Jump to content

Can't open Windows Explorer to even run FRST


Recommended Posts

I'm not sure that I'm in the right place, since I don't know if my problem is really malware or not.

 

Yesterday my computer was working fine, and I tried to access a web site at least partly in Kenya, safaricom.com, and suddently my computer more or less stopped working. If things worked at all, they were extremely slow. The screen sometimes goes black except for a frozen cursor. Things often freeze, or are so slow that I think they are frozen. One error message I got  was this:

 

"The logon process was unable to display security and logon options when ctrl + alt + delete was pressed. If the operating system does not respond, press ESC or restart the computer using the power switch."

 

A thread I found about this error led me to reset the winsock, and I managed to do that in safe mode, and things improved a little bit.

 

After that, at one point I got this error message;

 

"D2MClient.exe - Fatal Error

CLR error: 80004005

The program will now terminate"

 

And when I searched on Google for the first line of this message, I found a very helpful thread on this forum labeled "

 

https://forums.malwarebytes.org/index.php?showtopic=143458, where aharonov, a trusted advisor on your forum, seemed to know how to deal with things like this and seemed extraordinarily helpful. I wanted to take the first step he suggested and use the Farbar Recovery Scan Tool (FRST).  I downloaded it to a flash drive using a working computer, but so far I can't even open FRST on the non-working computer, even from Safe Mode.

 

Is there some tool available that I can run from a CD or flash drive that will allow me to diagnose or repair this computer?

 

When I start by pressing F8, it gives me an option called "Repair Computer," but I'm afraid to click on this without guidance.

 

This is a Windows 7, 64-bit computer with service pack 1 installed. I also have AVG antivirus free and  (I think) Malwarebytes installed and working on this computer.

 

Right now I have the computer open in safe mode with networking, but it seems frozen.

 

(This computer is the main "server" for my small nonprofit organization, and others need to access the files on my hard drive. Earlier today my colleague WAS able to access the files even though the computer wasn't responding on my end - but right now everything seems frozen and the files aren't accessible.)

 

Any advice or help would be very welcome!

 

Thanks for your help!

 

Harriet

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool from here:                                                                  

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:


Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

 

On the System Recovery Options menu you may get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Kevin....

Link to post
Share on other sites

Kevin,

 

Thanks so much.

 

Before I read your message, after an entire day of restarting my computer (sometimes in Safe Mode, sometimes normally), I managed to open Windows Explorer from within Windows  after booting in Safe Mode with Networking,  and  I managed to run FRST from a flash drive. I ended up with three text files: FRST.txt, Addition.txt, and Shortcut.txt. I'm about to copy and paste the FRST.txt in this message and Addition.txt in the following message. I'm unsure whether to post shortcut.txt, since it seems possible that this leads to private information. Do you need that to diagnose what is going on or to suggest repairs? If so, can I upload it to you privately?

 

Thanks for the directions on how to run FRST directly from the boot menu! Would it be "purer" to use those directions instead of using the scan results below, mae from a probably infected computer?

 

I'll appreciate any suggestions on what to do next.

 

Thanks.

 

Harriet

 

 

=====================

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by Harriet (administrator) on HARRIET-GATEWAY on 21-04-2014 19:16:29
Running from L:\Downloads\Farbar Recovery Scan Tool
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\taskmgr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-10-11] (Google)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [OCDLMgr] => [X]
HKLM-x32\...\Run: [stretchWare StchCtrl] => C:\Program Files (x86)\Shelter Publications\StretchWare\stchctrl.exe [454656 2001-12-11] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TP-LINK USB Printer Controller] => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe [4234240 2012-11-26] (TP-LINK)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [CompanionLink] => c:\program files (x86)\companionlink\companionlink.exe [51796480 2013-03-15] (CompanionLink Software, Inc.)
HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [Google Update] => C:\Users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-06] (Google Inc.)
HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-08-30] ()
HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [cdloader] => C:\Users\Harriet\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2013-05-06] (magicJack L.P.)
HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Harriet\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415104 2014-04-09] (Google)
HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [MobileAppSync] => C:\Program Files (x86)\Mobile App Sync\D2MClient.exe [332800 2013-10-03] (Appcaster)
HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Harriet\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=72fdf871223147d1afd3d1565017adbd-783e7a5b7263add5c3f3b4ee980ce4aed4786ed8 /CMPID=0214c
HKU\S-1-5-21-2155998664-2767838372-483899330-1001\...\Run: [AVG-Secure-Search-Update_0414b] => C:\Users\Harriet\AppData\Roaming\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe [2707480 2014-04-09] ()
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-10-11] (Google)
Startup: C:\Users\Harriet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Harriet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Harriet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:49323;https=127.0.0.1:49323
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A53EE5CC034CF01
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Harriet\AppData\Roaming\Mozilla\Firefox\Profiles\anzczais.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Harriet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Harriet\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Harriet\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Harriet\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Harriet\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Harriet\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: AwardWallet - C:\Users\Harriet\AppData\Roaming\Mozilla\Firefox\Profiles\anzczais.default\Extensions\6200cc7406cd11e1a68a12313d1adcbe@jetpack.xpi [2013-09-17]
FF Extension: Send to Kindle for Mozilla Firefox - C:\Users\Harriet\AppData\Roaming\Mozilla\Firefox\Profiles\anzczais.default\Extensions\sendtokindle@amazon.com.xpi [2012-11-12]
FF Extension: New Tab Homepage - C:\Users\Harriet\AppData\Roaming\Mozilla\Firefox\Profiles\anzczais.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2013-03-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-12-02]
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird\

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-07]
CHR Extension: (YouTube) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Google Search) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (RealDownloader) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-06]
CHR Extension: (Skype Click to Call) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-26]
CHR Extension: (Google Wallet) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (Gmail) - C:\Users\Harriet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Harriet\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-23]
CHR HKLM-x32\...\Chrome\Extension: [aaaapoehmlbjgmbfaelmebaigekhbioa] - C:\Users\Harriet\AppData\Local\APN\GoogleCRXs\aaaapoehmlbjgmbfaelmebaigekhbioa_7.13.2.0.crx [2013-09-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-10-11] (Google)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
S3 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2014-02-27] (Intuit, Inc.)

