hbograd

In my malwarebytes settings, I have it set to "automatically quarantine malware upon detection." Yet, every morning I get a pop-up report report of the daily malwarebytes scan, and I need to open it, click to quarantine affected files, and then wait, and then shut the window. It only takes a few minutes a day, but I'd prefer to simply have this happen automatically. Is there a way to do this, so I stop getting the daily reports, but the files get quarantined automatically?

With the help of a friend who is an electrical engineer, I've solved the problem. She wrote: As for your mouse-if multiple mice do the same thing, it's prrobably your computer. It may be getting a false input from another method. Is there a touchpad, roller ball, or joystick that may be producing this signal? You can disable it through control panel>hardware and then see if the issue goes away. A lot of times laptops exhibit that behavior when the touchpad has issues. I wrote back: You solved my computer problem - I was giving up, and about to buy a new computer! I had a USB ergonomic mouse that was also a keyboard tray that I had forgotten about. It had been unplugged, and I must have plugged it back in without thinking. I unplugged it, and my mouse started working again!

I posted a message at 12:40 am on June 4, and have not gotten any reply. I read that if I haven't heard in 48 hours, I should send a private message to a moderator, but I don't know how to do this. My original post is here: https://forums.malwarebytes.org/index.php?/topic/169020-mouse-sticks-to-left-side-could-this-be-a-virus-or-malware/ Thanks.

