-07-24 07:25:22 -------- d-----w- C:\Users\User\AppData\Local\{F88E373A-997E-44EA-96A5-A4B43B9F1134} 2014-07-23 19:24:57 -------- d-----w- C:\Users\User\AppData\Local\{4F89C185-D7AF-41A4-975A-8AB4620572BB} 2014-07-23 10:09:13 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2014-07-23 07:24:32 -------- d-----w- C:\Users\User\AppData\Local\{B93F3412-8F01-4D81-8D67-999CF1F971C8} 2014-07-22 19:24:08 -------- d-----w- C:\Users\User\AppData\Local\{95E7AD8E-0C70-401A-B805-38DC2605FD71} 2014-07-22 07:23:56 -------- d-----w- C:\Users\User\AppData\Local\{99C6B4F6-3F05-4F2C-8136-0BCF0B57F592} 2014-07-21 19:23:31 -------- d-----w- C:\Users\User\AppData\Local\{311C97D2-32B7-4014-8CE8-473747FA57F1} 2014-07-21 07:23:19 -------- d-----w- C:\Users\User\AppData\Local\{5B4CC727-AEE9-48E4-AC78-9E4C47A09DB1} 2014-07-20 19:22:54 -------- d-----w- C:\Users\User\AppData\Local\{E8CAB33C-9991-40E4-A0B7-4FA32D003C44} 2014-07-20 07:22:42 -------- d-----w- C:\Users\User\AppData\Local\{C1B5BFB2-BEEE-478F-8918-47929037721A} 2014-07-19 19:22:30 -------- d-----w- C:\Users\User\AppData\Local\{96DB0404-B93A-40DC-B472-9FAD9AD4214B} 2014-07-19 07:22:17 -------- d-----w- C:\Users\User\AppData\Local\{BB118FAD-5807-4700-BCA1-4C95BB253F3A} 2014-07-18 19:21:53 -------- d-----w- C:\Users\User\AppData\Local\{F7F41CA6-DDA6-43F4-9C7C-510DF864A93D} 2014-07-18 07:20:48 -------- d-----w- C:\Users\User\AppData\Local\{EA71133B-A32D-4535-B414-62B439AFD652} 2014-07-17 19:20:24 -------- d-----w- C:\Users\User\AppData\Local\{ED34583A-9302-44F0-AC23-6E07CD8ED050} 2014-07-17 07:19:31 -------- d-----w- C:\Users\User\AppData\Local\{2F33F488-E1FB-4E99-8046-716344C897D0} 2014-07-16 19:19:06 -------- d-----w- C:\Users\User\AppData\Local\{AC6611B0-134F-4161-BCC3-8119988AE8D4} 2014-07-16 07:18:54 -------- d-----w- C:\Users\User\AppData\Local\{CCC090DF-01DD-4753-819F-F14022909E94} 2014-07-15 19:18:29 -------- d-----w- C:\Users\User\AppData\Local\{96DD099B-9457-45DF-9DDF-D48AA7A6A85B} 2014-07-15 07:18:17 -------- d-----w- C:\Users\User\AppData\Local\{A9882D1A-B19B-497F-86D1-9B3641B0E8DA} 2014-07-14 19:17:52 -------- d-----w- C:\Users\User\AppData\Local\{BF74A961-3ADC-45BA-8F80-70A01D6BC2F6} 2014-07-14 07:17:40 -------- d-----w- C:\Users\User\AppData\Local\{6647C923-A635-4F67-B663-9F5224A460A2} 2014-07-13 19:17:18 -------- d-----w- C:\Users\User\AppData\Local\{0D66674A-5B6F-418B-A0D4-984AE3270635} 2014-07-13 07:17:03 -------- d-----w- C:\Users\User\AppData\Local\{EAEEF6BD-B079-4063-8712-94CF3950CDF7} 2014-07-12 07:46:25 -------- d-----w- C:\Users\User\AppData\Local\{8FC90E9A-76F5-4B05-B0A6-BCB87725B6D4} . ==================== Find3M ==================== . 2014-07-11 13:02:33 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2014-07-11 13:02:33 92008 ----a-w- C:\Windows\System32\drivers\aswstm.sys 2014-07-11 13:02:33 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2014-07-11 13:02:33 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2014-07-11 13:02:33 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys 2014-07-11 13:02:33 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2014-07-11 13:02:33 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys 2014-07-11 13:02:32 43152 ----a-w- C:\Windows\avastSS.scr 2014-07-09 12:42:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-09 12:42:11 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-07-04 05:17:31 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll 2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll 2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-06-19 00:48:18 2768384 ----a-w- C:\Windows\System32\iertutil(57).dll 2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll 2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll 2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll 2014-06-18 23:32:55 2179072 ----a-w- C:\Windows\SysWow64\iertutil(65).dll 2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet(61).dll 2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-06-18 22:34:25 1393664 ----a-w- C:\Windows\System32\urlmon(59).dll 2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet(68).dll 2014-06-18 22:09:34 1139200 ----a-w- C:\Windows\SysWow64\urlmon(67).dll 2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe 2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe 2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys 2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll 