Jump to content

TheDelossianKat

Honorary Members
  • Posts

    49
  • Joined

  • Last visited

Reputation

0 Neutral
  1. And last but not least, the FRST and Addition logs. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2014 Ran by Home User (administrator) on USER1-PC on 23-12-2014 15:45:03 Running from C:\Users\Home User\Desktop Loaded Profile: Home User (Available profiles: Home User) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2013-06-05] (AWS Convergence Technologies, Inc.) HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\Run: [PCShowServer] => C:\Users\Home User\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1723760 2014-03-26] (NDS Technologies) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-08-03] (Microsoft Corporation) Startup: C:\Users\Home User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4240435039-800818136-694116991-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50 FireFox: ======== FF ProfilePath: C:\Users\Home User\AppData\Roaming\Mozilla\Firefox\Profiles\9oli1b9k.default FF Homepage: https://www.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4240435039-800818136-694116991-1000: @nds.com/PlayerPlugin -> C:\Users\Home User\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV) FF Plugin HKU\S-1-5-21-4240435039-800818136-694116991-1000: NDS.com/PlayerPlugin -> C:\Users\Home User\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV) FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File CHR Profile: C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-02] CHR Extension: (Google Drive) - C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02] CHR Extension: (YouTube) - C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02] CHR Extension: (Google Search) - C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02] CHR StartMenuInternet: Google Chrome - chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155968 2012-04-18] (Dell Inc.) R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [338944 2012-01-11] (Dell Inc.) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed] R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-23 15:44 - 2014-12-23 15:44 - 00000000 ____D () C:\Users\Home User\Desktop\FRST-OlderVersion 2014-12-23 15:43 - 2014-12-23 15:43 - 00000224 _____ () C:\Users\Home User\Desktop\MyEsetScan.txt 2014-12-23 14:47 - 2014-12-23 14:47 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-23 14:39 - 2014-12-23 14:43 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-12-23 14:39 - 2014-12-23 14:39 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-12-23 14:38 - 2014-12-23 14:34 - 18423384 _____ () C:\Users\Home User\Desktop\RogueKillerX64.exe 2014-12-23 14:38 - 2014-12-23 14:34 - 02347384 _____ (ESET) C:\Users\Home User\Desktop\esetsmartinstaller_enu.exe 2014-12-23 14:35 - 2014-12-23 14:36 - 00000000 ____D () C:\Users\Home User\Desktop\chrome pages (delete after) 2014-12-21 03:49 - 2014-12-21 03:49 - 00000221 _____ () C:\Users\Home User\Desktop\Stopagingnow.com Highest Quality Vitamins, Supplements and Multivitamins.URL 2014-12-19 10:15 - 2014-12-19 10:15 - 00000773 _____ () C:\Users\Home User\Desktop\JRT.txt 2014-12-19 10:12 - 2014-12-19 10:12 - 00000000 ____D () C:\Windows\ERUNT 2014-12-19 10:11 - 2014-12-19 10:10 - 01707646 _____ (Thisisu) C:\Users\Home User\Desktop\JRT.exe 2014-12-19 10:00 - 2014-12-19 10:05 - 00000000 ____D () C:\AdwCleaner 2014-12-19 10:00 - 2014-12-19 09:59 - 02166272 _____ () C:\Users\Home User\Desktop\AdwCleaner.exe 2014-12-18 14:06 - 2014-12-18 14:05 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Home User\Desktop\tdsskiller.exe 2014-12-18 13:58 - 2014-12-18 13:58 - 00025564 _____ () C:\Users\Home User\Desktop\Addition.txt 2014-12-18 13:57 - 2014-12-23 15:45 - 00011507 _____ () C:\Users\Home User\Desktop\FRST.txt 2014-12-18 13:57 - 2014-12-23 15:45 - 00000000 ____D () C:\FRST 2014-12-18 13:56 - 2014-12-23 15:44 - 02122240 _____ (Farbar) C:\Users\Home User\Desktop\FRST64.exe 2014-12-17 21:45 - 2014-12-17 21:45 - 00000108 _____ () C:\Users\Home User\Desktop\5 Natural Lip Balms + Recipes to Make Your Own - Care2 Healthy Living.url 2014-12-17 21:44 - 2014-12-17 21:44 - 00000080 _____ () C:\Users\Home User\Desktop\How to Make Organic Lip Chap Recipe at Home.url 2014-12-14 17:43 - 2014-11-24 16:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-14 17:43 - 2014-11-24 15:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-14 17:43 - 2014-11-24 15:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-14 17:43 - 2014-11-24 15:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-14 17:43 - 2014-11-24 15:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-14 17:43 - 2014-11-24 15:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-14 17:43 - 2014-11-24 15:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-14 17:43 - 2014-11-24 15:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-12-14 17:43 - 2014-11-24 15:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-14 17:43 - 2014-11-24 15:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-12-14 17:43 - 2014-11-24 15:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-14 17:43 - 2014-11-24 15:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-14 17:43 - 2014-11-24 15:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-12-14 17:43 - 2014-11-24 15:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-14 17:43 - 2014-11-24 14:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-14 17:43 - 2014-11-24 14:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-14 17:43 - 2014-11-24 14:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-14 17:43 - 2014-11-24 14:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-14 17:43 - 2014-11-24 14:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-14 17:43 - 2014-11-24 14:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-14 17:43 - 2014-11-24 14:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-14 17:43 - 2014-11-24 14:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-12-14 17:43 - 2014-11-24 14:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-14 17:43 - 2014-11-24 14:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-14 17:43 - 2014-11-24 14:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-14 17:43 - 2014-11-24 14:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-14 17:43 - 2014-11-24 14:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-14 17:43 - 2014-11-24 14:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-14 17:43 - 2014-11-24 14:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-12-14 17:43 - 2014-11-24 14:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-14 17:43 - 2014-11-24 14:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-14 17:43 - 2014-11-24 14:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-14 17:43 - 2014-11-24 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-14 17:43 - 2014-11-24 14:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-14 17:43 - 2014-11-24 14:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-12-14 17:43 - 2014-11-24 14:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-12-14 17:43 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-14 17:43 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-14 17:43 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-14 17:43 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-14 17:43 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-14 17:43 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-14 17:43 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-14 17:43 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-14 17:43 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-14 17:43 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-14 17:43 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-14 17:43 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-14 17:43 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-14 17:43 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-14 17:43 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-14 17:43 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-14 17:43 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-14 17:43 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-14 17:43 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-11 07:54 - 2014-12-11 07:54 - 00000236 _____ () C:\Users\Home User\Desktop\Best battle pet against each species - Forums - World of Warcraft.URL 2014-12-07 21:53 - 2014-12-07 21:53 - 00000268 _____ () C:\Users\Home User\Desktop\Baked, Not Fried Make Doughnuts at Home.URL 2014-12-05 19:32 - 2014-12-05 19:32 - 00000250 _____ () C:\Users\Home User\Desktop\Auctioning for Parts - Quest - World of Warcraft.URL 2014-12-05 19:31 - 2014-12-05 19:31 - 00000258 _____ () C:\Users\Home User\Desktop\Whispering Taladite Pendant - Item - World of Warcraft.URL 2014-12-05 19:31 - 2014-12-05 19:31 - 00000254 _____ () C:\Users\Home User\Desktop\Let Sleeping Pigs Lie.URL 2014-12-05 19:31 - 2014-12-05 19:31 - 00000227 _____ () C:\Users\Home User\Desktop\Leeroy Jenkins - NPC - World of Warcraft.URL 2014-11-28 19:54 - 2014-11-28 19:54 - 00000343 _____ () C:\Users\Home User\Desktop\Furniture & Home Decor Search winsome storage shelf with baskets Wayfair.URL 2014-11-23 17:30 - 2014-11-12 18:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 18514616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-11-23 17:30 - 2014-11-12 18:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00027094 _____ () C:\Windows\system32\nvinfo.pb 2014-11-23 14:51 - 2014-11-23 14:51 - 00039389 _____ () C:\Users\Home User\Desktop\Attachments_20141123.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-23 14:58 - 2014-09-21 12:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-23 14:53 - 2014-08-02 21:48 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-23 14:37 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-23 08:03 - 2014-08-02 23:29 - 00000000 ____D () C:\Users\Home User\AppData\Local\Battle.net 2014-12-23 01:21 - 2014-08-02 21:33 - 01872079 _____ () C:\Windows\WindowsUpdate.log 2014-12-22 22:53 - 2014-08-02 21:48 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-22 21:53 - 2014-08-03 02:03 - 00000000 ____D () C:\Users\Home User\AppData\Local\WeatherBug 2014-12-22 18:11 - 2014-08-02 21:55 - 00000000 ____D () C:\ProgramData\MFAData 2014-12-22 06:29 - 2009-07-13 22:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-22 06:29 - 2009-07-13 22:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-21 03:53 - 2014-08-10 16:22 - 01119305 _____ () C:\lm.log 2014-12-21 03:53 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-21 03:53 - 2009-07-13 22:51 - 00038893 _____ () C:\Windows\setupact.log 2014-12-19 10:05 - 2014-08-02 22:11 - 00103240 _____ () C:\Windows\PFRO.log 2014-12-19 09:49 - 2014-08-03 00:56 - 00000000 ____D () C:\Users\Home User\AppData\Local\Deployment 2014-12-18 18:33 - 2014-08-03 02:05 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2014-12-18 13:42 - 2014-08-02 22:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-15 08:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache 2014-12-14 17:45 - 2014-08-02 22:54 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-14 17:44 - 2014-08-02 22:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 18:12 - 2014-08-02 23:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-12-10 14:10 - 2014-08-02 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-10 14:10 - 2014-08-02 22:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-10 13:53 - 2014-08-02 22:34 - 00111040 _____ () C:\Users\Home User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-10 13:52 - 2014-08-03 19:31 - 00001254 ____H () C:\Windows\EPMBatch.ept 2014-12-09 22:58 - 2014-09-21 12:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-09 22:58 - 2014-08-03 00:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-09 22:58 - 2014-08-03 00:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-30 20:46 - 2014-08-09 16:48 - 00000000 ____D () C:\Users\Home User\AppData\Roaming\Ventrilo 2014-11-29 20:36 - 2014-08-09 08:49 - 00000000 ____D () C:\Users\Home User\Desktop\My Current Tabs 2014-11-23 17:31 - 2014-10-23 18:18 - 00000000 ____D () C:\ProgramData\NVIDIA Some content of TEMP: ==================== C:\Users\Home User\AppData\Local\Temp\dllnt_dump.dll C:\Users\Home User\AppData\Local\Temp\Quarantine.exe C:\Users\Home User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 08:32 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2014 Ran by Home User at 2014-12-23 15:45:20 Running from C:\Users\Home User\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies) AVG 2014 (Version: 14.0.4253 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP) Curse Client (HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.) DIRECTV Player (HKLM-x32\...\{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}) (Version: 10.0 - DIRECTV) Dropbox (HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) EaseUS Partition Master 9.1.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version: - EaseUS) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) EVGA Precision X 3.0.4 (HKLM-x32\...\PrecisionX) (Version: 3.0.4 - EVGA Corporation) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 26.0.1410.40 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WeatherBug (HKLM-x32\...\{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}) (Version: 7.0.0.12 - Earth Networks, Inc.) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{b4d52def-c38f-492b-8d67-71958d000db0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\Home User\AppData\Local\DIRECTV Player\win64\npPlayerPlugin.dll (DIRECTV) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2DE2F824-F27C-4126-9FAF-C2AB981602AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.) Task: {78C5E2AA-1ED8-40AA-B459-CA077ABF1C33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.) Task: {8165713D-8817-4FE8-BA7D-AFF344D53EDD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {ADBEB764-00E1-4B3D-97E8-B2A4CC034334} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-23 18:18 - 2014-11-12 15:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-08-10 15:53 - 2011-02-28 16:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll 2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 20:38 - 2010-03-24 20:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Home User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: DLPSP => "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" MSCONFIG\startupreg: DLQLU => "C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" /S MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s ========================= Accounts: ========================== Administrator (S-1-5-21-4240435039-800818136-694116991-500 - Administrator - Disabled) Guest (S-1-5-21-4240435039-800818136-694116991-501 - Limited - Enabled) Home User (S-1-5-21-4240435039-800818136-694116991-1000 - Administrator - Enabled) => C:\Users\Home User ==================== Faulty Device Manager Devices ============= Name: F:\ Description: Cruzer Glide Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: SanDisk Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (12/23/2014 02:47:30 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/23/2014 02:47:28 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/23/2014 02:47:28 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/23/2014 02:38:33 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/23/2014 02:38:21 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (12/19/2014 10:15:49 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/19/2014 10:15:19 AM) (Source: Disk) (EventID: 15) (User: ) Description: The device, \Device\Harddisk1\DR1, is not ready for access yet. Error: (12/19/2014 10:15:19 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (12/19/2014 10:15:19 AM) (Source: Disk) (EventID: 15) (User: ) Description: The device, \Device\Harddisk1\DR1, is not ready for access yet. Error: (12/19/2014 10:15:19 AM) (Source: Disk) (EventID: 15) (User: ) Description: The device, \Device\Harddisk1\DR1, is not ready for access yet. Error: (12/19/2014 10:15:19 AM) (Source: Disk) (EventID: 15) (User: ) Description: The device, \Device\Harddisk1\DR1, is not ready for access yet. Error: (12/19/2014 10:15:19 AM) (Source: Disk) (EventID: 15) (User: ) Description: The device, \Device\Harddisk1\DR1, is not ready for access yet. Error: (12/19/2014 10:15:19 AM) (Source: Disk) (EventID: 15) (User: ) Description: The device, \Device\Harddisk1\DR1, is not ready for access yet. Microsoft Office Sessions: ========================= Error: (12/23/2014 02:47:30 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Home User\Desktop\esetsmartinstaller_enu.exe Error: (12/23/2014 02:47:28 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Home User\Desktop\esetsmartinstaller_enu.exe Error: (12/23/2014 02:47:28 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Home User\Desktop\esetsmartinstaller_enu.exe Error: (12/23/2014 02:38:33 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Home User\Desktop\esetsmartinstaller_enu.exe Error: (12/23/2014 02:38:21 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\esetsmartinstaller_enu.exe ==================== Memory info =========================== Processor: Intel® Core i5-4570 CPU @ 3.20GHz Percentage of memory in use: 29% Total physical RAM: 8120 MB Available physical RAM: 5735.35 MB Total Pagefile: 16238.17 MB Available Pagefile: 14538.22 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Sys) (Fixed) (Total:111.79 GB) (Free:35.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:10.82 GB) (Free:8.72 GB) NTFS Drive e: (Ent) (Fixed) (Total:108.42 GB) (Free:108.06 GB) NTFS Drive f: () (Removable) (Total:29.82 GB) (Free:29.65 GB) NTFS Drive n: (HUION PEN TABLET) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 333F333F) Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 119.2 GB) (Disk ID: 33803380) Partition 1: (Not Active) - (Size=119.2 GB) - (Type=OF Extended) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  2. The ESET scan thing is very small. C:\Users\Home User\Downloads\WeatherBugSetup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application C:\Windows\Installer\9564d.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
  3. Here's the RogueKiller report. (I've also noticed the icon for RogueKiller looks like the tri-force from Legend of Zelda.) RogueKiller V10.1.1.0 (x64) [Dec 23 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Home User [Administrator] Mode : Scan -- Date : 12/23/2014 14:44:38 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 16 ¤¤¤ [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4240435039-800818136-694116991-1000\Software\Microsoft\Windows\CurrentVersion\Run | PCShowServer : "C:\Users\Home User\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" -> Found [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4240435039-800818136-694116991-1000\Software\Microsoft\Windows\CurrentVersion\Run | PCShowServer : "C:\Users\Home User\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4240435039-800818136-694116991-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4240435039-800818136-694116991-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ECC50803-C79E-4BE1-84C7-8076E2B63524} | DhcpNameServer : 24.116.0.53 24.116.2.50 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ECC50803-C79E-4BE1-84C7-8076E2B63524} | DhcpNameServer : 24.116.0.53 24.116.2.50 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ECC50803-C79E-4BE1-84C7-8076E2B63524} | DhcpNameServer : 24.116.0.53 24.116.2.50 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4240435039-800818136-694116991-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4240435039-800818136-694116991-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] 9oli1b9k.default : user_pref("browser.startup.homepage", "https://www.yahoo.com/");-> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Crucial_CT120M500SSD1 ATA Device +++++ --- User --- [MBR] c1f0720b34a6c7bf5a6e40d3b93e3e0a [bSP] 7aff21572753f550f05f97e727ee2ff6 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 114470 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ADATA SP600 ATA Device +++++ --- User --- [MBR] 87e31136ea09579d24952d4dde2bbefa [bSP] 33d33974fc3d094ef0ffbb4a63b043ba : Empty MBR Code Partition table: 0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 122095 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: SanDisk Cruzer Glide USB Device +++++ --- User --- [MBR] b3169cd56c9e49d4b1173929c20bb91f [bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 30531 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_SCN_12232014_144110.log
  4. Also, I forgot to mention, when the E: and D: drive disappeared, they disappeared after Junkware Removal Tool. (My mom tried to save a picture in My Pictures, but E: drive wasn't there so she couldn't.) Sorry for double post.
  5. Unfortunately I am unable to follow the instructions on her computer on the weekends, because she's on her computer all day on the weekends. I'll try to find an opportunity today and tomorrow though!