==================== Drivers (Whitelisted) ====================

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-21] (AVG Technologies)
R3 TPLINKUDSMBus; C:\Windows\System32\drivers\TplinkUDSMBus.sys [102688 2012-09-21] (Windows ® Codename Longhorn DDK provider)
S3 TplinkUDSTcpBus; C:\Windows\System32\drivers\TplinkUDSTcpBus.sys [181024 2012-09-21] (Windows ® Codename Longhorn DDK provider)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgdiska.sys BE5047191368D2C014202AB2775768B7
C:\Windows\System32\DRIVERS\avgidsdrivera.sys EE48CA8AB25E2B0EE3D3E5A463C5A37E
C:\Windows\System32\DRIVERS\avgidsha.sys 494D668B4CB866A1D6835E5F01B13EF1
C:\Windows\System32\DRIVERS\avgldx64.sys 4BE8BB177B4C2BC3564845EF6D1073F1
C:\Windows\System32\DRIVERS\avgloga.sys D3772CC086FB81F76B5A82C85E1C7C8E
C:\Windows\System32\DRIVERS\avgmfx64.sys A0BCE5DC2C1F1EE5C1CA19A33375AC23
C:\Windows\System32\DRIVERS\avgrkx64.sys 12FAAF366975B2BF2E93F1866C0E480D
C:\Windows\System32\DRIVERS\avgtdia.sys 4E364FABBD147F59E5D524C9EA86D772
C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 105373D52E71D2D1355AD3ACD18259C3
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\e1y60x64.sys 50AD8FC1DC800FF36087994C8F7FDFF2
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys C6238C6ABD6AC99F5D152DA4E9439A3D
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lv302a64.sys 4CB64D7458ABD8396BCD389A69C8FC80
C:\Windows\System32\drivers\LVUSBS64.sys 0034F69D0007D3F77F6B96FA51228E85
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LV302V64.SYS 37EA62238E17AE88E4713D9246CA1C1C
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 74425FFA11C133D045E1C3BE2EAD481D
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\TplinkUDSMBus.sys AE9F8EDAD88923BB1D5130760DA8323F
C:\Windows\System32\drivers\TplinkUDSTcpBus.sys A000916C85E1C0A29643AD8824191304
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\system32\drivers\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 18:03 - 2014-04-21 19:16 - 00000000 ____D () C:\FRST
2014-04-21 03:16 - 2014-03-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-21 03:16 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-21 03:16 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-21 03:16 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 03:16 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-21 03:16 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-21 03:16 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 03:16 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-21 03:16 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-21 03:16 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-21 03:15 - 2014-03-06 06:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-21 03:15 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-21 03:15 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 03:15 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-21 03:15 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 03:15 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 03:15 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-21 03:15 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-21 03:15 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-21 03:15 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-21 03:15 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 03:15 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-21 03:15 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 03:15 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-21 03:15 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 03:15 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 03:15 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 03:15 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 03:15 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 03:15 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-21 03:15 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-21 03:15 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-21 03:15 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-21 03:15 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 03:15 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-21 03:15 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 03:15 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 03:15 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-21 03:15 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 03:15 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 03:15 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 03:15 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 03:15 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 03:15 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 03:15 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 03:15 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 03:15 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 03:15 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 00:50 - 2014-04-21 00:50 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-04-18 19:53 - 2014-04-18 19:54 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\Avg_Update_0414b
2014-04-18 19:49 - 2014-04-21 15:08 - 00000384 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0414b_DELETE.job
2014-04-18 19:49 - 2014-04-18 19:53 - 00002808 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0414b
2014-04-18 19:49 - 2014-04-18 19:49 - 00002886 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0414b_DELETE
2014-04-18 19:48 - 2014-04-21 15:08 - 00000514 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0414b.job
2014-04-18 19:34 - 2014-04-18 19:46 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b
2014-04-10 10:21 - 2014-04-10 10:22 - 00003380 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001
2014-04-10 10:21 - 2014-04-10 10:22 - 00003250 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001
2014-04-10 10:15 - 2014-04-10 10:15 - 00003358 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001
2014-04-10 10:15 - 2014-04-10 10:15 - 00003228 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001
2014-04-09 06:27 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 06:27 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 06:27 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 06:27 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 06:27 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 06:26 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 06:26 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 06:26 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 06:26 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 06:26 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 06:26 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 06:26 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 06:26 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 06:26 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 06:26 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 06:26 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 06:26 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 13:01 - 2014-04-08 13:01 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Local\Intuit
2014-04-07 12:37 - 2014-04-07 12:37 - 00002360 _____ () C:\Users\Public\Desktop\Canon MX890 series On-screen Manual.lnk
2014-04-07 10:19 - 2014-04-07 10:19 - 00000000 ____D () C:\Users\Harriet\Documents\Print Shop
2014-03-31 22:49 - 2014-03-31 22:49 - 00000000 ____D () C:\Users\Public\Philips
2014-03-31 22:48 - 2014-03-31 22:48 - 00000000 ____D () C:\Users\Harriet\PIMVLibraries
2014-03-26 23:01 - 2014-03-26 23:01 - 00000000 ___RD () C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-26 15:02 - 2014-03-26 15:02 - 00002184 _____ () C:\Users\Public\Desktop\QuickBooks   2014.lnk
2014-03-26 14:58 - 2014-03-26 14:58 - 00000020 ___SH () C:\Users\QBDataServiceUser24\ntuser.ini
2014-03-26 14:58 - 2014-03-26 14:58 - 00000000 ____D () C:\Users\QBDataServiceUser24
2014-03-26 14:58 - 2013-03-19 16:40 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\LocalGoogle
2014-03-26 14:58 - 2013-03-19 16:40 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Local\Google
2014-03-26 14:58 - 2013-01-12 09:29 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Roaming\TuneUp Software
2014-03-26 14:58 - 2011-10-05 03:01 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Local\Microsoft Help
2014-03-26 14:58 - 2011-10-01 10:42 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Roaming\Macromedia
2014-03-26 14:58 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-26 14:58 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-26 14:54 - 2014-03-26 14:54 - 00000000 ____D () C:\ProgramData\Nuance
2014-03-26 14:41 - 2014-03-26 14:44 - 564386560 _____ (Intuit, Inc. ) C:\Users\Harriet\Desktop\QuickBooksPremier2014.exe
2014-03-26 14:41 - 2014-03-26 14:41 - 00000985 _____ () C:\Users\Harriet\Desktop\Setup_QuickBooksPremier2014.lnk