Last night my mouse suddenly started moving to the left side of my screen and sticking there. I could move it up or down, but when I tried to move it to the right, it moves a few inches and then rapidly goes back to the left, before I can click on anything (exceptions: I can click on the start button which is all the way to the left on the bottom). I have taken these steps to troubleshoot, but none have helped. I'm writing to ask if you think this is likely to be a virus or malware problem, or if you have any other ideas about possible causes and troubleshooting steps: At the same time, the computer is buzzing on and off, and the buzzing sometimes stops if I pull out the mouse. My computer consultant friend thinks that this means I might need a new power source - but he didn't think that it was connected to the mouse moving to the right. I rebooted I tried a different USB mouse (that still works on another computer) and a PS/2 mouse I tried starting in Safe Mode I consulted with a friend who is professional computer troubleshooter. He accessed the computer remotely using TeamViewer, and he had the same problem with the mouse when accessing remotely. He did help improve my skills at navigating using keyboard commands. I can still access the hard drive over the network from two other computers. I had recently run a diagnostic program on the hard drive which reported no problems. He ran a disk cleaner program I updated malwarebytes and ran it twice. The first time there were a lot of threats removed, the second time it seemed clean. I rebooted after each run, but the problem persists. (If it would help for me to download the report malwarebytes created, please help me know how to find and identify I'm running a scan using AVG antivirus, but so far it hasn't found anthing. I ran a newly downloaded version of Farbar Recovery Scan Tool from a flash drive, and I'm copying the report below. I don't know how to understand it (e.g. what does "whitelisted" mean?). I tried to do a system restore, but I got this message" "Unexpected error: system cannot find file specified." I thought that the system would have automatically set restore points when it automatically installs Windows Updates, as it has done recently. The computer appears to be working fine (though sometimes slow), other than the mouse problem.Thanks for your help! See the FArbar Scan Recovery Tool. a Harriet Bograd Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015Ran by SYSTEM on MININT-7ANMI3V on 03-06-2015 18:28:31Running from D:\Platform: Windows 7 Home Premium (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-05] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-06-26] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)HKU\Classic .NET AppPool\...\RunOnce: [scrSav] => C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()HKU\Classic .NET AppPool\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [425984 2009-08-04] ()HKU\Classic .NET AppPool.Kulanu-PC\...\RunOnce: [scrSav] => C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()HKU\Classic .NET AppPool.Kulanu-PC\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [425984 2009-08-04] ()HKU\Classic .NET AppPool.Kulanu-PC.002\...\RunOnce: [scrSav] => C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()HKU\Classic .NET AppPool.Kulanu-PC.002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [425984 2009-08-04] ()HKU\Default\...\RunOnce: [scrSav] => C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [425984 2009-08-04] ()HKU\Default User\...\RunOnce: [scrSav] => C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [425984 2009-08-04] ()HKU\Kulanu\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)HKU\Kulanu\...\Run: [CompanionLink] => c:\program files (x86)\companionlink\companionlink.exe [23796368 2015-02-05] (CompanionLink Software, Inc.)HKU\Kulanu\...\Run: [GoogleChromeAutoLaunch_C3F5F9CA37DA744944BA2EE8AB4A690C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)HKU\Kulanu\...\Run: [cdloader] => C:\Users\Kulanu\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)HKU\Kulanu\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)HKU\QBDataServiceUser24\...\RunOnce: [scrSav] => C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()HKU\QBDataServiceUser24\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [425984 2009-08-04] ()HKU\QBDataServiceUser24.Kulanu-PC\...\RunOnce: [scrSav] => C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()HKU\QBDataServiceUser24.Kulanu-PC\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [425984 2009-08-04] ()Startup: C:\Users\Kulanu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-03-14]ShortcutTarget: Dropbox.lnk -> (No File)Startup: C:\Users\Kulanu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012-02-22]ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S3 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2014-06-26] (Intuit, Inc.)S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.)S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.)S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-05-04] (AVG Technologies CZ, s.r.o.)S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-03] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-03 18:27 - 2015-06-03 18:28 - 00000000 ____D () C:\FRST2015-06-03 06:11 - 2015-06-03 06:16 - 00000000 ____D () C:\Program Files (x86)\TeamViewer2015-06-03 06:11 - 2015-06-03 06:11 - 00001042 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk2015-06-03 06:11 - 2015-06-03 06:11 - 00000000 ____D () C:\Users\Kulanu\AppData\Roaming\TeamViewer2015-06-02 05:44 - 2015-06-02 05:44 - 00000000 ____D () C:\Users\Kulanu\AppData\Local\Avg2015-05-26 22:06 - 2015-05-29 07:15 - 00000000 ____D () C:\ProgramData\boost_interprocess2015-05-26 22:05 - 2015-05-26 22:10 - 00000000 ____D () C:\ProgramData\FitbitConnect2015-05-26 22:05 - 2015-05-26 22:05 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect2015-05-15 09:01 - 2015-05-01 05:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll2015-05-15 09:01 - 2015-05-01 05:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-05-15 08:59 - 2015-04-21 18:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2015-05-15 08:59 - 2015-04-21 17:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-05-15 08:59 - 2015-04-21 09:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2015-05-15 08:59 - 2015-04-21 09:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2015-05-15 08:59 - 2015-04-21 09:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll2015-05-15 08:59 - 2015-04-21 08:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2015-05-15 08:59 - 2015-04-21 08:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2015-05-15 08:59 - 2015-04-21 08:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec2015-05-15 08:59 - 2015-04-21 08:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll2015-05-15 08:59 - 2015-04-21 08:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2015-05-15 08:59 - 2015-04-21 08:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll2015-05-15 08:59 - 2015-04-21 08:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2015-05-15 08:59 - 2015-04-21 08:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2015-05-15 08:59 - 2015-04-21 08:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2015-05-15 08:59 - 2015-04-21 08:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2015-05-15 08:59 - 2015-04-21 08:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2015-05-15 08:59 - 2015-04-21 08:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe2015-05-15 08:59 - 2015-04-21 08:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll2015-05-15 08:59 - 2015-04-21 08:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2015-05-15 08:59 - 2015-04-21 08:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2015-05-15 08:59 - 2015-04-21 08:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-05-15 08:59 - 2015-04-21 08:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-05-15 08:59 - 2015-04-21 08:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2015-05-15 08:59 - 2015-04-21 08:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll2015-05-15 08:59 - 2015-04-21 08:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-05-15 08:59 - 2015-04-21 08:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-05-15 08:59 - 2015-04-21 08:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-05-15 08:59 - 2015-04-21 08:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-05-15 08:59 - 2015-04-21 08:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll2015-05-15 08:59 - 2015-04-21 08:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2015-05-15 08:59 - 2015-04-21 08:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-05-15 08:59 - 2015-04-21 08:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2015-05-15 08:59 - 2015-04-21 08:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-05-15 08:59 - 2015-04-21 08:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-05-15 08:59 - 2015-04-21 08:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-05-15 08:59 - 2015-04-21 08:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-05-15 08:59 - 2015-04-21 07:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-05-15 08:59 - 2015-04-21 07:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-05-15 08:59 - 2015-04-21 07:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-05-15 08:59 - 2015-04-21 07:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2015-05-15 08:59 - 2015-04-21 07:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2015-05-15 08:59 - 2015-04-21 07:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-05-15 08:59 - 2015-04-21 07:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2015-05-15 08:59 - 2015-04-21 07:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2015-05-15 08:59 - 2015-04-21 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-05-15 08:59 - 2015-04-21 07:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2015-05-15 08:59 - 2015-04-21 07:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-05-15 08:59 - 2015-04-21 07:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-05-15 08:59 - 2015-04-21 07:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-05-15 08:59 - 2015-04-21 07:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-05-15 08:59 - 2015-04-21 07:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2015-05-15 08:59 - 2015-04-21 07:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-05-15 08:59 - 2015-04-21 07:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-05-15 08:59 - 2015-04-21 07:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-05-15 08:59 - 2015-04-21 07:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-05-15 08:59 - 2015-04-21 07:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2015-05-15 08:59 - 2015-04-21 07:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2015-05-15 08:59 - 2015-04-21 07:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-05-15 08:59 - 2015-04-21 06:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-05-15 08:59 - 2015-04-21 06:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-05-15 08:58 - 2015-05-04 17:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll2015-05-15 08:58 - 2015-05-04 17:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-05-15 08:58 - 2015-04-27 11:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2015-05-15 08:58 - 2015-04-27 11:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2015-05-15 08:58 - 2015-04-27 11:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys2015-05-15 08:58 - 2015-04-27 11:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll2015-05-15 08:58 - 2015-04-27 11:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll2015-05-15 08:58 - 2015-04-27 11:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll2015-05-15 08:58 - 2015-04-27 11:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\System32\sechost.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll2015-05-15 08:58 - 2015-04-27 11:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll2015-05-15 08:58 - 2015-04-27 11:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\System32\tracerpt.exe2015-05-15 08:58 - 2015-04-27 11:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe2015-05-15 08:58 - 2015-04-27 11:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe2015-05-15 08:58 - 2015-04-27 11:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe2015-05-15 08:58 - 2015-04-27 11:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\System32\logman.exe2015-05-15 08:58 - 2015-04-27 11:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\typeperf.exe2015-05-15 08:58 - 2015-04-27 11:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\relog.exe2015-05-15 08:58 - 2015-04-27 11:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe2015-05-15 08:58 - 2015-04-27 11:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\System32\diskperf.exe2015-05-15 08:58 - 2015-04-27 11:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe2015-05-15 08:58 - 2015-04-27 11:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll2015-05-15 08:58 - 2015-04-27 11:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 11:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-05-15 08:58 - 2015-04-27 11:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-05-15 08:58 - 2015-04-27 11:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-05-15 08:58 - 2015-04-27 11:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll2015-05-15 08:58 - 2015-04-27 11:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-05-15 08:58 - 2015-04-27 11:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2015-05-15 08:58 - 2015-04-27 11:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2015-05-15 08:58 - 2015-04-27 11:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll2015-05-15 08:58 - 2015-04-27 11:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2015-05-15 08:58 - 2015-04-27 11:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-05-15 08:58 - 2015-04-27 11:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-05-15 08:58 - 2015-04-27 11:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-05-15 08:58 - 2015-04-27 11:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2015-05-15 08:58 - 2015-04-27 11:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-05-15 08:58 - 2015-04-27 11:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe2015-05-15 08:58 - 2015-04-27 11:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe2015-05-15 08:58 - 2015-04-27 11:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe2015-05-15 08:58 - 2015-04-27 11:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe2015-05-15 08:58 - 2015-04-27 11:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2015-05-15 08:58 - 2015-04-27 11:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2015-05-15 08:58 - 2015-04-27 11:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2015-05-15 08:58 - 2015-04-27 11:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2015-05-15 08:58 - 2015-04-27 11:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2015-05-15 08:58 - 2015-04-27 11:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2015-05-15 08:58 - 2015-04-27 11:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe2015-05-15 08:58 - 2015-04-27 11:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2015-05-15 08:58 - 2015-04-27 11:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-05-15 08:58 - 2015-04-27 11:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 10:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\UtcResources.dll2015-05-15 08:58 - 2015-04-27 09:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2015-05-15 08:58 - 2015-04-27 09:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2015-05-15 08:58 - 2015-04-27 09:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 09:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-05-15 08:58 - 2015-04-27 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-05-15 08:58 - 2015-04-19 19:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll2015-05-15 08:58 - 2015-04-19 19:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll2015-05-15 08:58 - 2015-04-19 18:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-05-15 08:58 - 2015-04-19 18:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2015-05-15 08:58 - 2015-04-17 19:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll2015-05-15 08:58 - 2015-04-17 18:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2015-05-15 08:58 - 2015-04-12 19:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\System32\services.exe2015-05-15 08:58 - 2015-04-07 19:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll2015-05-15 08:58 - 2015-04-07 19:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\jnwmon.dll2015-05-15 08:58 - 2015-04-07 19:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll2015-05-15 08:58 - 2015-01-28 19:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\System32\wpdshext.dll2015-05-15 08:58 - 2015-01-28 19:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll2015-05-15 08:54 - 2015-02-17 23:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe2015-05-15 08:54 - 2015-02-17 23:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\System32\poqexec.exe2015-05-15 08:53 - 2015-03-03 20:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\apphelp.dll2015-05-15 08:53 - 2015-03-03 20:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\System32\aelupsvc.dll2015-05-15 08:53 - 2015-03-03 20:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\sdbinst.exe2015-05-15 08:53 - 2015-03-03 20:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\shimeng.dll2015-05-15 08:53 - 2015-03-03 20:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll2015-05-15 08:53 - 2015-03-03 20:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll2015-05-15 08:53 - 2015-03-03 20:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe2015-05-07 09:50 - 2015-05-07 09:50 - 00378336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys2015-05-07 09:49 - 2015-05-07 09:49 - 00253920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsha.sys2015-05-07 09:49 - 2015-05-07 09:49 - 00220128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys2015-05-04 10:14 - 2015-05-04 10:14 - 00291296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-03 13:54 - 2011-02-11 15:43 - 01757444 _____ () C:\Windows\WindowsUpdate.log2015-06-03 13:53 - 2014-05-06 19:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys2015-06-03 10:52 - 2012-09-19 09:41 - 00000000 ___RD () C:\Users\Kulanu\Google Drive2015-06-03 10:10 - 2014-12-20 06:51 - 00000000 ___RD () C:\Users\Kulanu\Dropbox2015-06-03 10:09 - 2012-03-14 10:50 - 00000000 ____D () C:\Users\Kulanu\AppData\Roaming\Dropbox2015-06-03 10:04 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-06-03 10:04 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-06-03 10:00 - 2011-06-30 08:22 - 00000000 ____D () C:\ProgramData\MFAData2015-06-03 09:56 - 2009-07-13 20:51 - 00303326 _____ () C:\Windows\setupact.log2015-06-03 09:55 - 2010-04-12 01:11 - 01502864 _____ () C:\Windows\PFRO.log2015-06-03 09:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2015-06-03 09:42 - 2013-10-02 10:51 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2768293084-4022986806-2149712888-1001UA.job2015-06-03 09:37 - 2011-10-14 20:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-06-03 09:30 - 2014-06-30 15:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-06-03 08:55 - 2012-01-05 15:15 - 00000000 ____D () C:\Windows\Minidump2015-06-03 06:51 - 2014-06-16 18:25 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-06-03 06:51 - 2014-06-16 18:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-06-03 06:46 - 2011-06-30 08:13 - 00276872 _____ () C:\Users\Kulanu\AppData\Local\GDIPFONTCACHEV1.DAT2015-06-03 06:42 - 2013-10-02 10:51 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2768293084-4022986806-2149712888-1001Core.job2015-06-03 06:40 - 2013-06-02 20:29 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job2015-06-03 06:40 - 2011-10-14 20:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-06-03 06:33 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-06-03 06:17 - 2009-07-13 20:45 - 00820224 _____ () C:\Windows\System32\FNTCACHE.DAT2015-06-02 19:22 - 2011-06-30 10:16 - 00000000 ____D () C:\Program Files (x86)\Everything2015-06-02 19:12 - 2009-07-13 21:13 - 00799942 _____ () C:\Windows\System32\PerfStringBackup.INI2015-06-02 15:54 - 2015-04-01 10:44 - 00000006 _____ () C:\Users\Kulanu\Downloads\RecognitionAccordingtoGiftAmountRanges.mrg2015-06-02 14:56 - 2014-05-21 18:12 - 00000000 ____D () C:\Users\Kulanu\Documents\pst2015-06-02 05:45 - 2014-11-19 18:07 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2015.lnk2015-06-01 21:14 - 2011-07-13 09:06 - 00000000 ____D () C:\Users\Kulanu\AppData\Local\CutePDF Writer2015-06-01 21:04 - 2014-05-21 20:24 - 00000000 ____D () C:\Users\Kulanu\Documents\HRBlock2015-06-01 19:05 - 2011-09-30 21:44 - 00000000 ____D () C:\Users\Kulanu\AppData\Roaming\Skype2015-06-01 07:07 - 2014-05-26 20:55 - 00000000 ____D () C:\Users\Kulanu\Documents\Temp2015-05-31 15:47 - 2011-07-07 10:51 - 00000426 _____ () C:\Windows\BRWMARK.INI2015-05-28 20:50 - 2014-05-21 20:25 - 00000000 ____D () C:\Users\Kulanu\Documents\kulanu2015-05-27 15:02 - 2015-01-28 03:39 - 00000000 ___RD () C:\Program Files (x86)\Skype2015-05-16 07:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache2015-05-16 06:37 - 2013-10-02 10:51 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2768293084-4022986806-2149712888-1001UA2015-05-16 06:37 - 2013-10-02 10:51 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2768293084-4022986806-2149712888-1001Core2015-05-16 04:55 - 2013-03-13 17:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2015-05-16 04:55 - 2013-03-13 17:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2015-05-16 04:52 - 2009-07-13 23:45 - 00000000 ____D () C:\Program Files\Windows Journal2015-05-16 04:52 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\AdvancedInstallers2015-05-15 11:25 - 2013-08-07 23:00 - 00000000 ____D () C:\Windows\System32\MRT2015-05-15 11:25 - 2010-04-12 00:56 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-05-15 09:03 - 2011-06-30 23:14 - 140425016 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2015-05-14 22:32 - 2011-10-14 20:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-05-14 22:31 - 2011-10-14 20:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-05-14 06:52 - 2014-12-20 06:51 - 00001029 _____ () C:\Users\Kulanu\Desktop\Dropbox.lnk2015-05-14 06:52 - 2012-06-11 10:59 - 00005121 _____ () C:\Windows\wininit.ini2015-05-12 09:38 - 2015-04-13 12:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM2015-05-07 04:41 - 2011-09-30 21:44 - 00000000 ____D () C:\ProgramData\Skype Some files in TEMP:====================C:\Users\Kulanu\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuexzsa.dllC:\Users\Kulanu\AppData\Local\Temp\uninstall.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe[2015-05-15 08:58] - [2015-04-12 19:28] - 0328704 ____A (Microsoft Corporation) 71C85477DF9347FE8E7BC55768473FCA C:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 14%Total physical RAM: 5871.76 MBAvailable physical RAM: 5029.29 MBTotal Pagefile: 5869.91 MBAvailable Pagefile: 5035.29 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (Gateway) (Fixed) (Total:581.01 GB) (Free:310.79 GB) NTFSDrive d: (KINGSTON) (Removable) (Total:7.25 GB) (Free:6.42 GB) FAT32Drive e: (Dell USB Portable HDD) (Fixed) (Total:465.76 GB) (Free:155.97 GB) NTFSDrive f: (USB Hard Disk) (Fixed) (Total:232.88 GB) (Free:104.1 GB) NTFSDrive h: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.3 GB) NTFSDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 596.1 GB) (Disk ID: 164A6325)Partition 1: (Not Active) - (Size=15 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 3FB69270)Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS) ========================================================Disk: 7 (Size: 465.8 GB) (Disk ID: 47BFBF01)Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ========================================================Disk: 8 (MBR Code: Windows 7 or 8) (Size: 7.3 GB) (Disk ID: C3072E18)Partition 1: (Active) - (Size=7.3 GB) - (Type=0B) LastRegBack: 2015-05-23 21:54 ==================== End of log ============================