  6. During the scan with JRT while it was Checking things, I heard the sound of the computer just logging in from a restart, so I turned around and noticed the little icons at the bottom right of the Task Bar were reloading up, and the JRT application was moved a little bit. I also had to restart explorer.exe because AVG wasn't showing in the System Tray, but afterwards, I noticed the D: and E: drive weren't appearing. Otherwise, the scan went smoothly. Here's the log! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Professional x64 Ran by Home User on Fri 12/19/2014 at 10:12:49.17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Home User\AppData\Roaming\mozilla\firefox\profiles\9oli1b9k.default\minidumps [10 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 12/19/2014 at 10:15:20.23 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. Nothing went wrong during this, it's just I had to save the Word document to the Desktop to reopen it later. Anyways, here's the ADWCleaner log. # AdwCleaner v4.105 - Report created 19/12/2014 at 10:05:09 # Updated 08/12/2014 by Xplode # Database : 2014-12-16.1 [Live] # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Home User - USER1-PC # Running from : C:\Users\Home User\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A} Key Deleted : HKCU\Software\APN PIP ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16599 -\\ Mozilla Firefox v27.0.1 (en-US) -\\ Google Chrome v26.0.1410.40 [C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo [C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg [C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl [C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej [C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl [C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc [C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc [C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : geggofhlfbcmanadhknllmlajiafopoh ************************* AdwCleaner[R0].txt - [2387 octets] - [19/12/2014 10:01:29] AdwCleaner[s0].txt - [2285 octets] - [19/12/2014 10:05:09] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2345 octets] ##########
  8. When I was uninstall PrimoPDF Packages, it told me something along the lines of "I had already uninstalled this thing" then it disappeared from the list. But there was something above it with the same name, but with an added "-- Brought to you by Nitro PDF Software". Should I uninstall that, also? Also, throughout the Fixing process in FRST, there was constant lagging, so it took quite a bit to Fix. It also automatically restarted the computer when the scan was finished. (Luckily Microsoft Word saved a restore point.) Anyways, next log is on the way. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014 Ran by Home User at 2014-12-19 09:09:29 Run:1 Running from C:\Users\Home User\Desktop Loaded Profile: Home User (Available profiles: Home User) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CreateRestorePoint: HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\MountPoints2: {5f6090c8-1d0a-11e4-b0b8-806e6f6e6963} - N:\Setup.exe HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\MountPoints2: {6f1dc66f-3306-11e4-b486-448a5b5db64f} - H:\HTC_Sync_Manager_PC.exe SearchScopes: HKU\S-1-5-21-4240435039-800818136-694116991-1000 -> DefaultScope {6748AD7E-B399-4C61-B752-A9E93BE0B4A6} URL = http://astromenda.co...=1900028099&ir= SearchScopes: HKU\S-1-5-21-4240435039-800818136-694116991-1000 -> {6748AD7E-B399-4C61-B752-A9E93BE0B4A6} URL = http://astromenda.co...=1900028099&ir= FF DefaultSearchEngine: Astromenda FF SelectedSearchEngine: Astromenda FF Homepage: www.yahoo.com S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] 2014-12-14 17:47 - 2014-10-23 12:31 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} C:\Users\Home User\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Home User\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Home User\AppData\Local\Temp\nvStInst.exe CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\icmp.dll (Microsoft Corporation) CMD: ipconfig /flushdns CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: end ***************** Error: (0) Failed to create a restore point. "HKU\S-1-5-21-4240435039-800818136-694116991-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f6090c8-1d0a-11e4-b0b8-806e6f6e6963}" => Key deleted successfully. "HKCR\CLSID\{5f6090c8-1d0a-11e4-b0b8-806e6f6e6963}" => Key not found. "HKU\S-1-5-21-4240435039-800818136-694116991-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f1dc66f-3306-11e4-b486-448a5b5db64f}" => Key deleted successfully. "HKCR\CLSID\{6f1dc66f-3306-11e4-b486-448a5b5db64f}" => Key not found. HKU\S-1-5-21-4240435039-800818136-694116991-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-4240435039-800818136-694116991-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6748AD7E-B399-4C61-B752-A9E93BE0B4A6}" => Key deleted successfully. "HKCR\CLSID\{6748AD7E-B399-4C61-B752-A9E93BE0B4A6}" => Key not found. Firefox DefaultSearchEngine deleted successfully. Firefox SelectedSearchEngine deleted successfully. Firefox homepage deleted successfully. MSICDSetup => Service deleted successfully. NTIOLib_1_0_C => Service deleted successfully. "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" directory move: Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a" => Scheduled to move on reboot. Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\icmp.dll" => Scheduled to move on reboot. Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\uosoegs.tmp" => Scheduled to move on reboot. Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" directory. => Scheduled to move on reboot. C:\Users\Home User\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully. C:\Users\Home User\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully. C:\Users\Home User\AppData\Local\Temp\nvStInst.exe => Moved successfully. "HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => Key deleted successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reseting Global, OK! Reseting Interface, OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reseting Interface, OK! Restart the computer to complete this action. ========= End of CMD: ========= EmptyTemp: => Removed 19.9 GB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-19 09:54:54)<= C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a => Is moved successfully. C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\icmp.dll => Is moved successfully. C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\uosoegs.tmp => Is moved successfully. C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Is moved successfully. ==== End of Fixlog ====
  9. Finally, the final log from TDSSKiller. Actually, when I was changing the options to Skip, I noticed one of the detections said something about Weatherbug. Weatherbug is something she installed on purpose, and, if these detections are going to end up being removed, I wouldn't want her to get mad over having Weatherbug uninstalled. (Because I don't know which version it is, but it's not the current version because it's very messy just not good.) TDSSKiller.3.0.0.42_18.12.2014_14.06.22_log.txt