==================== One Month Modified Files and Folders =======

2014-04-21 19:16 - 2014-04-21 18:03 - 00000000 ____D () C:\FRST
2014-04-21 15:08 - 2014-04-18 19:49 - 00000384 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0414b_DELETE.job
2014-04-21 15:08 - 2014-04-18 19:48 - 00000514 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0414b.job
2014-04-21 15:08 - 2011-10-01 20:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 15:05 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 15:05 - 2009-07-14 00:51 - 00250808 _____ () C:\Windows\setupact.log
2014-04-21 13:10 - 2011-10-01 11:58 - 01799889 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 12:58 - 2013-03-24 18:13 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001UA.job
2014-04-21 12:37 - 2013-04-01 18:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 12:20 - 2011-10-01 20:59 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 11:21 - 2011-11-13 14:42 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\Dropbox
2014-04-21 11:14 - 2013-09-23 14:45 - 00000000 ___RD () C:\Users\Harriet\Google Drive
2014-04-21 11:07 - 2011-10-01 12:00 - 00000000 ___RD () C:\Users\Harriet\Dropbox
2014-04-21 11:06 - 2013-09-02 18:30 - 00001012 _____ () C:\Users\Harriet\Desktop\magicJack.lnk
2014-04-21 11:06 - 2013-09-02 18:30 - 00000998 _____ () C:\Users\Harriet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2014-04-21 11:06 - 2011-10-03 13:03 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\mjusbsp
2014-04-21 10:35 - 2009-07-14 00:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 10:33 - 2009-07-14 00:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 09:57 - 2011-10-03 03:53 - 00437044 _____ () C:\Windows\PFRO.log
2014-04-21 09:54 - 2011-10-01 09:41 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-21 09:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\spool
2014-04-21 03:58 - 2009-07-14 00:45 - 00820224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-21 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-21 02:52 - 2011-10-03 13:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-21 01:58 - 2011-10-01 15:02 - 00000000 ____D () C:\Program Files (x86)\Everything
2014-04-21 01:22 - 2009-07-14 01:13 - 00799758 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 00:50 - 2014-04-21 00:50 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-04-21 00:50 - 2011-10-01 11:49 - 00000000 ____D () C:\Users\Harriet\Documents\pkb
2014-04-20 19:58 - 2013-03-24 18:13 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001Core.job
2014-04-20 11:00 - 2013-12-02 10:45 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-04-18 19:54 - 2014-04-18 19:53 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\Avg_Update_0414b
2014-04-18 19:53 - 2014-04-18 19:49 - 00002808 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0414b
2014-04-18 19:49 - 2014-04-18 19:49 - 00002886 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0414b_DELETE
2014-04-18 19:46 - 2014-04-18 19:34 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b
2014-04-14 14:53 - 2011-10-16 21:29 - 00000000 ____D () C:\Users\Harriet\AppData\Local\CutePDF Writer
2014-04-14 02:33 - 2014-02-09 03:13 - 00000000 ____D () C:\Program Files (x86)\H&R Block Business 2013
2014-04-13 23:24 - 2011-10-01 11:16 - 00000000 ____D () C:\Users\Harriet\Documents\HRBlock
2014-04-13 14:38 - 2011-10-01 11:16 - 00000000 ____D () C:\Users\Harriet\Documents\ken
2014-04-12 22:45 - 2011-10-01 11:11 - 00000000 ____D () C:\Users\Harriet\Documents\Email - Thunderbird
2014-04-10 15:28 - 2011-10-01 11:16 - 00000000 ____D () C:\Users\Harriet\Documents\kulanu
2014-04-10 15:23 - 2011-10-01 20:59 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 10:24 - 2011-10-15 00:45 - 00000000 ____D () C:\Program Files (x86)\Real
2014-04-10 10:24 - 2011-10-15 00:44 - 00000000 ____D () C:\ProgramData\Real
2014-04-10 10:23 - 2011-10-15 00:44 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\Real
2014-04-10 10:22 - 2014-04-10 10:21 - 00003380 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001
2014-04-10 10:22 - 2014-04-10 10:21 - 00003250 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001
2014-04-10 10:15 - 2014-04-10 10:15 - 00003358 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001
2014-04-10 10:15 - 2014-04-10 10:15 - 00003228 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001
2014-04-10 04:15 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 03:23 - 2013-04-01 18:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-10 03:06 - 2013-08-08 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:02 - 2011-10-10 07:33 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 18:50 - 2011-10-01 20:58 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\Skype
2014-04-09 18:40 - 2013-05-22 11:43 - 00000039 _____ () C:\Windows\Stretch.INI