I misread your message and used the System Repair CD that I had previously created to boot from the CD to a command prompt, and ran chkdsk /r C: from there. I didn't start from an administrative command prompt within Windows. Is that equally good? Could there be any harm in doing it this way? Chkdsk says it's looking at 1582336 file records. But in about 30 minutes, it hasn't progressed beyond 0 percent complete, in stage 1. It says 87949 of 1582336 file records processed, but that number went from 87949 to 87965 in the past 15 minutes. It now lists four file record segments that are unreadable betweem 87952 through 87955. When I google "chkdsk running extremely slowly," I find lots of messages saying this seems like a bad hard drive. I do have a backup of data files but not a ghost of the whole drive. I'm thinking it's time to get a new hard drive and re-install Windows - or at least reformat this drive and then see where things stand. I've also read suggestions to find diagnostic programs from the hardware manufacturer of the hard drive. I have to see what hard drive I have. Going out now, back later. Does this all make sense to you? Harriet

I just tried to follow the instructions on running system file checker from a cmd prompt after booting from a repair C "D. So far the system tried to do a startup repair (this wasn't mentioned in the instructions), and gave me a a report saying "Startup Repair cannot repair this computer automatically. [To be clear, I don't think I really have a startup problem. My computer starts up regularly - it crashes when I go into Windows Explorer. But I had just turned off the computer when it was booting into Windows because I wanted it to boot from a CD instead. But I'm thinking all these tests might still be informative] Then I clicked on "details," and got this list: Problem signature: Problem Event Name: StartupRepairOFFLine Problem signature 01: 6.1.7600.16385 Problem signature 02: 6.1.7600.16385 Problem signature 03: unknown Problem signature 04: 941 Problem signature 05: ExternalMedia Problem signature 06: 1 Problem signature 07: BadPatch OS Version 6.1.7600.2.0.0.256.1 [end of problem details] Then it gave diagnosis and repair details. I can't find a way to cut and paste, so I'll type out the names of the tests that showed no problems, and copy all the information on tests that either show a problem or where I don't understand what it said: Startup Diagnosis and repair log: Number of repair attempts: 1 Session details --------------------------------- System Disk = \Device\Harddisk0 Windows Directory = C:\Windows autoChk Run = 0 Number of root causes = 1 Tests performed - no problems (all these say "Result: Completed successfully. Error code = 0x0" Check for updates System disk test Disk failure diagnosis Disk metadata test Target OS test Volume content check Boot manager diagnosis System boot log diagnosis Event log diagnosis Internal state check Boot status test Setup State check Registry hives test Windows boot log diagnosis Bugcheck analysis Access conrol test File system test (chkdsk) Software installation log diagnosis Root cause found: ---------------------------------- A path is preventing the system from starting Repair action: System Restore Result: Cancelled Repair action: System Restore Result: Cancelled Repair action: System files integrity check and repair Result: Failed. Error code = 0x45d Time taken = 1175858 ms --------------------------- Then I followed the instructions that you recommended at http://www.sevenforums.com/tutorials/139810-sfc-scannow-run-command-prompt-boot.html to run System File Checker. It ran and took quite a while (perhaps and hour?) and then gave me this message: Windows Resource Protection could not perform the required operation. I then ran the same command again for System File Checker, since the instructions had said "if it does [find errors] it may take you running this command a couple separate times to completely repair any issues it finds so don't give up after just one attempt." I wasn't sure if that applied to my case where the report was that it couldn't perform the required operation - but I'm leaving it working and going to sleep. . . . Please advise what to do next! I don't have a Windows 7 installation disk. Would it help if I had one? I do have two other Windows 7 computers available, if they can help create an installation disk. At the moment I think the biggest problem has been with Windows Explorer. If that worked, then I am hoping that I could run other programs you've suggested such as RogueKiller. Is there a way to focus on fixing Windows Explorer? (I imagine that's what we're already trying to do by running System File Checker). Thanks for your help, Kevin! Harriet

I had wiped the flash drive in order to make the needed flash drive for Windows Defender Online, but I made a backup first, and had then done another quick reformat so it was no longer a startup drive. So I was able to put FSRT back on the flash drive and follow your instructions. It looks like it did what you asked. Here are the contents of fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2014 02 Ran by SYSTEM at 2014-04-28 18:48:23 Run:3 Running from F:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** Start LastRegBack: 2014-04-09 01:54 End ***************** DEFAULT hive was successfully copied to System32\config\HiveBackup DEFAULT hive was successfully restored from registry back up. SAM hive was successfully copied to System32\config\HiveBackup SAM hive was successfully restored from registry back up. SECURITY hive was successfully copied to System32\config\HiveBackup SECURITY hive was successfully restored from registry back up. SOFTWARE hive was successfully copied to System32\config\HiveBackup SOFTWARE hive was successfully restored from registry back up. SYSTEM hive was successfully copied to System32\config\HiveBackup SYSTEM hive was successfully restored from registry back up. [End of fixlog.txt] Then I shut down the corrupted computer, waited a little, and rebooted in normal mode. I tried to click on Windows Explorer and got a message saying Windows wasn't working, did I want to close it. But then it seemed to start again. I still can't get the portable Window repair onto my desktop. Later I tried to re-boot in Safe Mode with NW, and open the flash drive somehow, where I can see the portable Windows Repair file (ReimageRepair.exe) listed. But nothing happens when I right-click, left-click, or double click on it. I was trying to move it to the desktop, but so far I haven't figured out how to do this.