  10. My mom tends to have a lot of different windows open while she's not home, so I hope that doesn't interfere. (Although, may I make an assumption that that may be part of the problem?) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 Ran by Home User (administrator) on USER1-PC on 18-12-2014 13:57:46 Running from C:\Users\Home User\Desktop Loaded Profile: Home User (Available profiles: Home User) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (NDS Technologies) C:\Users\Home User\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (Curse) C:\Users\Home User\AppData\Local\Apps\2.0\4RWBH240.VO9\46OQK5GO.ORO\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe () C:\Users\Home User\AppData\Local\DIRECTV Player\NDSPCShowServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2013-06-05] (AWS Convergence Technologies, Inc.) HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\Run: [PCShowServer] => C:\Users\Home User\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1723760 2014-03-26] (NDS Technologies) HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\MountPoints2: {5f6090c8-1d0a-11e4-b0b8-806e6f6e6963} - N:\Setup.exe HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\MountPoints2: {6f1dc66f-3306-11e4-b486-448a5b5db64f} - H:\HTC_Sync_Manager_PC.exe HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-08-03] (Microsoft Corporation) Startup: C:\Users\Home User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4240435039-800818136-694116991-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKU\S-1-5-21-4240435039-800818136-694116991-1000 -> DefaultScope {6748AD7E-B399-4C61-B752-A9E93BE0B4A6} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_35_ff&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0ByD0D0ByCyE0Fzy0FtDyBtN0D0Tzu0SzyyBtBtN1L2XzutAtFtBtFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzz0FzztD0EyByCtGyDzztDtBtGyD0AzztCtG0C0A0FtDtGtC0E0CtDyEtAzy0CyB0BtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0A0A0E0DyB0ByBtG0C0Ezy0BtGyE0DtByEtGzy0CyCtAtGtA0E0D0C0FyEyE0Fzzzy0C0F2Q&cr=1900028099&ir= SearchScopes: HKU\S-1-5-21-4240435039-800818136-694116991-1000 -> {6748AD7E-B399-4C61-B752-A9E93BE0B4A6} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_35_ff&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0ByD0D0ByCyE0Fzy0FtDyBtN0D0Tzu0SzyyBtBtN1L2XzutAtFtBtFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzz0FzztD0EyByCtGyDzztDtBtGyD0AzztCtG0C0A0FtDtGtC0E0CtDyEtAzy0CyB0BtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0A0A0E0DyB0ByBtG0C0Ezy0BtGyE0DtByEtGzy0CyCtAtGtA0E0D0C0FyEyE0Fzzzy0C0F2Q&cr=1900028099&ir= BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50 FireFox: ======== FF ProfilePath: C:\Users\Home User\AppData\Roaming\Mozilla\Firefox\Profiles\9oli1b9k.default FF DefaultSearchEngine: Astromenda FF SelectedSearchEngine: Astromenda FF Homepage: www.yahoo.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4240435039-800818136-694116991-1000: @nds.com/PlayerPlugin -> C:\Users\Home User\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV) FF Plugin HKU\S-1-5-21-4240435039-800818136-694116991-1000: NDS.com/PlayerPlugin -> C:\Users\Home User\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV) FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File CHR Profile: C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-02] CHR Extension: (Google Drive) - C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02] CHR Extension: (YouTube) - C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02] CHR Extension: (Google Search) - C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02] CHR Extension: (Gmail) - C:\Users\Home User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02] CHR StartMenuInternet: Google Chrome - chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155968 2012-04-18] (Dell Inc.) R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [338944 2012-01-11] (Dell Inc.) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed] R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-18 13:57 - 2014-12-18 13:57 - 00014017 _____ () C:\Users\Home User\Desktop\FRST.txt 2014-12-18 13:57 - 2014-12-18 13:57 - 00000000 ____D () C:\FRST 2014-12-18 13:56 - 2014-12-18 13:55 - 02121216 _____ (Farbar) C:\Users\Home User\Desktop\FRST64.exe 2014-12-17 21:45 - 2014-12-17 21:45 - 00000108 _____ () C:\Users\Home User\Desktop\5 Natural Lip Balms + Recipes to Make Your Own - Care2 Healthy Living.url 2014-12-17 21:44 - 2014-12-17 21:44 - 00000080 _____ () C:\Users\Home User\Desktop\How to Make Organic Lip Chap Recipe at Home.url 2014-12-14 17:43 - 2014-11-24 16:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-14 17:43 - 2014-11-24 15:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-14 17:43 - 2014-11-24 15:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-14 17:43 - 2014-11-24 15:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-14 17:43 - 2014-11-24 15:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-14 17:43 - 2014-11-24 15:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-14 17:43 - 2014-11-24 15:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-14 17:43 - 2014-11-24 15:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-12-14 17:43 - 2014-11-24 15:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-14 17:43 - 2014-11-24 15:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-12-14 17:43 - 2014-11-24 15:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-12-14 17:43 - 2014-11-24 15:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-14 17:43 - 2014-11-24 15:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-14 17:43 - 2014-11-24 15:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-12-14 17:43 - 2014-11-24 15:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-14 17:43 - 2014-11-24 14:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-14 17:43 - 2014-11-24 14:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-14 17:43 - 2014-11-24 14:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-14 17:43 - 2014-11-24 14:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-14 17:43 - 2014-11-24 14:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-14 17:43 - 2014-11-24 14:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-14 17:43 - 2014-11-24 14:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-14 17:43 - 2014-11-24 14:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-12-14 17:43 - 2014-11-24 14:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-14 17:43 - 2014-11-24 14:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-14 17:43 - 2014-11-24 14:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-14 17:43 - 2014-11-24 14:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-14 17:43 - 2014-11-24 14:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-14 17:43 - 2014-11-24 14:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-14 17:43 - 2014-11-24 14:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-12-14 17:43 - 2014-11-24 14:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-14 17:43 - 2014-11-24 14:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-14 17:43 - 2014-11-24 14:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-14 17:43 - 2014-11-24 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-14 17:43 - 2014-11-24 14:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-14 17:43 - 2014-11-24 14:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-12-14 17:43 - 2014-11-24 14:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-12-14 17:43 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-14 17:43 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-14 17:43 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-14 17:43 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-14 17:43 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-14 17:43 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-14 17:43 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-14 17:43 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-14 17:43 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-14 17:43 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-14 17:43 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-14 17:43 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-14 17:43 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-14 17:43 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-14 17:43 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-14 17:43 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-14 17:43 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-14 17:43 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-14 17:43 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-11 07:54 - 2014-12-11 07:54 - 00000236 _____ () C:\Users\Home User\Desktop\Best battle pet against each species - Forums - World of Warcraft.URL 2014-12-07 21:53 - 2014-12-07 21:53 - 00000268 _____ () C:\Users\Home User\Desktop\Baked, Not Fried Make Doughnuts at Home.URL 2014-12-05 19:32 - 2014-12-05 19:32 - 00000250 _____ () C:\Users\Home User\Desktop\Auctioning for Parts - Quest - World of Warcraft.URL 2014-12-05 19:31 - 2014-12-05 19:31 - 00000258 _____ () C:\Users\Home User\Desktop\Whispering Taladite Pendant - Item - World of Warcraft.URL 2014-12-05 19:31 - 2014-12-05 19:31 - 00000254 _____ () C:\Users\Home User\Desktop\Let Sleeping Pigs Lie.URL 2014-12-05 19:31 - 2014-12-05 19:31 - 00000227 _____ () C:\Users\Home User\Desktop\Leeroy Jenkins - NPC - World of Warcraft.URL 2014-11-28 19:54 - 2014-11-28 19:54 - 00000343 _____ () C:\Users\Home User\Desktop\Furniture & Home Decor Search winsome storage shelf with baskets Wayfair.URL 2014-11-23 17:30 - 2014-11-12 18:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 18514616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-11-23 17:30 - 2014-11-12 18:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-11-23 17:30 - 2014-11-12 18:20 - 00027094 _____ () C:\Windows\system32\nvinfo.pb 2014-11-23 14:51 - 2014-11-23 14:51 - 00039389 _____ () C:\Users\Home User\Desktop\Attachments_20141123.zip 2014-11-22 20:57 - 2014-11-22 20:57 - 00000180 _____ () C:\Users\Home User\Desktop\GuildRecruitment.txt 2014-11-22 20:55 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-22 20:55 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-22 20:55 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-22 20:55 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-22 20:55 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-22 20:55 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-18 13:58 - 2014-09-21 12:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-18 13:53 - 2014-08-02 21:48 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-18 13:51 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-18 13:48 - 2009-07-13 22:51 - 00038221 _____ () C:\Windows\setupact.log 2014-12-18 13:47 - 2009-07-13 22:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-18 13:47 - 2009-07-13 22:45 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-18 13:42 - 2014-08-02 22:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-18 13:24 - 2014-08-03 00:56 - 00000000 ____D () C:\Users\Home User\AppData\Local\Deployment 2014-12-18 13:08 - 2014-08-02 23:29 - 00000000 ____D () C:\Users\Home User\AppData\Local\Battle.net 2014-12-18 03:48 - 2014-08-02 21:33 - 01773995 _____ () C:\Windows\WindowsUpdate.log 2014-12-17 22:53 - 2014-08-02 21:48 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-17 17:59 - 2014-08-03 02:03 - 00000000 ____D () C:\Users\Home User\AppData\Local\WeatherBug 2014-12-17 17:30 - 2014-08-02 21:55 - 00000000 ____D () C:\ProgramData\MFAData 2014-12-15 08:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache 2014-12-14 17:47 - 2014-10-23 12:31 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2014-12-14 17:46 - 2014-08-10 16:22 - 01119037 _____ () C:\lm.log 2014-12-14 17:46 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-14 17:45 - 2014-08-02 22:54 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-14 17:44 - 2014-08-02 22:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 18:12 - 2014-08-02 23:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-12-10 14:10 - 2014-08-02 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-10 14:10 - 2014-08-02 22:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-10 13:53 - 2014-08-02 22:34 - 00111040 _____ () C:\Users\Home User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-10 13:52 - 2014-08-03 19:31 - 00001254 ____H () C:\Windows\EPMBatch.ept 2014-12-09 22:58 - 2014-09-21 12:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-09 22:58 - 2014-08-03 00:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-09 22:58 - 2014-08-03 00:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-03 19:30 - 2014-08-03 02:05 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2014-11-30 20:46 - 2014-08-09 16:48 - 00000000 ____D () C:\Users\Home User\AppData\Roaming\Ventrilo 2014-11-29 20:36 - 2014-08-09 08:49 - 00000000 ____D () C:\Users\Home User\Desktop\My Current Tabs 2014-11-23 17:31 - 2014-10-23 18:18 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-21 06:14 - 2014-08-02 22:24 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-21 06:14 - 2014-08-02 22:24 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-08-02 22:24 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Home User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjjsqoq.dll C:\Users\Home User\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Home User\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Home User\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 08:32 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014 Ran by Home User at 2014-12-18 13:58:02 Running from C:\Users\Home User\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies) AVG 2014 (Version: 14.0.4235 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP) Curse Client (HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.) DIRECTV Player (HKLM-x32\...\{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}) (Version: 10.0 - DIRECTV) Dropbox (HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) EaseUS Partition Master 9.1.