2014-04-08 13:01 - 2014-04-08 13:01 - 00000000 ____D () C:\Users\QBDataServiceUser24\AppData\Local\Intuit
2014-04-07 14:38 - 2012-02-12 20:50 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\FileZilla
2014-04-07 12:37 - 2014-04-07 12:37 - 00002360 _____ () C:\Users\Public\Desktop\Canon MX890 series On-screen Manual.lnk
2014-04-07 12:35 - 2011-10-01 11:50 - 00000000 ____D () C:\Users\Harriet\Downloads\Canon Printer
2014-04-07 10:19 - 2014-04-07 10:19 - 00000000 ____D () C:\Users\Harriet\Documents\Print Shop
2014-04-07 10:12 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-07 02:09 - 2011-10-01 11:49 - 00000000 ____D () C:\Users\Harriet\Documents\sfk
2014-04-04 00:08 - 2012-04-01 16:53 - 00000000 ____D () C:\Users\Harriet\Documents\H&R Block Business
2014-04-03 13:30 - 2012-02-12 20:23 - 00012800 _____ () C:\Users\Harriet\AppData\Roaming\Settings.cfg
2014-04-03 13:30 - 2012-02-12 20:23 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\SiteClasses
2014-03-31 22:55 - 2013-02-24 23:36 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\FreeBurner
2014-03-31 22:49 - 2014-03-31 22:49 - 00000000 ____D () C:\Users\Public\Philips
2014-03-31 22:48 - 2014-03-31 22:48 - 00000000 ____D () C:\Users\Harriet\PIMVLibraries
2014-03-31 22:48 - 2011-10-01 09:13 - 00000000 ____D () C:\Users\Harriet
2014-03-31 09:04 - 2013-10-07 11:33 - 00000971 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-27 03:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-27 01:15 - 2011-10-01 20:59 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 01:15 - 2011-10-01 20:59 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 23:01 - 2014-03-26 23:01 - 00000000 ___RD () C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-26 19:53 - 2013-03-24 18:13 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001UA
2014-03-26 19:53 - 2013-03-24 18:13 - 00003498 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001Core
2014-03-26 16:12 - 2011-10-05 23:35 - 00000000 ____D () C:\Users\QBDataServiceUser21.Harriet-Gateway
2014-03-26 15:26 - 2012-06-26 17:49 - 00000000 ____D () C:\Users\Harriet\AppData\Local\MPlayer
2014-03-26 15:24 - 2012-06-26 17:47 - 00000000 ____D () C:\Users\Harriet\.umplayer
2014-03-26 15:05 - 2011-10-01 14:46 - 00280760 _____ () C:\Users\Harriet\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-26 15:02 - 2014-03-26 15:02 - 00002184 _____ () C:\Users\Public\Desktop\QuickBooks   2014.lnk
2014-03-26 15:02 - 2011-10-01 10:40 - 00000000 ____D () C:\Program Files (x86)\Intuit
2014-03-26 15:01 - 2011-10-05 23:40 - 00000000 ____D () C:\Users\Harriet\AppData\Local\Intuit
2014-03-26 15:01 - 2011-10-05 23:05 - 00000000 ____D () C:\Windows\Intuit
2014-03-26 14:58 - 2014-03-26 14:58 - 00000020 ___SH () C:\Users\QBDataServiceUser24\ntuser.ini
2014-03-26 14:58 - 2014-03-26 14:58 - 00000000 ____D () C:\Users\QBDataServiceUser24
2014-03-26 14:58 - 2011-10-05 23:32 - 00000095 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-03-26 14:54 - 2014-03-26 14:54 - 00000000 ____D () C:\ProgramData\Nuance
2014-03-26 14:54 - 2011-10-01 20:22 - 00000000 ____D () C:\ProgramData\Intuit
2014-03-26 14:52 - 2011-10-01 12:06 - 00000000 ____D () C:\Users\Public\Documents\Intuit
2014-03-26 14:44 - 2014-03-26 14:41 - 564386560 _____ (Intuit, Inc. ) C:\Users\Harriet\Desktop\QuickBooksPremier2014.exe
2014-03-26 14:44 - 2011-10-05 22:49 - 00000000 ____D () C:\Users\Harriet\AppData\Roaming\Download Manager
2014-03-26 14:41 - 2014-03-26 14:41 - 00000985 _____ () C:\Users\Harriet\Desktop\Setup_QuickBooksPremier2014.lnk
2014-03-24 22:41 - 2013-04-03 10:45 - 00002525 _____ () C:\Users\Harriet\Desktop\Evernote.lnk
2014-03-24 19:18 - 2011-10-01 11:50 - 00000000 ____D () C:\Users\Harriet\Documents\Wes
2014-03-22 10:33 - 2012-06-26 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Classic .NET AppPool\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {0edd387a-ec4e-11e0-913c-fbf6065c5258}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {0edd387c-ec4e-11e0-913c-fbf6065c5258}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {0edd387a-ec4e-11e0-913c-fbf6065c5258}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {0edd387c-ec4e-11e0-913c-fbf6065c5258}
device                  ramdisk=[C:]\Recovery\0edd387c-ec4e-11e0-913c-fbf6065c5258\Winre.wim,{0edd387d-ec4e-11e0-913c-fbf6065c5258}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\0edd387c-ec4e-11e0-913c-fbf6065c5258\Winre.wim,{0edd387d-ec4e-11e0-913c-fbf6065c5258}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae2-0007e994107d}
device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             HP Recovery Manager
osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {0edd387a-ec4e-11e0-913c-fbf6065c5258}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {0edd387d-ec4e-11e0-913c-fbf6065c5258}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\0edd387c-ec4e-11e0-913c-fbf6065c5258\boot.sdi