Thanks for staying with me! This last assignment seems like a Catch-22. We are trying to repair Windows Explorer, which hardly ever works. But I don't know how to get the program from my flash drive onto my desktop without using Windows Explorer. Is there any way to do some of these steps from a command prompt, without booting into Normal Mode? I downloaded onto a flash drive, and tried putting the flash drive into the USB slot after I booted the damaged computer, and hoped that autoplay would give me access to the files. But the option says that to open files and folders, it will still use Windows Explorer. I'm leaving it for hours again to see if it finally will open I haven't yet tried using my browser to download the program and see if it will save it directly to the desktop. I'm wishing for the old days when I had an emergency floppy disk that had a bunch of tools on it, and I could run things like scandisk without booting to the operating system first. Is there a way to run this portable windows repair after booting from a DVD or a floppy drive? Harriet

I'm back from a weekend away from home. I installed Windows Defender Online on a CD-R disk, and left it running while I was away. I canceled the Quick Scan and ran the Full Scan instead. When I got back home this afternoon, the screen asked if I wanted to clean the problems, and I said yes, and the screen said that it had successfully got rid of these problems: JS/Tracur.C JS/Tracur.B JS/Iestart.N Since then I've spent many hours trying to find a way to access the file you asked for, "C:\Windows\Windows Defender Offline\Support\MPLog-MM/DD/YYYY-HH/MM/SS .txt", but I haven't managed to navigate to it and open it. I did just manage to open Notepad ++, and I clicked on "open," but then I've gotten messages saying Windows Explorer is not responding. I tried opening in Safe Mode with Command Prompt, using old DOS commands, but when I did a directory of the Windows folder, I didn't see Windows Defender Offline or anything that substituted for that (I didn't know if the Command Prompt can handle spaces in a folder name). Even though Windows Defender Offline said it resolved the problems, my computer still isn't working. Is it likely that there are more viruses or similar offenders still on my computer? Or that files are simply damaged from having had to turn off the computer with the power button so many times when it wouldn't shut down properly? Thanks. Harriet

I managed to start roguekiller after quite a while, from Safe mode with networking, and it was finding many issues, but it seemed to get stuck about 20-25 % of the way through the scan. It also was hard to start it in Safe Mode, because I have so many icons that in that resolution I couldn't get to the icon on the desktop, and opening Windows Explorer usually doesn't work. I'm now trying to start it again in normal mode.

I have determined that malwarebytes is not installed on my desktop. Should I install that as well as roguekiller? With roguekiller, you say that I should disconnect all USB or external drives. Does this mean I should not run roguekiller and Farbar Recovery Scan Tool from my USB flash drive?

My desktop computer is now much improved, but still seems to have some problems. For example, I went to control panel, to get to the list of installed programs, to see if I already had malwarebytes installed, and it the control panel stopped responding. When I go to Windows Explorer it stops responding. I was certain that I had already installed Malwarebytes - I thought I had used it to clear up a problem a few weeks or a month ago - but I now can't find evidence that it's installed. When I can get it to respond again, I'll try again to install or re-install Malwarebytes.

I finally managed to open Safe Mode with Networking (each mouse click took a very long time before it responded), and ran the FRST fix from the same directory of the flash drive where I ran it last time. After that, I rebooted, and now have a black background different from my usual Windows desktop, there are a number of icons but they are all pure white with no images, and the first 1 1/2 columns of icons have no words under them (except for the recycle bin). The Quick Launch bar (or is it the Start bar??) has a new background, but no icons other than the start icon on one end and the time and date on the other. The mouse moves. It's not clear to me whether this is very slowly starting, or if it stuck at this point. Here are the results: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014 Ran by Harriet at 2014-04-24 13:22:37 Run:2 Running from L:\Downloads\Farbar Recovery Scan Tool Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** Start ProxyServer: http=127.0.0.1:49323;https=127.0.0.1:49323 BHO-x32: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File Toolbar: HKLM-x32 - VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File C:\Users\Classic .NET AppPool\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe Task: {29F09361-0AAC-45FA-B9C4-508BF06B3783} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION Task: {C6A4B95D-EC08-4CA9-88FE-2DBB27B9633D} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION End ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{A057A204-BACC-4D26-8287-79A187E26987} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A057A204-BACC-4D26-8287-79A187E26987} => Value deleted successfully. HKCR\Wow6432Node\CLSID\{A057A204-BACC-4D26-8287-79A187E26987} => Key deleted successfully. "C:\Users\Classic .NET AppPool\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29F09361-0AAC-45FA-B9C4-508BF06B3783} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29F09361-0AAC-45FA-B9C4-508BF06B3783} => Key deleted successfully. C:\Windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6A4B95D-EC08-4CA9-88FE-2DBB27B9633D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6A4B95D-EC08-4CA9-88FE-2DBB27B9633D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully. ==== End of Fixlog ====

Here's the contents of fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2014 02 Ran by SYSTEM at 2014-04-23 22:50:38 Run:1 Running from G:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** Start ProxyServer: http=127.0.0.1:49323;https=127.0.0.1:49323 BHO-x32: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File Toolbar: HKLM-x32 - VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File C:\Users\Classic .NET AppPool\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe Task: {29F09361-0AAC-45FA-B9C4-508BF06B3783} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION Task: {C6A4B95D-EC08-4CA9-88FE-2DBB27B9633D} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION End ***************** ProxyServer: http=127.0.0.1:49323;https=127.0.0.1:49323 => Error: The entry should be fixed outside recovery mode. BHO-x32: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File => Error: The entry should be fixed outside recovery mode. Toolbar: HKLM-x32 - VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File => Error: The entry should be fixed outside recovery mode. C:\Users\Classic .NET AppPool\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully. Task: {29F09361-0AAC-45FA-B9C4-508BF06B3783} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION => Error: The entry should be fixed outside recovery mode. Task: {C6A4B95D-EC08-4CA9-88FE-2DBB27B9633D} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION => Error: The entry should be fixed outside recovery mode. ==== End of Fixlog ====

I'm afraid I'm stumped about how to answer your question about the proxy server, since I'm not sure what or where the proxy server would be, or whether I previously had one. I called my Internet provider, RCN, and they say they don't use a proxy server. I asked where to find the proxy server that is working on my computer, and he suggested I look in Internet Explorer - tools, Internet options - connections - Local Area Network Settings. I finally got to that place on my dysfunctional desktop, and the box next to "use a proxy server for your LAN" is unchecked. I looked in the same place on the laptop that I'm using to write to you, and that also has "use a proxy server for your LAN" unchecked. I do have a TP-Link router model TL-WDR4300. Would the proxy server be related to the router? Note that I am posting these messages from my working laptop, not from my dysfunctional desktop computer. Did you find the proxy server info from my postings to this forum, or from the Farbar Recovery Scan Test results which came from the desktop? Thanks. Harriet