2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll 2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll 2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll 2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll 2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll 2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll 2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll 2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll 2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll 2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll 2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys . ============= FINISH: 8:32:27.02 ===============
-
. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 04/07/2012 15:17:29 System Uptime: 11/08/2014 07:10:21 (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5G41T-M LX Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz | LGA775 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 785.032 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP258: 30/07/2014 06:58:17 - Windows Update RP259: 31/07/2014 04:06:10 - Windows Update RP260: 05/08/2014 06:59:06 - Windows Update RP261: 09/08/2014 05:38:13 - Windows Update RP262: 10/08/2014 11:22:34 - Removed Skype Click to Call RP263: 10/08/2014 11:23:13 - Removed Skype™ 6.18 RP264: 10/08/2014 11:31:27 - Removed Skype™ 6.18 RP265: 10/08/2014 12:40:10 - Windows Modules Installer RP266: 10/08/2014 13:55:39 - Windows Modules Installer RP267: 10/08/2014 15:12:50 - Removed Skype™ 6.18 RP268: 10/08/2014 15:18:37 - Restore Operation RP269: 10/08/2014 16:02:23 - avast! antivirus system restore point RP270: 10/08/2014 16:07:48 - Windows Update RP271: 10/08/2014 18:34:47 - Installed DirectX RP272: 10/08/2014 18:35:11 - Installed DirectX . ==== Installed Programs ====================== . Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 14 ActiveX Adobe Flash Player 14 Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader XI (11.0.07) Adobe Stock Photos 1.0 Amazon Kindle Apple Application Support Apple Software Update Artisteer 2 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver µTorrent avast! Free Antivirus Camtasia Studio 7 CCleaner CoffeeCup Free FTP D3DX10 Dropbox Evernote v. 4.5.7 FileZilla Client 3.8.0 FreshKey Google Chrome Google Drive Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.8.0.1189 Intel® Graphics Media Accelerator Driver Java 7 Update 60 Java 7 Update 65 (64-bit) Java Auto Updater Java 6 Update 45 (64-bit) Junk Mail filter update Keyword Optimizer Pro 2 Macromedia Dreamweaver 8 Macromedia Extension Manager Malwarebytes Anti-Malware version 1.75.0.1300 Market Samurai Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Camera Codec Pack Microsoft IntelliPoint 8.2 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word Viewer 2003 Microsoft PowerPoint Viewer Microsoft Publisher 2002 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 31.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Pdf995 PDFCreator QuickTime 7 Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition Skype Click to Call Skype™ 6.18 Switch Sound File Converter Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Vision Defense Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Windows Driver Package - Hewlett-Packard Image (12/28/2006 8.0.0.0) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPatrol Wise Care 365 2.99 Wise Registry Cleaner 8.03 . ==== Event Viewer Messages From Past Week ======== . 10/08/2014 13:47:10, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The object specified could not be created or opened, because its associated TransactionManager is not online. The TransactionManager must be brought fully Online by calling RecoverTransactionManager to recover to the end of its LogFile before objects in its Transaction or ResourceManager namespaces can be opened. In addition, errors in writing records to its LogFile can cause a TransactionManager to go offline. 10/08/2014 13:47:01, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control. . ==== End Of File ===========================
-
I did a system restore after I had a problem with Skype. But after the system restore I get this message: The ordinal 791 could not be located in the dynamic link library iertutil.dll. This shows uo in windows live mail and it won't show me the email messages. How can I address this.