Device options
--------------
identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description             Ramdisk Device Options
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             RAM Disk Settings
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi



LastRegBack: 2014-04-09 01:54

==================== End Of Log ============================

Link to post
Share on other sites

Here is the addition.txt file, also created by the Farbar Recovery Scan Tool, from the same scan as the FRST.txt file copied in the last message.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 02
Ran by Harriet at 2014-04-21 19:35:17
Running from L:\Downloads\Farbar Recovery Scan Tool
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
ACDSee Photo Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.344 - ACD Systems International Inc.)
AceFTP 3 Freeware (HKLM-x32\...\AceFTP 3 Freeware) (Version: 3.80.3 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS5 (HKLM-x32\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BurnAware Free 6.0 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version:  - )
Canon MX890 series User Registration (HKLM-x32\...\Canon MX890 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.0 build 3621  (Oct-10-2013) - Carbonite)
CompanionLink (HKLM-x32\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 5.00.5050 - CompanionLink Software, Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Free Audio Converter version 5.0.23.320 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free Easy Burner V 5.1 (HKLM-x32\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
Free MTS Converter (HKLM-x32\...\Free MTS Converter_is1) (Version:  - )
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Drive (HKLM-x32\...\{84B981C8-D6E4-473F-8062-63F14F44183E}) (Version: 1.15.6464.228 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
H&R Block Business 2011 (Remove Only) (HKLM-x32\...\H&R Block Business 2011) (Version:  - )
H&R Block Business 2012 (Remove Only) (HKLM-x32\...\H&R Block Business 2012) (Version:  - )
H&R Block Business 2013 (Remove Only) (HKLM-x32\...\H&R Block Business 2013) (Version:  - )
H&R Block Massachusetts 2011 (HKLM-x32\...\{7F9C8D01-5B27-454F-8629-9EDAA1D9A0BC}) (Version: 1.11.2801 - HRB Technology, LLC.)
H&R Block New York 2011 (HKLM-x32\...\{6C434B52-8D0F-4080-9649-7497445DDCD4}) (Version: 1.11.4401 - HRB Technology, LLC.)
H&R Block New York 2012 (HKLM-x32\...\{0A5FB059-9FF1-4A78-9753-4D7656560DAF}) (Version: 1.12.7001 - HRB Technology, LLC.)
H&R Block New York 2013 (HKLM-x32\...\{E3B9117D-7476-4C74-8C22-337F630D6602}) (Version: 1.13.5901 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2011 (HKLM-x32\...\{4221094E-82B8-43C4-94F4-A6760FC1842A}) (Version: 11.07.7102 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7803 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2013 (HKLM-x32\...\{7304A91F-F4AF-41B3-85B6-C5923EDBF899}) (Version: 13.07.6502 - HRB Technology, LLC.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}) (Version: 10.5.2.11 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
magicJack (HKCU\...\magicJack) (Version: 3.1.6970.4873 - magicJack L.P.)
MediaWidget 6.0 (HKLM-x32\...\MediaWidget - Easy iPod Transfer_is1) (Version:  - Bootstrap Development, LLC.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mobile App Sync (HKLM-x32\...\Mobile App Sync) (Version:  - Mobile App Sync)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.3 - )
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
PassportPhoto (remove) (HKCU\...\PassportPhoto) (Version:  - )
Payroll Income Documents Generator 3.0 (HKCU\...\Payroll Income Documents Generator) (Version: 3.0 - Payroll Documents)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Phanfare (HKLM-x32\...\Phanfare) (Version: 3.0 - Phanfare, Inc.)
PhotoFiltre (HKCU\...\PhotoFiltre) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QB Connection Diagnostic Tool (HKLM-x32\...\QB Connection Diagnostic Tool) (Version: 3.0.0.0 - Intuit Inc.)
QuickBooks (x32 Version: 24.0.4005.2403 - Intuit Inc.) Hidden
QuickBooks Premier: Nonprofit Edition 2014 (HKLM-x32\...\{4F63B8CE-2062-4A0F-976D-6CB6F60475D3}) (Version: 24.0.4005.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12054_20 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12054_20 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Sheet Music Plus Digital Print (HKLM-x32\...\com.sheetmusicplus.DigitalAirPrint) (Version: v2011.11.14 - Sheet Music Plus, LLC)
Sheet Music Plus Digital Print (x32 Version: 255.11.14 - Sheet Music Plus, LLC) Hidden
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.8.0.1028.ga3450140 - Spotify AB)
StretchWare (HKLM-x32\...\StretchWare) (Version:  - )
The Print Shop 20 (HKLM-x32\...\{85BB6CF7-5144-4942-87E4-5FC5C47569F8}) (Version: 20.00.0000 - Broderbund Software)
TP-LINK USB Printer Controller (HKLM-x32\...\{A72F84C1-7F66-49FB-A1AD-F48C7E82555A}) (Version: 1.12.1126 - TP-LINK)
UMPlayer 0.98 [P4] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
XAMPP 1.8.1 (HKLM-x32\...\xampp) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {13B60FE0-9FC3-45E9-B0E0-96035A19BB9B} - System32\Tasks\{F93F5CD9-C712-4C4F-A2DF-60056A0BB154} => C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-04-08] (Google)
Task: {29F09361-0AAC-45FA-B9C4-508BF06B3783} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION
Task: {3395E8D5-C4DA-46AE-8833-6D110B6D8363} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {40815A77-398A-45E4-AF7E-AA847DF1265C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {462796DB-CD41-48F5-A1FD-40F715EB20B9} - System32\Tasks\AVG_SYS_TASK_0414b => C:\ProgramData\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe [2014-04-09] ()
Task: {49685B8B-07A8-4C7C-93EA-4A2978EE70AC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {4AA1265F-E00B-4299-B5C0-C7F4B0281DCD} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {562C47B2-9C98-4FC1-93EB-6FBD83398E8D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {603ADAF3-A08D-468C-A93A-69E4EA7822A1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6E3E0DDE-1034-4805-96E0-36D9DC34DE38} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001UA => C:\Users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.)
Task: {7F4E21E3-E1F1-4A87-BF77-50F07A93EF0A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {887C2330-1F06-412F-BEEB-763E90AC8BF1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001Core => C:\Users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.)
Task: {8A06CFF4-B196-46D6-929D-7148FAC73543} - System32\Tasks\AdobeAAMUpdater-1.0-Harriet-Gateway-Harriet => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {99305010-353F-4711-90E3-1FB50721DA48} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A914E1A5-82F8-4305-982D-14510C79B6AA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2155998664-2767838372-483899330-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B3AD8AED-8327-4DBE-B296-A08E8B58334E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-01] (Google Inc.)
Task: {BD21A537-51D2-443E-8372-C2BA2007FE69} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C6A4B95D-EC08-4CA9-88FE-2DBB27B9633D} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {C6C5DC50-1B75-4600-AA9C-565B3159F705} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EC6AB74F-0DFF-46F8-8DA7-1788CF3461D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-01] (Google Inc.)
Task: {EE68F903-A9A9-4E04-92EE-0B4CF94F79EE} - System32\Tasks\AVG_SYS_TASK_0414b_DELETE => C:\ProgramData\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe [2014-04-09] ()
Task: {F284588B-DF9E-4626-A991-C89FF600417A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2155998664-2767838372-483899330-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0414b.job => C:\ProgramData\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0414b_DELETE.job => C:\ProgramData\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001Core.job => C:\Users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155998664-2767838372-483899330-1001UA.job => C:\Users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Harriet\Documents\2004-06-23 Hudson sunset (FOHRP ride) 028 cropped.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\2004-06-23 Hudson sunset (FOHRP ride) 028cropped.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\IMGP0207_edited.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\IPTC-sample.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\Jon Harris with Arthie and Margie.bmp:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\making challah covers.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\margie and diana.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\margie and hot jon.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\margie and nat.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\margie and steve 2.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\margie and steve 3.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\margie and steve.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\margie brett rose.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\margie with food.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Harriet\Documents\margie with purple sweatshirt.JPG:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Harriet^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BSDAppUpdater => C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Google Update => "C:\Users\Harriet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Harriet\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: StartNowToolbarHelper => "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
MSCONFIG\startupreg: StretchWare StchCtrl => C:\Program Files (x86)\Shelter Publications\StretchWare\Stchctrl.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2014 01:00:46 PM) (Source: Application Hang) (User: )
Description: The program AVG-Secure-Search-Update_0414b.exe version 14.0.0.19 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 774

Start Time: 01cf5d6dbc371431

Termination Time: 16

Application Path: C:\Users\Harriet\AppData\Roaming\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe

Report Id: 749bf5ab-c976-11e3-b2e4-001f16f3444e

Error: (04/21/2014 11:18:47 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
QBDBPF Log Monitor Service seems is running but not listening on the required port

Error: (04/21/2014 10:29:19 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program D2MClient because of this error.

Program: D2MClient
File: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (04/21/2014 10:29:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: D2MClient.exe, version: 1.0.0.0, time stamp: 0x521df2b3
Faulting module name: mscorwks.dll, version: 2.0.50727.5477, time stamp: 0x5265cfa2
Exception code: 0xc0000006
Fault offset: 0x0007bd8e
Faulting process id: 0x878
Faulting application start time: 0xD2MClient.exe0
Faulting application path: D2MClient.exe1
Faulting module path: D2MClient.exe2
Report Id: D2MClient.exe3

Error: (04/21/2014 10:26:46 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program D2MClient because of this error.