Here is the addition.txt file, also created by the Farbar Recovery Scan Tool, from the same scan as the FRST.txt file copied in the last message. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 02 Ran by Harriet at 2014-04-21 19:35:17 Running from L:\Downloads\Farbar Recovery Scan Tool Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) ACDSee Photo Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.344 - ACD Systems International Inc.) AceFTP 3 Freeware (HKLM-x32\...\AceFTP 3 Freeware) (Version: 3.80.3 - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Dreamweaver CS5 (HKLM-x32\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies) Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies) AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BurnAware Free 6.0 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.) Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - ) Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - ) Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version: - ) Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version: - ) Canon MX890 series User Registration (HKLM-x32\...\Canon MX890 series User Registration) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - ) Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.0 build 3621 (Oct-10-2013) - Carbonite) CompanionLink (HKLM-x32\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 5.00.5050 - CompanionLink Software, Inc.) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.) Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - ) FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project) Free Audio Converter version 5.0.23.320 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.) Free Easy Burner V 5.1 (HKLM-x32\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft) Free MTS Converter (HKLM-x32\...\Free MTS Converter_is1) (Version: - ) Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google) Google Drive (HKLM-x32\...\{84B981C8-D6E4-473F-8062-63F14F44183E}) (Version: 1.15.6464.228 - Google, Inc.) Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.) Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) H&R Block Business 2011 (Remove Only) (HKLM-x32\...\H&R Block Business 2011) (Version: - ) H&R Block Business 2012 (Remove Only) (HKLM-x32\...\H&R Block Business 2012) (Version: - ) H&R Block Business 2013 (Remove Only) (HKLM-x32\...\H&R Block Business 2013) (Version: - ) H&R Block Massachusetts 2011 (HKLM-x32\...\{7F9C8D01-5B27-454F-8629-9EDAA1D9A0BC}) (Version: 1.11.2801 - HRB Technology, LLC.) H&R Block New York 2011 (HKLM-x32\...\{6C434B52-8D0F-4080-9649-7497445DDCD4}) (Version: 1.11.4401 - HRB Technology, LLC.) H&R Block New York 2012 (HKLM-x32\...\{0A5FB059-9FF1-4A78-9753-4D7656560DAF}) (Version: 1.12.7001 - HRB Technology, LLC.) H&R Block New York 2013 (HKLM-x32\...\{E3B9117D-7476-4C74-8C22-337F630D6602}) (Version: 1.13.5901 - HRB Technology, LLC.) H&R Block Premium + Efile + State 2011 (HKLM-x32\...\{4221094E-82B8-43C4-94F4-A6760FC1842A}) (Version: 11.07.7102 - HRB Technology, LLC.) H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7803 - HRB Technology, LLC.) H&R Block Premium + Efile + State 2013 (HKLM-x32\...\{7304A91F-F4AF-41B3-85B6-C5923EDBF899}) (Version: 13.07.6502 - HRB Technology, LLC.) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) iTunes (HKLM\...\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}) (Version: 10.5.2.11 - Apple Inc.) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden magicJack (HKCU\...\magicJack) (Version: 3.1.6970.4873 - magicJack L.P.) MediaWidget 6.0 (HKLM-x32\...\MediaWidget - Easy iPod Transfer_is1) (Version: - Bootstrap Development, LLC.) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version: - ) Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Mobile App Sync (HKLM-x32\...\Mobile App Sync) (Version: - Mobile App Sync) Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.3 - ) OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org) PassportPhoto (remove) (HKCU\...\PassportPhoto) (Version: - ) Payroll Income Documents Generator 3.0 (HKCU\...\Payroll Income Documents Generator) (Version: 3.0 - Payroll Documents) PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC) Phanfare (HKLM-x32\...\Phanfare) (Version: 3.0 - Phanfare, Inc.) PhotoFiltre (HKCU\...\PhotoFiltre) (Version: - ) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) QB Connection Diagnostic Tool (HKLM-x32\...\QB Connection Diagnostic Tool) (Version: 3.0.0.0 - Intuit Inc.) QuickBooks (x32 Version: 24.0.4005.2403 - Intuit Inc.) Hidden QuickBooks Premier: Nonprofit Edition 2014 (HKLM-x32\...\{4F63B8CE-2062-4A0F-976D-6CB6F60475D3}) (Version: 24.0.4005.2403 - Intuit Inc.) QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.) Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit) Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12054_20 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.3.2.12054_20 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.) Sheet Music Plus Digital Print (HKLM-x32\...\com.sheetmusicplus.DigitalAirPrint) (Version: v2011.11.14 - Sheet Music Plus, LLC) Sheet Music Plus Digital Print (x32 Version: 255.11.14 - Sheet Music Plus, LLC) Hidden Shockwave (HKLM-x32\...\Shockwave) (Version: - ) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spotify (HKCU\...\Spotify) (Version: 0.8.0.1028.ga3450140 - Spotify AB) StretchWare (HKLM-x32\...\StretchWare) (Version: - ) The Print Shop 20 (HKLM-x32\...\{85BB6CF7-5144-4942-87E4-5FC5C47569F8}) (Version: 20.00.0000 - Broderbund Software) TP-LINK USB Printer Controller (HKLM-x32\...\{A72F84C1-7F66-49FB-A1AD-F48C7E82555A}) (Version: 1.12.1126 - TP-LINK) UMPlayer 0.98 [P4] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation) XAMPP 1.8.1 (HKLM-x32\...\xampp) (Version: - ) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {13B60FE0-9FC3-45E9-B0E0-96035A19BB9B} - System32\Tasks\{F93F5CD9-C712-4C4F-A2DF-60056A0BB154} => C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-04-08] (Google) Task: {29F09361-0AAC-45FA-B9C4-508BF06B3783} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION Task: {3395E8D5-C4DA-46AE-8833-6D110B6D8363} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {40815A77-398A-45E4-AF7E-AA847DF1265C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {462796DB-CD41-48F5-A1FD-40F715EB20B9} - System32\Tasks\AVG_SYS_TASK_0414b => C:\ProgramData\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe [2014-04-09] () Task: {49685B8B-07A8-4C7C-93EA-4A2978EE70AC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {4AA1265F-E00B-4299-B5C0-C7F4B0281DCD} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe Task: {562C47B2-9C98-4FC1-93EB-6FBD83398E8D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {603ADAF3-A08D-468C-A93A-69E4EA7822A1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {6E3E0DDE-1034-4805-96E0-36D9DC34DE38} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001UA => C:\Users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.) Task: {7F4E21E3-E1F1-4A87-BF77-50F07A93EF0A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {887C2330-1F06-412F-BEEB-763E90AC8BF1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001Core => C:\Users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.) Task: {8A06CFF4-B196-46D6-929D-7148FAC73543} - System32\Tasks\AdobeAAMUpdater-1.0-Harriet-Gateway-Harriet => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: {99305010-353F-4711-90E3-1FB50721DA48} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {A914E1A5-82F8-4305-982D-14510C79B6AA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {B3AD8AED-8327-4DBE-B296-A08E8B58334E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-01] (Google Inc.) Task: {BD21A537-51D2-443E-8372-C2BA2007FE69} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {C6A4B95D-EC08-4CA9-88FE-2DBB27B9633D} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION Task: {C6C5DC50-1B75-4600-AA9C-565B3159F705} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {EC6AB74F-0DFF-46F8-8DA7-1788CF3461D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-01] (Google Inc.) Task: {EE68F903-A9A9-4E04-92EE-0B4CF94F79EE} - System32\Tasks\AVG_SYS_TASK_0414b_DELETE => C:\ProgramData\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe [2014-04-09] () Task: {F284588B-DF9E-4626-A991-C89FF600417A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AVG_SYS_TASK_0414b.job => C:\ProgramData\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe Task: C:\Windows\Tasks\AVG_SYS_TASK_0414b_DELETE.job => C:\ProgramData\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001Core.job => C:\Users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001UA.job => C:\Users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Harriet\Documents\2004-06-23 Hudson sunset (FOHRP ride) 028 cropped.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\2004-06-23 Hudson sunset (FOHRP ride) 028cropped.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\IMGP0207_edited.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\IPTC-sample.jpg:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\Jon Harris with Arthie and Margie.bmp:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\making challah covers.jpg:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\margie and diana.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\margie and hot jon.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\margie and nat.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\margie and steve 2.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\margie and steve 3.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\margie and steve.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\margie brett rose.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\margie with food.JPG:Roxio EMC Stream AlternateDataStreams: C:\Users\Harriet\Documents\margie with purple sweatshirt.JPG:Roxio EMC Stream ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Harriet^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY MSCONFIG\startupreg: BSDAppUpdater => C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon MSCONFIG\startupreg: Google Update => "C:\Users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Spotify => "C:\Users\Harriet\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: StartNowToolbarHelper => "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" MSCONFIG\startupreg: StretchWare StchCtrl => C:\Program Files (x86)\Shelter Publications\StretchWare\Stchctrl.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe ==================== Faulty Device Manager Devices ============= Name: Unknown Device Description: Unknown Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (04/21/2014 01:00:46 PM) (Source: Application Hang) (User: ) Description: The program AVG-Secure-Search-Update_0414b.exe version 14.0.0.19 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 774 Start Time: 01cf5d6dbc371431 Termination Time: 16 Application Path: C:\Users\Harriet\AppData\Roaming\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe Report Id: 749bf5ab-c976-11e3-b2e4-001f16f3444e Error: (04/21/2014 11:18:47 AM) (Source: QuickBooks) (User: ) Description: An unexpected error has occured in "QuickBooks": QBDBPF Log Monitor Service seems is running but not listening on the required port Error: (04/21/2014 10:29:19 AM) (Source: Application Error) (User: ) Description: Windows cannot access the file C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program D2MClient because of this error. Program: D2MClient File: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (04/21/2014 10:29:19 AM) (Source: Application Error) (User: ) Description: Faulting application name: D2MClient.exe, version: 1.0.0.0, time stamp: 0x521df2b3 Faulting module name: mscorwks.dll, version: 2.0.50727.5477, time stamp: 0x5265cfa2 Exception code: 0xc0000006 Fault offset: 0x0007bd8e Faulting process id: 0x878 Faulting application start time: 0xD2MClient.exe0 Faulting application path: D2MClient.exe1 Faulting module path: D2MClient.exe2 Report Id: D2MClient.exe3 Error: (04/21/2014 10:26:46 AM) (Source: Application Error) (User: ) Description: Windows cannot access the file C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program D2MClient because of this error. Program: D2MClient File: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (04/21/2014 10:26:45 AM) (Source: Application Error) (User: ) Description: Faulting application name: D2MClient.exe, version: 1.0.0.0, time stamp: 0x521df2b3 Faulting module name: mscorwks.dll, version: 2.0.50727.5477, time stamp: 0x5265cfa2 Exception code: 0xc0000006 Fault offset: 0x0007bdac Faulting process id: 0x878 Faulting application start time: 0xD2MClient.exe0 Faulting application path: D2MClient.exe1 Faulting module path: D2MClient.exe2 Report Id: D2MClient.exe3 Error: (04/21/2014 10:25:54 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (04/21/2014 09:34:20 AM) (Source: Windows Search Service) (User: ) Description: Unable to initialize the filter host process. Terminating. Details: This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4) Error: (04/21/2014 09:26:46 AM) (Source: Windows Search Service) (User: ) Description: Unable to initialize the filter host process. Terminating. Details: This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4) Error: (04/21/2014 09:17:18 AM) (Source: Application Hang) (User: ) Description: The program AVG-Secure-Search-Update_0414b.exe version 14.0.0.19 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 5b8 Start Time: 01cf5d615f087f2d Termination Time: 0 Application Path: C:\Users\Harriet\AppData\Roaming\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe Report Id: 31f2a661-c957-11e3-bcf6-001f16f3444e System errors: ============= Error: (04/21/2014 03:18:57 PM) (Source: DCOM) (User: ) Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F} Error: (04/21/2014 03:18:56 PM) (Source: DCOM) (User: ) Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF} Error: (04/21/2014 03:18:06 PM) (Source: Service Control Manager) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1068 Error: (04/21/2014 03:18:04 PM) (Source: DCOM) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (04/21/2014 03:17:19 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/21/2014 03:17:19 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/21/2014 03:17:19 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/21/2014 03:17:18 PM) (Source: DCOM) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (04/21/2014 03:15:43 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/21/2014 03:15:43 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (04/21/2014 02:13:48 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48 seconds with 0 seconds of active time. This session ended with a crash. Error: (07/25/2013 10:50:06 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1195878 seconds with 6300 seconds of active time. This session ended with a crash. Error: (06/30/2013 05:32:49 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 76960 seconds with 540 seconds of active time. This session ended with a crash. Error: (09/29/2012 05:21:02 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 450361 seconds with 540 seconds of active time. This session ended with a crash. Error: (09/06/2012 02:36:49 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 685653 seconds with 10080 seconds of active time. This session ended with a crash. Error: (08/06/2012 11:23:13 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 431366 seconds with 7560 seconds of active time. This session ended with a crash. Error: (07/10/2012 07:41:18 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 576 seconds with 360 seconds of active time. This session ended with a crash. Error: (07/10/2012 07:31:32 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 153726 seconds with 1980 seconds of active time. This session ended with a crash. Error: (06/25/2012 02:26:34 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 305135 seconds with 2880 seconds of active time. This session ended with a crash. Error: (04/16/2012 05:50:18 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 231 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 8157.18 MB Available physical RAM: 6966.03 MB Total Pagefile: 16312.53 MB Available Pagefile: 15422 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (COMPAQ) (Fixed) (Total:455.6 GB) (Free:201.