-
It's all good now.
-
error dns probe finished no internet
beepbeep replied to beepbeep's topic in Resolved Malware Removal Logs
I followed this: http://www.thewindowsclub.com/fix-dns-server-not-responding-on-windows-7 and it sorted it out. -
I just fixed it being able to get online following this: http://www.thewindowsclub.com/fix-dns-server-not-responding-on-windows-7
-
Yes I am on my computer - it's my husbands laptop. Here's the log: Farbar Service Scanner Version: 21-05-2014 Ran by Mark (administrator) on 28-05-2014 at 11:38:59 Running from "E:\" Microsoft Windows 8 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Demand. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll [2012-07-26 01:07] - [2012-07-26 04:05] - 0331776 ____A (Microsoft Corporation) 6DBE7FE196F8E9D212DCC34EDDF7C3C1 C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-07-26 06:26] - [2012-07-26 06:26] - 2224880 ____A (Microsoft Corporation) AF6A8D27FCABFF85DDC1D4599582B4FE C:\Windows\System32\dnsrslvr.dll [2012-07-26 01:08] - [2012-07-26 04:05] - 0210432 ____A (Microsoft Corporation) 9ACE7E657107EB51E5E89FD883F2FD2D C:\Windows\System32\mpssvc.dll [2012-07-26 00:40] - [2012-07-26 04:06] - 0904704 ____A (Microsoft Corporation) 411EA973A1961C287927DF13891EB41E C:\Windows\System32\bfe.dll [2012-07-26 01:00] - [2012-07-26 04:05] - 0718848 ____A (Microsoft Corporation) 407F85D5387EDBB665A7969DF4D4712B C:\Windows\System32\drivers\mpsdrv.sys [2012-07-26 03:23] - [2012-07-26 03:23] - 0074752 ____A (Microsoft Corporation) 36BF4D86F166ACBC14F0B8B8F90CBCEA C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2012-07-26 00:34] - [2012-07-26 04:08] - 3318784 ____A (Microsoft Corporation) C80DB258C195ACBF86ED42B53554EB28 C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit C:\Windows\System32\svchost.exe [2012-07-26 01:00] - [2012-07-26 04:08] - 0030208 ____A (Microsoft Corporation) 57350BEDE3834915B6145B67C71C7BDA C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
-
My laptop had a problem and you helped me here: https://forums.malwa...beepbeep&page=2 It seemed to be working ok, but it's very slow and working hard. Also yesterday Avast suddenly started deleting it's files, I don't know if Avast does that if it runs out after a year. But since then I can't get the laptop back online. I tried a restore point that didn't work and then I set it back to original settings - but now the 3 blue light on the front are working extra hard and are on all the time, and that isn't right only 2 lights should be on. Can you help with this?
-
error dns probe finished no internet
beepbeep replied to beepbeep's topic in Resolved Malware Removal Logs
I have reinstalled avast but nothing has changed. -
My husbands laptop suddenly started uninstalling Avast virus protector. Since then he can't get on the internet. If you use google chrome and click on more it says: error dns probe finished no internet I have restarted but it won't logon to the internet. I just restarted it and got this message: Avast will not be able to protect mail/news (error10013) then please check that the avast service(avastSvc.exe) is not blocked by your personal firewall. Can anyone help with this?
-
Its running well now. Thank you, very much for your help, I will donate.