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version: - EaseUS) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) EVGA Precision X 3.0.4 (HKLM-x32\...\PrecisionX) (Version: 3.0.4 - EVGA Corporation) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 26.0.1410.40 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) PrimoPDF Packages (HKU\S-1-5-21-4240435039-800818136-694116991-1000\...\PrimoPDF Packages) (Version: - ) <==== ATTENTION Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WeatherBug (HKLM-x32\...\{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}) (Version: 7.0.0.12 - Earth Networks, Inc.) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{b4d52def-c38f-492b-8d67-71958d000db0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\Home User\AppData\Local\DIRECTV Player\win64\npPlayerPlugin.dll (DIRECTV) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\icmp.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4240435039-800818136-694116991-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2DE2F824-F27C-4126-9FAF-C2AB981602AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.) Task: {78C5E2AA-1ED8-40AA-B459-CA077ABF1C33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.) Task: {8165713D-8817-4FE8-BA7D-AFF344D53EDD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {ADBEB764-00E1-4B3D-97E8-B2A4CC034334} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-10 15:53 - 2011-02-28 16:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll 2014-10-23 18:18 - 2014-11-12 15:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 20:38 - 2010-03-24 20:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-10-09 14:23 - 2014-10-09 14:23 - 00016384 ____N () C:\Users\Home User\AppData\Local\Apps\2.0\4RWBH240.VO9\46OQK5GO.ORO\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll 2014-08-03 00:56 - 2014-08-03 00:56 - 00035840 _____ () C:\Users\Home User\AppData\Local\Apps\2.0\4RWBH240.VO9\46OQK5GO.ORO\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll 2014-10-09 14:23 - 2014-10-09 14:23 - 00099840 ____N () C:\Users\Home User\AppData\Local\Apps\2.0\4RWBH240.VO9\46OQK5GO.ORO\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll 2014-03-26 17:41 - 2014-03-26 17:41 - 01523560 _____ () C:\Users\Home User\AppData\Local\DIRECTV Player\NDSPCShowServer.exe 2014-08-09 11:52 - 2013-09-27 09:47 - 00205824 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\DLHLSZLS-1.XRS 2014-08-09 11:52 - 2013-09-27 09:47 - 00002560 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\DLHLSZLT-1.XRS 2014-03-26 17:41 - 2014-03-26 17:41 - 05979488 _____ () C:\Users\Home User\AppData\Local\DIRECTV Player\PCShowServer.dll 2014-03-26 17:41 - 2014-03-26 17:41 - 03261280 _____ () C:\Users\Home User\AppData\Local\DIRECTV Player\DrmSingleton.dll 2014-03-26 17:42 - 2014-03-26 17:42 - 00338784 _____ () C:\Users\Home User\AppData\Local\DIRECTV Player\ndsLogStore.dll 2014-03-26 17:41 - 2014-03-26 17:41 - 02229096 _____ () C:\Users\Home User\AppData\Local\DIRECTV Player\DiscoveryManager.dll 2014-03-26 17:41 - 2014-03-26 17:41 - 00689000 _____ () C:\Users\Home User\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll 2014-03-26 17:41 - 2014-03-26 17:41 - 01403224 _____ () C:\Users\Home User\AppData\Local\DIRECTV Player\libxml2-2.dll 2014-03-26 17:42 - 2014-03-26 17:42 - 00091976 _____ () C:\Users\Home User\AppData\Local\DIRECTV Player\z.dll 2014-03-26 17:41 - 2014-03-26 17:41 - 00060272 _____ () C:\Users\Home User\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll 2014-03-26 17:41 - 2014-03-26 17:41 - 00043880 _____ () C:\Users\Home User\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll 2014-03-26 17:41 - 2014-03-26 17:41 - 00205672 _____ () C:\Users\Home User\AppData\Local\DIRECTV Player\libgstbase-0.10.dll 2014-03-26 17:41 - 2014-03-26 17:41 - 07730016 _____ () C:\Users\Home User\AppData\Local\DIRECTV Player\gsttspplugin.dll 2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2014-08-02 22:31 - 2014-02-12 18:36 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-12-09 22:58 - 2014-12-09 22:58 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Home User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: DLPSP => "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" MSCONFIG\startupreg: DLQLU => "C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" /S MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s ========================= Accounts: ========================== Administrator (S-1-5-21-4240435039-800818136-694116991-500 - Administrator - Disabled) Guest (S-1-5-21-4240435039-800818136-694116991-501 - Limited - Enabled) Home User (S-1-5-21-4240435039-800818136-694116991-1000 - Administrator - Enabled) => C:\Users\Home User ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/11/2014 07:53:27 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program World of Warcraft Launcher.exe version 1.11.4.2369 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 23ec Start Time: 01d0154999079789 Termination Time: 0 Application Path: C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe Report Id: Error: (12/10/2014 10:11:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: avgidsagent.exe, version: 14.0.0.4765, time stamp: 0x53fb04f3 Faulting module name: avgidsagent.exe, version: 14.0.0.4765, time stamp: 0x53fb04f3 Exception code: 0xc0000005 Fault offset: 0x0006c640 Faulting process id: 0x4cc0 Faulting application start time: 0xavgidsagent.exe0 Faulting application path: avgidsagent.exe1 Faulting module path: avgidsagent.exe2 Report Id: avgidsagent.exe3 Error: (12/10/2014 08:00:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: avgidsagent.exe, version: 14.0.0.4765, time stamp: 0x53fb04f3 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id: 0x3fe8 Faulting application start time: 0xavgidsagent.exe0 Faulting application path: avgidsagent.exe1 Faulting module path: avgidsagent.exe2 Report Id: avgidsagent.exe3 Error: (12/10/2014 07:59:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: avgidsagent.exe, version: 14.0.0.4765, time stamp: 0x53fb04f3 Faulting module name: avgidsagent.exe, version: 14.0.0.4765, time stamp: 0x53fb04f3 Exception code: 0xc0000005 Fault offset: 0x000cba03 Faulting process id: 0x3fe8 Faulting application start time: 0xavgidsagent.exe0 Faulting application path: avgidsagent.exe1 Faulting module path: avgidsagent.exe2 Report Id: avgidsagent.exe3 Error: (12/10/2014 06:29:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: avgidsagent.exe, version: 14.0.0.4765, time stamp: 0x53fb04f3 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x00033ac3 Faulting process id: 0x7f0 Faulting application start time: 0xavgidsagent.exe0 Faulting application path: avgidsagent.exe1 Faulting module path: avgidsagent.exe2 Report Id: avgidsagent.exe3 Error: (12/10/2014 06:06:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: avgidsagent.exe, version: 14.0.0.4765, time stamp: 0x53fb04f3 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x00033ac3 Faulting process id: 0x7f0 Faulting application start time: 0xavgidsagent.exe0 Faulting application path: avgidsagent.exe1 Faulting module path: avgidsagent.exe2 Report Id: avgidsagent.exe3 Error: (12/05/2014 07:45:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Weather.exe version 6.8.