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.16 GB) (Free:1.37 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive i: (USB Hard Disk) (Fixed) (Total:232.88 GB) (Free:105.4 GB) NTFS Drive l: (KINGSTON) (Removable) (Total:7.26 GB) (Free:4.57 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=456 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=10 GB) - (Type=0C) ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=7 GB) - (Type=0C) ======================================================== Disk: 4 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 3FB69270) Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Kevin, Thanks so much. Before I read your message, after an entire day of restarting my computer (sometimes in Safe Mode, sometimes normally), I managed to open Windows Explorer from within Windows after booting in Safe Mode with Networking, and I managed to run FRST from a flash drive. I ended up with three text files: FRST.txt, Addition.txt, and Shortcut.txt. I'm about to copy and paste the FRST.txt in this message and Addition.txt in the following message. I'm unsure whether to post shortcut.txt, since it seems possible that this leads to private information. Do you need that to diagnose what is going on or to suggest repairs? If so, can I upload it to you privately? Thanks for the directions on how to run FRST directly from the boot menu! Would it be "purer" to use those directions instead of using the scan results below, mae from a probably infected computer? I'll appreciate any suggestions on what to do next. Thanks. Harriet ===================== FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02 Ran by Harriet (administrator) on HARRIET-GATEWAY on 21-04-2014 19:16:29 Running from L:\Downloads\Farbar Recovery Scan Tool Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\taskmgr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.) HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] () HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-10-11] (Google) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [OCDLMgr] => [X] HKLM-x32\...\Run: [stretchWare StchCtrl] => C:\Program Files (x86)\Shelter Publications\StretchWare\stchctrl.exe [454656 2001-12-11] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [TP-LINK USB Printer Controller] => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe [4234240 2012-11-26] (TP-LINK) HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.) HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [CompanionLink] => c:\program files (x86)\companionlink\companionlink.exe [51796480 2013-03-15] (CompanionLink Software, Inc.) HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [Google Update] => C:\Users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-06] (Google Inc.) HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-08-30] () HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [cdloader] => C:\Users\Harriet\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2013-05-06] (magicJack L.P.) HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Harriet\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415104 2014-04-09] (Google) HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [MobileAppSync] => C:\Program Files (x86)\Mobile App Sync\D2MClient.exe [332800 2013-10-03] (Appcaster) HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Harriet\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=72fdf871223147d1afd3d1565017adbd-783e7a5b7263add5c3f3b4ee980ce4aed4786ed8 /CMPID=0214c HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [AVG-Secure-Search-Update_0414b] => C:\Users\Harriet\AppData\Roaming\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe [2707480 2014-04-09] () AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-10-11] (Google) Startup: C:\Users\Harriet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Harriet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Harriet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:49323;https=127.0.0.1:49323 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A53EE5CC034CF01 BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Harriet\AppData\Roaming\Mozilla\Firefox\Profiles\anzczais.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Harriet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Harriet\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Harriet\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Harriet\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Harriet\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Harriet\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: AwardWallet - C:\Users\Harriet\AppData\Roaming\Mozilla\Firefox\Profiles\anzczais.default\Extensions\6200cc7406cd11e1a68a12313d1adcbe@jetpack.xpi [2013-09-17] FF Extension: Send to Kindle for Mozilla Firefox - C:\Users\Harriet\AppData\Roaming\Mozilla\Firefox\Profiles\anzczais.default\Extensions\sendtokindle@amazon.com.xpi [2012-11-12] FF Extension: New Tab Homepage - C:\Users\Harriet\AppData\Roaming\Mozilla\Firefox\Profiles\anzczais.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2013-03-21] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-12-02] FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06] CHR Extension: (Google Drive) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-07] CHR Extension: (YouTube) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06] CHR Extension: (Google Search) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06] CHR Extension: (RealDownloader) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-06] CHR Extension: (Skype Click to Call) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-26] CHR Extension: (Google Wallet) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07] CHR Extension: (Gmail) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Harriet\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-23] CHR HKLM-x32\...\Chrome\Extension: [aaaapoehmlbjgmbfaelmebaigekhbioa] - C:\Users\Harriet\AppData\Local\APN\GoogleCRXs\aaaapoehmlbjgmbfaelmebaigekhbioa_7.13.2.0.crx [2013-09-23] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14] ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-10-11] (Google) S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] () S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.) S3 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2014-02-27] (Intuit, Inc.) ==================== Drivers (Whitelisted) ==================== S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-21] (AVG Technologies) R3 TPLINKUDSMBus; C:\Windows\System32\drivers\TplinkUDSMBus.sys [102688 2012-09-21] (Windows ® Codename Longhorn DDK provider) S3 TplinkUDSTcpBus; C:\Windows\System32\drivers\TplinkUDSTcpBus.sys [181024 2012-09-21] (Windows ® Codename Longhorn DDK provider) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228 C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\avgdiska.sys BE5047191368D2C014202AB2775768B7 C:\Windows\System32\DRIVERS\avgidsdrivera.sys EE48CA8AB25E2B0EE3D3E5A463C5A37E C:\Windows\System32\DRIVERS\avgidsha.sys 494D668B4CB866A1D6835E5F01B13EF1 C:\Windows\System32\DRIVERS\avgldx64.sys 4BE8BB177B4C2BC3564845EF6D1073F1 C:\Windows\System32\DRIVERS\avgloga.sys D3772CC086FB81F76B5A82C85E1C7C8E C:\Windows\System32\DRIVERS\avgmfx64.sys A0BCE5DC2C1F1EE5C1CA19A33375AC23 C:\Windows\System32\DRIVERS\avgrkx64.sys 12FAAF366975B2BF2E93F1866C0E480D C:\Windows\System32\DRIVERS\avgtdia.sys 4E364FABBD147F59E5D524C9EA86D772 C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ssudbus.sys 105373D52E71D2D1355AD3ACD18259C3 C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52 C:\Windows\System32\DRIVERS\e1y60x64.sys 50AD8FC1DC800FF36087994C8F7FDFF2 C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys C6238C6ABD6AC99F5D152DA4E9439A3D C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64 C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lv302a64.sys 4CB64D7458ABD8396BCD389A69C8FC80 C:\Windows\System32\drivers\LVUSBS64.sys 0034F69D0007D3F77F6B96FA51228E85 C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\LV302V64.SYS 37EA62238E17AE88E4713D9246CA1C1C C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\System32\DRIVERS\ssudmdm.sys 74425FFA11C133D045E1C3BE2EAD481D C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\drivers\TplinkUDSMBus.sys AE9F8EDAD88923BB1D5130760DA8323F C:\Windows\System32\drivers\TplinkUDSTcpBus.sys A000916C85E1C0A29643AD8824191304 C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys ==> MD5 is legit C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2 C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\system32\drivers\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8 C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-21 18:03 - 2014-04-21 19:16 - 00000000 ____D () C:\FRST 2014-04-21 03:16 - 2014-03-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-21 03:16 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-21 03:16 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-21 03:16 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-21 03:16 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-21 03:16 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-21 03:16 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-21 03:16 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-21 03:16 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-21 03:16 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-21 03:15 - 2014-03-06 06:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-21 03:15 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-21 03:15 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-21 03:15 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-21 03:15 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-21 03:15 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-21 03:15 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-21 03:15 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-21 03:15 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-21 03:15 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-21 03:15 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-21 03:15 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-21 03:15 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-21 03:15 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-21 03:15 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-21 03:15 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-21 03:15 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-21 03:15 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-21 03:15 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-21 03:15 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-21 03:15 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-21 03:15 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-21 03:15 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-21 03:15 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-21 03:15 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-21 03:15 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-21 03:15 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-21 03:15 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-21 03:15 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-21 03:15 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-21 03:15 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-21 03:15 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-21 03:15 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-21 03:15 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-21 03:15 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-21 03:15 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-21 03:15 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-21 03:15 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-21 00:50 - 2014-04-21 00:50 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-18 19:53 - 2014-04-18 19:54 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\Avg_Update_0414b 2014-04-18 19:49 - 2014-04-21 15:08 - 00000384 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0414b_DELETE.job 2014-04-18 