Program: D2MClient
File: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (04/21/2014 10:26:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: D2MClient.exe, version: 1.0.0.0, time stamp: 0x521df2b3
Faulting module name: mscorwks.dll, version: 2.0.50727.5477, time stamp: 0x5265cfa2
Exception code: 0xc0000006
Fault offset: 0x0007bdac
Faulting process id: 0x878
Faulting application start time: 0xD2MClient.exe0
Faulting application path: D2MClient.exe1
Faulting module path: D2MClient.exe2
Report Id: D2MClient.exe3

Error: (04/21/2014 10:25:54 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (04/21/2014 09:34:20 AM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (04/21/2014 09:26:46 AM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (04/21/2014 09:17:18 AM) (Source: Application Hang) (User: )
Description: The program AVG-Secure-Search-Update_0414b.exe version 14.0.0.19 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5b8

Start Time: 01cf5d615f087f2d

Termination Time: 0

Application Path: C:\Users\Harriet\AppData\Roaming\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe

Report Id: 31f2a661-c957-11e3-bcf6-001f16f3444e


System errors:
=============
Error: (04/21/2014 03:18:57 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (04/21/2014 03:18:56 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (04/21/2014 03:18:06 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (04/21/2014 03:18:04 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/21/2014 03:17:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/21/2014 03:17:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/21/2014 03:17:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/21/2014 03:17:18 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/21/2014 03:15:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/21/2014 03:15:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (04/21/2014 02:13:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/25/2013 10:50:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1195878 seconds with 6300 seconds of active time.  This session ended with a crash.

Error: (06/30/2013 05:32:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 76960 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (09/29/2012 05:21:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 450361 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (09/06/2012 02:36:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 685653 seconds with 10080 seconds of active time.  This session ended with a crash.

Error: (08/06/2012 11:23:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 431366 seconds with 7560 seconds of active time.  This session ended with a crash.

Error: (07/10/2012 07:41:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 576 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (07/10/2012 07:31:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 153726 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (06/25/2012 02:26:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 305135 seconds with 2880 seconds of active time.  This session ended with a crash.

Error: (04/16/2012 05:50:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 231 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 8157.18 MB
Available physical RAM: 6966.03 MB
Total Pagefile: 16312.53 MB
Available Pagefile: 15422 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:455.6 GB) (Free:201.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.16 GB) (Free:1.37 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive i: (USB Hard Disk) (Fixed) (Total:232.88 GB) (Free:105.4 GB) NTFS
Drive l: (KINGSTON) (Removable) (Total:7.26 GB) (Free:4.57 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 3FB69270)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

I'm afraid I'm stumped about how to answer your question about the proxy server, since I'm not sure what or where the proxy server would be, or whether I previously had one.

I called my Internet provider, RCN, and they say they don't use a proxy server. I asked where to find the proxy server that is working on my computer, and he suggested I look in Internet Explorer - tools, Internet options - connections - Local Area Network Settings. I finally got to that place on my dysfunctional desktop, and the box next to "use a proxy server for your LAN" is unchecked. I looked in the same place on the laptop that I'm using to write to you, and that also has "use a proxy server for your LAN" unchecked.

I do have a TP-Link router model TL-WDR4300. Would the proxy server be related to the router?

Note that I am posting these messages from my working laptop, not from my dysfunctional desktop computer. Did you find the proxy server info from my postings to this forum, or from the Farbar Recovery Scan Test results which came from the desktop?

Thanks. Harriet

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

See if you can run the system in Normal mode, continue;

 

Please download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

How to get logs:

(Export log to save as txt)

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

 

Let me see those logs..

 

fixlist.txt

Link to post
Share on other sites

Here's the contents of fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2014 02
Ran by SYSTEM at 2014-04-23 22:50:38 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
ProxyServer: http=127.0.0.1:49323;https=127.0.0.1:49323
BHO-x32: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File
Toolbar: HKLM-x32 - VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File
C:\Users\Classic .NET AppPool\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
Task: {29F09361-0AAC-45FA-B9C4-508BF06B3783} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION
Task: {C6A4B95D-EC08-4CA9-88FE-2DBB27B9633D} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
End
*****************

ProxyServer: http=127.0.0.1:49323;https=127.0.0.1:49323 => Error: The entry should be fixed outside recovery mode.
BHO-x32: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File => Error: The entry should be fixed outside recovery mode.
Toolbar: HKLM-x32 - VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File => Error: The entry should be fixed outside recovery mode.
C:\Users\Classic .NET AppPool\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
Task: {29F09361-0AAC-45FA-B9C4-508BF06B3783} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {C6A4B95D-EC08-4CA9-88FE-2DBB27B9633D} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.

==== End of Fixlog ====

Link to post
Share on other sites

I finally managed to open Safe Mode with Networking (each mouse click took a very long time before it responded), and ran the FRST fix from the same directory of the flash drive where I ran it last time.

 

After that, I rebooted, and now have a black background different from my usual Windows desktop, there are a number of icons but they are all pure white with no images, and the first 1 1/2 columns of icons have no words under them (except for the recycle bin). The Quick Launch bar (or is it the Start bar??) has a new background, but no icons other than the start icon on one end and the time and date on the other.  The mouse moves. It's not clear to me whether this is very slowly starting, or if it stuck at this point.

 

Here are the results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014
Ran by Harriet at 2014-04-24 13:22:37 Run:2
Running from L:\Downloads\Farbar Recovery Scan Tool
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
Start
ProxyServer: http=127.0.0.1:49323;https=127.0.0.1:49323
BHO-x32: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File
Toolbar: HKLM-x32 - VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL No File
C:\Users\Classic .NET AppPool\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
Task: {29F09361-0AAC-45FA-B9C4-508BF06B3783} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION
Task: {C6A4B95D-EC08-4CA9-88FE-2DBB27B9633D} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A057A204-BACC-4D26-8287-79A187E26987} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A057A204-BACC-4D26-8287-79A187E26987} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{A057A204-BACC-4D26-8287-79A187E26987} => Key deleted successfully.
"C:\Users\Classic .NET AppPool\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29F09361-0AAC-45FA-B9C4-508BF06B3783} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29F09361-0AAC-45FA-B9C4-508BF06B3783} => Key deleted successfully.
C:\Windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6A4B95D-EC08-4CA9-88FE-2DBB27B9633D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6A4B95D-EC08-4CA9-88FE-2DBB27B9633D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.

==== End of Fixlog ====

Link to post
Share on other sites

My desktop computer is now much improved, but still seems to have some problems. For example, I went to control panel, to get to the list of installed programs, to see if I already had malwarebytes installed, and it the control panel stopped responding.  When I go to Windows Explorer it stops responding.

 

I was certain that I had already installed Malwarebytes - I thought I had used it to clear up a problem a few weeks or a month ago - but I now can't find evidence that it's installed.