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f64 Start Time: 01d010f624e2740e Termination Time: 0 Application Path: C:\Program Files (x86)\AWS\WeatherBug\Weather.exe Report Id: 9a097971-7ce9-11e4-b8dd-448a5b5db64f Error: (12/04/2014 09:10:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 26.0.1410.40 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 5394 Start Time: 01d00c2ef716ba38 Termination Time: 144 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: Error: (11/23/2014 04:05:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 27.0.1.5156, time stamp: 0x52fc0fcf Faulting module name: mozalloc.dll, version: 27.0.1.5156, time stamp: 0x52fbe972 Exception code: 0x80000003 Fault offset: 0x0000119c Faulting process id: 0x2d90 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (10/31/2014 03:53:52 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_esa.cab. Verify that the file exists and that you can access it. System errors: ============= Error: (12/18/2014 00:51:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (12/18/2014 00:51:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (12/18/2014 00:51:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (12/18/2014 00:51:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (12/18/2014 00:51:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (12/18/2014 00:51:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (12/18/2014 00:51:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (12/18/2014 00:51:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (12/18/2014 00:51:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (12/18/2014 00:50:33 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Microsoft Office Sessions: ========================= Error: (12/11/2014 07:53:27 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: World of Warcraft Launcher.exe1.11.4.236923ec01d01549990797890C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe Error: (12/10/2014 10:11:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: avgidsagent.exe14.0.0.476553fb04f3avgidsagent.exe14.0.0.476553fb04f3c00000050006c6404cc001d01481b06eb182C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe2a6c3afc-8087-11e4-b8dd-448a5b5db64f Error: (12/10/2014 08:00:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: avgidsagent.exe14.0.0.476553fb04f3ntdll.dll6.1.7601.18247521ea8e7c00000050002e3be3fe801d01477cc1fca7cC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Windows\SysWOW64\ntdll.dllddd7c724-8074-11e4-b8dd-448a5b5db64f Error: (12/10/2014 07:59:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: avgidsagent.exe14.0.0.476553fb04f3avgidsagent.exe14.0.0.476553fb04f3c0000005000cba033fe801d01477cc1fca7cC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exed18eefe3-8074-11e4-b8dd-448a5b5db64f Error: (12/10/2014 06:29:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: avgidsagent.exe14.0.0.476553fb04f3ntdll.dll6.1.7601.18247521ea8e7c000000500033ac37f001d010f62253d9a3C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Windows\SysWOW64\ntdll.dll2d09f768-8068-11e4-b8dd-448a5b5db64f Error: (12/10/2014 06:06:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: avgidsagent.exe14.0.0.476553fb04f3ntdll.dll6.1.7601.18247521ea8e7c000000500033ac37f001d010f62253d9a3C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Windows\SysWOW64\ntdll.dllfb5788de-8064-11e4-b8dd-448a5b5db64f Error: (12/05/2014 07:45:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Weather.exe6.8.0.9f6401d010f624e2740e0C:\Program Files (x86)\AWS\WeatherBug\Weather.exe9a097971-7ce9-11e4-b8dd-448a5b5db64f Error: (12/04/2014 09:10:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: chrome.exe26.0.1410.40539401d00c2ef716ba38144C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Error: (11/23/2014 04:05:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe27.0.1.515652fc0fcfmozalloc.dll27.0.1.515652fbe972800000030000119c2d9001d006e77da41843C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle12a0484-735c-11e4-bdb3-448a5b5db64f Error: (10/31/2014 03:53:52 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_esa.cab. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL) ==================== Memory info =========================== Processor: Intel® Core i5-4570 CPU @ 3.20GHz Percentage of memory in use: 76% Total physical RAM: 8120 MB Available physical RAM: 1876.88 MB Total Pagefile: 16238.17 MB Available Pagefile: 10319.33 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (Sys) (Fixed) (Total:111.79 GB) (Free:14.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:10.82 GB) (Free:8.72 GB) NTFS Drive e: (Ent) (Fixed) (Total:108.42 GB) (Free:108.06 GB) NTFS Drive f: () (Removable) (Total:29.82 GB) (Free:29.68 GB) NTFS Drive n: (HUION PEN TABLET) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 333F333F) Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 119.2 GB) (Disk ID: 33803380) Partition 1: (Not Active) - (Size=119.2 GB) - (Type=OF Extended) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  11. So, apparently "Scan for Rootkits" was already turned on when I went to Settings. I also had to Export the Log onto the thumb-drive. FRST log is on its way. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/18/2014 Scan Time: 1:43:28 PM Logfile: mbam_log.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.18.05 Rootkit Database: v2014.12.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Home User Scan Type: Threat Scan Result: Completed Objects Scanned: 321629 Time Elapsed: 4 min, 5 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  12. For once, this is not my computer, but my mom's. She's been having issues with her computer even though it was built recently. She is very good with computers when it comes to building them and how they work, but inside the actual computer, when it comes to viruses, malware, and anything related, she doesn't know very much about. I told her I was going to help her find out what was wrong with her computer, because, after seeing some detections from her AV every-so-often, I've noticed a lot of them are coming from the Internet Explorer Temporary Files. She uses AVG as her AV and she also uses MBAM. Currently, I'm at a stand-still, as I'm running a Whole Computer scan with AVG. I would post an FRST log, but I'm unable to, as I don't have a link to the download for her computer. If there was a way I could put FRST into a thumb-drive, that would be great.
  13. It was just that one picture. Maybe my computer had the lag-spike of the century and just froze in time, allowing me to browse the internet, but the opening of a picture was halted due to it?
  14. I was browsing deviantART and looking at pictures, when all of a sudden, a picture pops up in Media Viewer, and it's about guinea pigs, which I own. I'm not sure how this happened. Maybe you can schedule when a picture appears? I'm not sure, but I don't know how it even happen. It just pops up out of no where.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.