19:49 - 2014-04-18 19:53 - 00002808 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0414b 2014-04-18 19:49 - 2014-04-18 19:49 - 00002886 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0414b_DELETE 2014-04-18 19:48 - 2014-04-21 15:08 - 00000514 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0414b.job 2014-04-18 19:34 - 2014-04-18 19:46 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b 2014-04-10 10:21 - 2014-04-10 10:22 - 00003380 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001 2014-04-10 10:21 - 2014-04-10 10:22 - 00003250 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001 2014-04-10 10:15 - 2014-04-10 10:15 - 00003358 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001 2014-04-10 10:15 - 2014-04-10 10:15 - 00003228 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001 2014-04-09 06:27 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 06:27 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 06:27 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 06:27 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 06:27 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 06:26 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 06:26 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 06:26 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 06:26 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 06:26 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 06:26 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 06:26 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 06:26 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 06:26 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 06:26 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 06:26 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 06:26 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-08 13:01 - 2014-04-08 13:01 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Local\Intuit 2014-04-07 12:37 - 2014-04-07 12:37 - 00002360 _____ () C:\Users\Public\Desktop\Canon MX890 series On-screen Manual.lnk 2014-04-07 10:19 - 2014-04-07 10:19 - 00000000 ____D () C:\Users\Harriet\Documents\Print Shop 2014-03-31 22:49 - 2014-03-31 22:49 - 00000000 ____D () C:\Users\Public\Philips 2014-03-31 22:48 - 2014-03-31 22:48 - 00000000 ____D () C:\Users\Harriet\PIMVLibraries 2014-03-26 23:01 - 2014-03-26 23:01 - 00000000 ___RD () C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-26 15:02 - 2014-03-26 15:02 - 00002184 _____ () C:\Users\Public\Desktop\QuickBooks 2014.lnk 2014-03-26 14:58 - 2014-03-26 14:58 - 00000020 ___SH () C:\Users\QBDataServiceUser24\ntuser.ini 2014-03-26 14:58 - 2014-03-26 14:58 - 00000000 ____D () C:\Users\QBDataServiceUser24 2014-03-26 14:58 - 2013-03-19 16:40 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\LocalGoogle 2014-03-26 14:58 - 2013-03-19 16:40 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Local\Google 2014-03-26 14:58 - 2013-01-12 09:29 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Roaming\TuneUp Software 2014-03-26 14:58 - 2011-10-05 03:01 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Local\Microsoft Help 2014-03-26 14:58 - 2011-10-01 10:42 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Roaming\Macromedia 2014-03-26 14:58 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-03-26 14:58 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-03-26 14:54 - 2014-03-26 14:54 - 00000000 ____D () C:\ProgramData\Nuance 2014-03-26 14:41 - 2014-03-26 14:44 - 564386560 _____ (Intuit, Inc. ) C:\Users\Harriet\Desktop\QuickBooksPremier2014.exe 2014-03-26 14:41 - 2014-03-26 14:41 - 00000985 _____ () C:\Users\Harriet\Desktop\Setup_QuickBooksPremier2014.lnk ==================== One Month Modified Files and Folders ======= 2014-04-21 19:16 - 2014-04-21 18:03 - 00000000 ____D () C:\FRST 2014-04-21 15:08 - 2014-04-18 19:49 - 00000384 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0414b_DELETE.job 2014-04-21 15:08 - 2014-04-18 19:48 - 00000514 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0414b.job 2014-04-21 15:08 - 2011-10-01 20:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-21 15:05 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-21 15:05 - 2009-07-14 00:51 - 00250808 _____ () C:\Windows\setupact.log 2014-04-21 13:10 - 2011-10-01 11:58 - 01799889 _____ () C:\Windows\WindowsUpdate.log 2014-04-21 12:58 - 2013-03-24 18:13 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001UA.job 2014-04-21 12:37 - 2013-04-01 18:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-21 12:20 - 2011-10-01 20:59 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-21 11:21 - 2011-11-13 14:42 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\Dropbox 2014-04-21 11:14 - 2013-09-23 14:45 - 00000000 ___RD () C:\Users\Harriet\Google Drive 2014-04-21 11:07 - 2011-10-01 12:00 - 00000000 ___RD () C:\Users\Harriet\Dropbox 2014-04-21 11:06 - 2013-09-02 18:30 - 00001012 _____ () C:\Users\Harriet\Desktop\magicJack.lnk 2014-04-21 11:06 - 2013-09-02 18:30 - 00000998 _____ () C:\Users\Harriet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk 2014-04-21 11:06 - 2011-10-03 13:03 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\mjusbsp 2014-04-21 10:35 - 2009-07-14 00:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-21 10:33 - 2009-07-14 00:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-21 09:57 - 2011-10-03 03:53 - 00437044 _____ () C:\Windows\PFRO.log 2014-04-21 09:54 - 2011-10-01 09:41 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-21 09:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\spool 2014-04-21 03:58 - 2009-07-14 00:45 - 00820224 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-21 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-21 02:52 - 2011-10-03 13:07 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-21 01:58 - 2011-10-01 15:02 - 00000000 ____D () C:\Program Files (x86)\Everything 2014-04-21 01:22 - 2009-07-14 01:13 - 00799758 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-21 00:50 - 2014-04-21 00:50 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-21 00:50 - 2011-10-01 11:49 - 00000000 ____D () C:\Users\Harriet\Documents\pkb 2014-04-20 19:58 - 2013-03-24 18:13 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001Core.job 2014-04-20 11:00 - 2013-12-02 10:45 - 00000000 ____D () C:\Program Files (x86)\PasswordBox 2014-04-18 19:54 - 2014-04-18 19:53 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\Avg_Update_0414b 2014-04-18 19:53 - 2014-04-18 19:49 - 00002808 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0414b 2014-04-18 19:49 - 2014-04-18 19:49 - 00002886 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0414b_DELETE 2014-04-18 19:46 - 2014-04-18 19:34 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b 2014-04-14 14:53 - 2011-10-16 21:29 - 00000000 ____D () C:\Users\Harriet\AppData\Local\CutePDF Writer 2014-04-14 02:33 - 2014-02-09 03:13 - 00000000 ____D () C:\Program Files (x86)\H&R Block Business 2013 2014-04-13 23:24 - 2011-10-01 11:16 - 00000000 ____D () C:\Users\Harriet\Documents\HRBlock 2014-04-13 14:38 - 2011-10-01 11:16 - 00000000 ____D () C:\Users\Harriet\Documents\ken 2014-04-12 22:45 - 2011-10-01 11:11 - 00000000 ____D () C:\Users\Harriet\Documents\Email - Thunderbird 2014-04-10 15:28 - 2011-10-01 11:16 - 00000000 ____D () C:\Users\Harriet\Documents\kulanu 2014-04-10 15:23 - 2011-10-01 20:59 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-10 10:24 - 2011-10-15 00:45 - 00000000 ____D () C:\Program Files (x86)\Real 2014-04-10 10:24 - 2011-10-15 00:44 - 00000000 ____D () C:\ProgramData\Real 2014-04-10 10:23 - 2011-10-15 00:44 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\Real 2014-04-10 10:22 - 2014-04-10 10:21 - 00003380 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001 2014-04-10 10:22 - 2014-04-10 10:21 - 00003250 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001 2014-04-10 10:15 - 2014-04-10 10:15 - 00003358 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001 2014-04-10 10:15 - 2014-04-10 10:15 - 00003228 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001 2014-04-10 04:15 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-04-10 03:23 - 2013-04-01 18:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-04-10 03:06 - 2013-08-08 03:00 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 03:02 - 2011-10-10 07:33 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-09 18:50 - 2011-10-01 20:58 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\Skype 2014-04-09 18:40 - 2013-05-22 11:43 - 00000039 _____ () C:\Windows\Stretch.INI 2014-04-08 13:01 - 2014-04-08 13:01 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Local\Intuit 2014-04-07 14:38 - 2012-02-12 20:50 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\FileZilla 2014-04-07 12:37 - 2014-04-07 12:37 - 00002360 _____ () C:\Users\Public\Desktop\Canon MX890 series On-screen Manual.lnk 2014-04-07 12:35 - 2011-10-01 11:50 - 00000000 ____D () C:\Users\Harriet\Downloads\Canon Printer 2014-04-07 10:19 - 2014-04-07 10:19 - 00000000 ____D () C:\Users\Harriet\Documents\Print Shop 2014-04-07 10:12 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-04-07 02:09 - 2011-10-01 11:49 - 00000000 ____D () C:\Users\Harriet\Documents\sfk 2014-04-04 00:08 - 2012-04-01 16:53 - 00000000 ____D () C:\Users\Harriet\Documents\H&R Block Business 2014-04-03 13:30 - 2012-02-12 20:23 - 00012800 _____ () C:\Users\Harriet\AppData\Roaming\Settings.cfg 2014-04-03 13:30 - 2012-02-12 20:23 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\SiteClasses 2014-03-31 22:55 - 2013-02-24 23:36 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\FreeBurner 2014-03-31 22:49 - 2014-03-31 22:49 - 00000000 ____D () C:\Users\Public\Philips 2014-03-31 22:48 - 2014-03-31 22:48 - 00000000 ____D () C:\Users\Harriet\PIMVLibraries 2014-03-31 22:48 - 2011-10-01 09:13 - 00000000 ____D () C:\Users\Harriet 2014-03-31 09:04 - 2013-10-07 11:33 - 00000971 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-03-27 03:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-03-27 01:15 - 2011-10-01 20:59 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-27 01:15 - 2011-10-01 20:59 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-26 23:01 - 2014-03-26 23:01 - 00000000 ___RD () C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-26 19:53 - 2013-03-24 18:13 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001UA 2014-03-26 19:53 - 2013-03-24 18:13 - 00003498 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001Core 2014-03-26 16:12 - 2011-10-05 23:35 - 00000000 ____D () C:\Users\QBDataServiceUser21.Harriet-Gateway 2014-03-26 15:26 - 2012-06-26 17:49 - 00000000 ____D () C:\Users\Harriet\AppData\Local\MPlayer 2014-03-26 15:24 - 2012-06-26 17:47 - 00000000 ____D () C:\Users\Harriet\.umplayer 2014-03-26 15:05 - 2011-10-01 14:46 - 00280760 _____ () C:\Users\Harriet\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-26 15:02 - 2014-03-26 15:02 - 00002184 _____ () C:\Users\Public\Desktop\QuickBooks 2014.lnk 2014-03-26 15:02 - 2011-10-01 10:40 - 00000000 ____D () C:\Program Files (x86)\Intuit 2014-03-26 15:01 - 2011-10-05 23:40 - 00000000 ____D () C:\Users\Harriet\AppData\Local\Intuit 2014-03-26 15:01 - 2011-10-05 23:05 - 00000000 ____D () C:\Windows\Intuit 2014-03-26 14:58 - 2014-03-26 14:58 - 00000020 ___SH () C:\Users\QBDataServiceUser24\ntuser.ini 2014-03-26 14:58 - 2014-03-26 14:58 - 00000000 ____D () C:\Users\QBDataServiceUser24 2014-03-26 14:58 - 2011-10-05 23:32 - 00000095 _____ () C:\Windows\QBChanUtil_Trigger.ini 2014-03-26 14:54 - 2014-03-26 14:54 - 00000000 ____D () C:\ProgramData\Nuance 2014-03-26 14:54 - 2011-10-01 20:22 - 00000000 ____D () C:\ProgramData\Intuit 2014-03-26 14:52 - 2011-10-01 12:06 - 00000000 ____D () C:\Users\Public\Documents\Intuit 2014-03-26 14:44 - 2014-03-26 14:41 - 564386560 _____ (Intuit, Inc. ) C:\Users\Harriet\Desktop\QuickBooksPremier2014.exe 2014-03-26 14:44 - 2011-10-05 22:49 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\Download Manager 2014-03-26 14:41 - 2014-03-26 14:41 - 00000985 _____ () C:\Users\Harriet\Desktop\Setup_QuickBooksPremier2014.lnk 2014-03-24 22:41 - 2013-04-03 10:45 - 00002525 _____ () C:\Users\Harriet\Desktop\Evernote.lnk 2014-03-24 19:18 - 2011-10-01 11:50 - 00000000 ____D () C:\Users\Harriet\Documents\Wes 2014-03-22 10:33 - 2012-06-26 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\Classic .NET AppPool\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {0edd387a-ec4e-11e0-913c-fbf6065c5258} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {0edd387c-ec4e-11e0-913c-fbf6065c5258} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {0edd387a-ec4e-11e0-913c-fbf6065c5258} nx OptIn Windows Boot Loader ------------------- identifier {0edd387c-ec4e-11e0-913c-fbf6065c5258} device ramdisk=[C:]\Recovery\0edd387c-ec4e-11e0-913c-fbf6065c5258\Winre.wim,{0edd387d-ec4e-11e0-913c-fbf6065c5258} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\0edd387c-ec4e-11e0-913c-fbf6065c5258\Winre.wim,{0edd387d-ec4e-11e0-913c-fbf6065c5258} systemroot \windows nx OptIn winpe Yes Windows Boot Loader ------------------- identifier {572bcd55-ffa7-11d9-aae2-0007e994107d} device ramdisk=[D:]\sources\boot.wim,{ramdiskoptions} path \windows\system32\boot\winload.exe description HP Recovery Manager osdevice ramdisk=[D:]\sources\boot.wim,{ramdiskoptions} systemroot \windows nx OptIn detecthal Yes winpe Yes Resume from Hibernate --------------------- identifier {0edd387a-ec4e-11e0-913c-fbf6065c5258} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes Windows Legacy OS Loader ------------------------ identifier {ntldr} device partition=C: path \ntldr description Earlier Version of Windows EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {0edd387d-ec4e-11e0-913c-fbf6065c5258} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\0edd387c-ec4e-11e0-913c-fbf6065c5258\boot.sdi Device options -------------- identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8} description Ramdisk Device Options ramdisksdidevice partition=D: ramdisksdipath \boot\boot.sdi Setup Ramdisk Options --------------------- identifier {ramdiskoptions} description RAM Disk Settings ramdisksdidevice partition=D: ramdisksdipath \boot\boot.sdi LastRegBack: 2014-04-09 01:54 ==================== End Of Log ============================