 

When I can get it to respond again, I'll try again to install or re-install Malwarebytes.

Link to post
Share on other sites

Run the following from either Normal mode or Safe mode with NW....

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Link to post
Share on other sites

I have determined that malwarebytes is not installed on my desktop. Should I install that as well as  roguekiller?

 

With roguekiller, you say that I should disconnect all USB or external drives. Does this mean I should not run roguekiller and Farbar Recovery Scan Tool from my USB flash drive?

Link to post
Share on other sites

I managed to start roguekiller after quite a while, from Safe mode with networking, and it was finding many issues, but  it seemed to get stuck about 20-25 % of the way through the scan. It also was hard to start it in Safe Mode, because I have so many icons that in that resolution I couldn't get to the icon on the desktop, and opening Windows Explorer usually doesn't work. I'm now trying to start it again in normal mode.

Link to post
Share on other sites

Hello Harriet,

 

We are having issues trying to run any tools from within Windows, as you have access to another PC see if you can do the following:

 

Use the other PC to create the Widows Defender Offline Tool, I give the instructions to load to a USB flash drive.

 

Download the tool from here :- http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline and save to the Desktop.

 

You will have to select the correct version for your system, either 32 or 64 bit

Run the tool, Windows 7/8 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"

 

WD2.png

 

In the new window accept the agreement:

 

WD2a.png

 

In the new window select your USB Flash Drive, then select "Next"

 

WD3.png

 

In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"

 

WD3a.png

 

In the new window accept the formatting alert by selecting "Next"

 

WD3b.png

 

Files will be Downloaded:

 

WD4.png

 

Files will be processed and created

 

WD5.png

 

Flash drive will be formatted and prepared

 

WD6.png

 

Files will be added to the Flash Drive and the tool will be created.

 

WD7.png

 

The procedure is finished and the Tool created, click on "Finish" to complete.

 

WD8.png

 

Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required,  Use F12 as it boots, change options...

As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.

When complete do a full scan, deal with what it finds.

When finished, remove the USB stick then press the Esc key to boot into regular windows.

Navigate to the following file:

"C:\Windows\Windows Defender Offline\Support\MPLog-MM/DD/YYYY-HH/MM/SS .txt"

Open with notepad and copy and paste it into a reply.

 

Kevin...

Link to post
Share on other sites

I'm back from a weekend away from home.

 

I installed Windows Defender Online on a CD-R disk, and left it running while I was away. I canceled the Quick Scan and ran the Full Scan instead. When I got back home this afternoon, the screen asked if I wanted to clean the problems, and I said yes, and the screen said that it had successfully got rid of these problems:

 

JS/Tracur.C

JS/Tracur.B

JS/Iestart.N

 

Since then I've spent many hours trying to find a way to access the file you asked for, "C:\Windows\Windows Defender Offline\Support\MPLog-MM/DD/YYYY-HH/MM/SS .txt", but I haven't managed to navigate to it and open it. I did just manage to open Notepad ++, and I clicked on "open," but then I've gotten messages saying Windows Explorer is not responding.

 

I tried opening in Safe Mode with Command Prompt, using old DOS commands, but when I did a directory of the Windows folder, I didn't see Windows Defender Offline or anything that substituted for that (I didn't know if the Command Prompt can handle spaces in a folder name).

 

Even though Windows Defender Offline said it resolved the problems, my computer still isn't working.

 

Is it likely that there are more viruses or similar offenders still on my computer? Or that files are simply damaged from having had to turn off the computer with the power button so many times when it wouldn't shut down properly?

 

Thanks.

 

Harriet

Link to post
Share on other sites

It is possible the system has been damaged by what you explain to me, if you can boot to normal mode see if you can run the following repair tool, it will attempt to make repairs to operating system;

 

download Portable Windows Repair (all in one) from one of the following:

 

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

 

Unzip the contents into a newly created folder on your desktop.

 

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

 

 

Tweak1_zps10f67b3e.jpg

 

 

From the main GUI do the following:

 

 

Select Tab 2 and allow it to run Disk check

 

 

Tweak2_zps947b9008.jpg

 

 

Select Tab 3 and allow it to run SFC

 

 

Tweak3_zps64a1b448.jpg

 

 

Select Tab 4 and Create System Restore Point

 

 

Tweak4_zps98ef6707.jpg

 

 

Select Repairs tab => Click the Start

 

 

Tweak5_zps71b85f1c.jpg

 

 

The repairs window will open, Check the boxes as indicated, also the "Restart" options, the select Start...

 

 

Tweak9-1.png

 

 

DON'T use the computer while each scan is in progress.

 

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log

 

Kevin

Link to post
Share on other sites

Thanks for staying with me!

 

This last assignment seems like a Catch-22. We are trying to repair Windows Explorer, which hardly ever works. But I don't know how to get the program from my flash drive onto my desktop without using Windows Explorer.

 

Is there any way to do some of these steps from a command prompt, without booting into Normal Mode?

 

I downloaded onto a flash drive, and tried putting the flash drive into the USB slot after I booted the damaged computer, and hoped that autoplay would give me access to the files. But the option says that to open files and folders, it will still use Windows Explorer. I'm leaving it for hours again to see if it finally will open

 

I haven't yet tried using my browser to download the program and see if it will save it directly to the desktop.

 

I'm wishing for the old days when I had an emergency floppy disk that had a bunch of tools on it, and I could run things like scandisk without booting to the operating system first.

 

Is there a way to run this portable windows repair after booting from a DVD or a floppy drive?

 

Harriet

Link to post
Share on other sites

Hello Harriet,

 

We try this a different way, I guess you will still have FRST on your flash drive. I want you to run FRST from the recovery environment, i`ll give the instructions again just in case you need them.

 

The last scan done with FRST did list a full registry back up was available dated 9th April, we can use that registry back up and replace all registry hives. Maybe that will get the system to run in Normal mode...

 

Download the attached file fixlist.txt and save it to your Flash drive.

 

Next,

 

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:


  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt



  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer (if applicaable).
  • Press Fix button just once and wait.....
  • When FRST is finished it will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.


See if your system will now boot into Normal mode....

 

 

Replacing the registry hives may take the system back to an infected state, but if it will now run in normal mode we can start over...

 

Let me know if we make progress...

 

Kevin

fixlist.txt

Link to post
Share on other sites

I had wiped the flash drive in order to make the needed flash drive for Windows Defender Online, but I made a backup first, and had then done another quick reformat so it was no longer a startup drive. So I was able to put FSRT back on the flash drive and follow your instructions. It looks like it did what you asked.