I'm not sure that I'm in the right place, since I don't know if my problem is really malware or not. Yesterday my computer was working fine, and I tried to access a web site at least partly in Kenya, safaricom.com, and suddently my computer more or less stopped working. If things worked at all, they were extremely slow. The screen sometimes goes black except for a frozen cursor. Things often freeze, or are so slow that I think they are frozen. One error message I got was this: "The logon process was unable to display security and logon options when ctrl + alt + delete was pressed. If the operating system does not respond, press ESC or restart the computer using the power switch." A thread I found about this error led me to reset the winsock, and I managed to do that in safe mode, and things improved a little bit. After that, at one point I got this error message; "D2MClient.exe - Fatal Error CLR error: 80004005 The program will now terminate" And when I searched on Google for the first line of this message, I found a very helpful thread on this forum labeled " https://forums.malwarebytes.org/index.php?showtopic=143458, where aharonov, a trusted advisor on your forum, seemed to know how to deal with things like this and seemed extraordinarily helpful. I wanted to take the first step he suggested and use the Farbar Recovery Scan Tool (FRST). I downloaded it to a flash drive using a working computer, but so far I can't even open FRST on the non-working computer, even from Safe Mode. Is there some tool available that I can run from a CD or flash drive that will allow me to diagnose or repair this computer? When I start by pressing F8, it gives me an option called "Repair Computer," but I'm afraid to click on this without guidance. This is a Windows 7, 64-bit computer with service pack 1 installed. I also have AVG antivirus free and (I think) Malwarebytes installed and working on this computer. Right now I have the computer open in safe mode with networking, but it seems frozen. (This computer is the main "server" for my small nonprofit organization, and others need to access the files on my hard drive. Earlier today my colleague WAS able to access the files even though the computer wasn't responding on my end - but right now everything seems frozen and the files aren't accessible.) Any advice or help would be very welcome! Thanks for your help! Harriet