 

Here are the contents of fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2014 02
Ran by SYSTEM at 2014-04-28 18:48:23 Run:3
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
LastRegBack: 2014-04-09 01:54
End
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

 

[End of fixlog.txt]

 

Then I shut down the corrupted computer, waited a little, and rebooted in normal mode.

 

I tried to click on Windows Explorer and got a message saying Windows wasn't working, did I want to close it. But then it seemed to start again. I still can't get the portable Window repair onto my desktop. Later I tried to re-boot in Safe Mode with NW, and open the flash drive somehow, where I can see the portable Windows Repair file (ReimageRepair.exe) listed. But nothing happens when I right-click, left-click, or double click on it. I was trying to move it to the desktop, but so far I haven't figured out how to do this.

 

 

 

 

Link to post
Share on other sites

Hiya Harriet,

 

Lets see if you can run System File Checker (SFC) from a cmd prompt at boot. SFC will check all system files and replace any corrupt or patched files, hopefully this will get us a fix.

 

Go to the following link: http://www.sevenforums.com/tutorials/139810-sfc-scannow-run-command-prompt-boot.html please read through the instructions a couple of times to familiarize yourself. Please do note in the example the instructions use F:\ as the OS partition, yours will probably be C:\

 

Let me know if we make any progress...

 

Kevin

Link to post
Share on other sites

I just tried to follow the instructions on running system file checker from a cmd prompt after booting from a repair C "D.

 

So far the system tried to do a startup repair (this wasn't mentioned in the instructions), and gave me a a report saying "Startup Repair cannot repair this computer automatically. [To be clear, I don't think I really have a startup problem. My computer starts up regularly - it crashes when I go into Windows Explorer. But I had just turned off the computer when it was booting into Windows because I wanted it to boot from a CD instead. But I'm thinking all these tests might still be informative]

 

Then I clicked on "details," and got this list:

 

Problem signature:

Problem Event Name:    StartupRepairOFFLine

Problem signature 01:   6.1.7600.16385

Problem signature 02:   6.1.7600.16385

Problem signature 03:   unknown

Problem signature 04:   941

Problem signature 05:   ExternalMedia

Problem signature 06:   1

Problem signature 07:   BadPatch

OS Version                    6.1.7600.2.0.0.256.1

 

[end of problem details]

 

Then it gave diagnosis and repair details. I can't find a way to cut and paste, so I'll type out the names of the tests that showed no problems, and copy all the information on tests that either show a problem or where I don't understand what it said: 

 

Startup Diagnosis and repair log:

Number of repair attempts: 1

 

Session details

---------------------------------

 

System Disk = \Device\Harddisk0

Windows Directory = C:\Windows

autoChk Run = 0

Number of root causes = 1

 

Tests performed - no problems (all these say "Result: Completed successfully. Error code = 0x0"

Check for updates

System disk test

Disk failure diagnosis

Disk metadata test

Target OS test

Volume content check

Boot manager diagnosis

System boot log diagnosis

Event log diagnosis

Internal state check

Boot status test

Setup State check

Registry hives test

Windows boot log diagnosis

Bugcheck analysis

Access conrol test

File system test (chkdsk)

Software installation log diagnosis

 

Root cause found:

----------------------------------

A path is preventing the system from starting

 

Repair action: System Restore

Result: Cancelled

 

 

Repair action: System Restore

Result: Cancelled

 

Repair action: System files integrity check and repair

Result: Failed. Error code = 0x45d

Time taken = 1175858 ms

---------------------------

 

Then I followed the instructions that you recommended at

 

http://www.sevenforums.com/tutorials/139810-sfc-scannow-run-command-prompt-boot.html

 

to run System File Checker. It ran and took quite a while (perhaps and hour?) and then gave me this message:

 

Windows Resource Protection could not perform the required operation.

 

I then ran the same command again for System File Checker, since the instructions had said

 

"if it does [find errors] it may take you running this command a couple separate times to completely repair any issues it finds so don't give up after just one attempt."

 

I wasn't sure if that applied to my case where the report was that it couldn't perform the required operation - but I'm leaving it working and going to sleep. . . .

 

Please advise what to do next!

 

I don't have a Windows 7 installation disk. Would it help if I had one? I do have two other Windows 7 computers available, if they can help create an installation disk.

 

At the moment I think the biggest problem has been with Windows Explorer. If that worked, then I am hoping that I could run other programs you've suggested such as RogueKiller. Is there a way to focus on fixing Windows Explorer? (I imagine that's what we're already trying to do by running System File Checker).

 

Thanks for your help, Kevin!

 

Harriet

Link to post
Share on other sites

Yes running SFC would have helped by fixing system files that may have been corrupt or patched. I`ve just looked back over your thread, maybe another test worth running before we progress is chkdsk. As you`ve had to power off a few times it is possible your HD may have been damaged, chkdsk will check the filesystem and then scan the entire disk surface for sector errors and try to fix them.

 

Try opening an administrative command prompt. (Use Search in the Start menu, type cmd and then rightclick on the entry it finds and select "Run as Administrator".)

Once there, type chkdsk /r C:   (note the space between chkdsk and /r also the space between /r and C:) hit the enter key when the command is written..

 

This action can be extensive so may take an extended time to complete..... Let me know the result....

 

You mention having other PC`s available, if so it will be maybe worthwhile creating a System Repair CD. Instructions here: http://windows.microsoft.com/en-gb/windows7/create-a-system-repair-disc

 

Regards,

 

Kevin....

Link to post
Share on other sites

I misread your message and used the System Repair CD that I had previously created to boot from the CD to a command prompt, and ran chkdsk /r C: from there.

 

I didn't start from an administrative command prompt within Windows. Is that equally good? Could there be any harm in doing it this way?

 

Chkdsk says it's looking at 1582336 file records. But in about 30 minutes, it hasn't progressed beyond 0 percent complete, in stage 1. It says 87949 of 1582336 file records processed, but that number went from 87949 to 87965 in the past 15 minutes. It now lists four file record segments that are unreadable  betweem 87952 through 87955.

 

When I google "chkdsk running extremely slowly," I find lots of messages saying this seems like a bad hard drive.  I do have a backup of data files but not a ghost of the whole drive. I'm thinking it's time to get a new hard drive and re-install Windows - or at least reformat this drive and then see where things stand.

 

I've also read suggestions to find diagnostic programs from the hardware manufacturer of the hard drive. I have to see what hard drive I have. Going out now, back later.

 

Does this all make sense to you?

 

Harriet

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.