Jump to content

Recommended Posts

Hi guys and girls

I'm hoping someone can help me.
I believe there is a virus or infection in my laptop and it is preventing me from installing and running malwarebytes

I have followed the advice on this forum and downloaded and ran the Farbar recovery. It has given me the following files.

Please can someone help with this issue?

 

Thanks in advance for any and all help

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Lesley (administrator) on LESLEY-ACER on 19-07-2014 16:43:10
Running from C:\Users\Lesley\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Spotify Ltd) C:\Users\Lesley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [822816 2009-10-29] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-22] (Acer Corp.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [fst_gb_69] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2105457643-2191922377-1169254503-1001\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2105457643-2191922377-1169254503-1001\...\Run: [spotify Web Helper] => C:\Users\Lesley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-12] (Spotify Ltd)
HKU\S-1-5-21-2105457643-2191922377-1169254503-1001\...\MountPoints2: {56d211de-c0c8-11e2-8050-705ab616d325} - E:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll File Not Found
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groovorio.com/?f=1&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1QzuyByCtC0AtDyE0CtD0E0B0BtBtAtByB0CtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFtAtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyEyE0C0EtDtCtByEtGzz0BzytBtG0D0CtAyCtGyDzzyD0EtGtCzy0FtB0FtD0D0ByDtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzzyC0F0F0AtCtGzyzz0F0BtG0FyD0ByCtGyByDzz0DtGyB0E0Dzz0F0DzyyCtD0ByByC2Q&cr=326040651&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcVtuJ97e9gULnaMz44KVRGZNurSLupsveOICLKPgeEMQr85KVF6dVclepCEYTgzwSf7wyZl2IwASmZCp920nI_WJdWZ5Y4U8z7qIul9ETqzZOv4bo_b7N_RH0rWXuYfMRgoO5nSZIswE-f6QQqp0gR5vutdAI_nxoQLQ,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcVtuJ97e9gULnaMz44KVRGZNurSLupsveOICLKPgeEMQr85KVF6dVclepCEYTgzwSf7wyZl2IwASmZCp920nI_WJdWZ5Y4U8z7qIul9ETqzZOv4bo_b7N_RH0rWXuYfMRgoO5nSZIswE-f6QQqp0gR5vutdAI_nxoQLQ,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11471&tm=270&src=ds&p={searchTerms}
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcVtuJ97e9gULnaMz44KVRGZNurSLupsveOICLKPgeEMQr85KVF6dVclepCEYTgzwSf7wyZl2IwASmZCp920nI_WJdWZ5Y4U8z7qIul9ETqzZOv4bo_b7N_RH0rWXuYfMRgoO5nSZIswE-f6QQtpBKbbR6rUjdy4uKgmw,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcVtuJ97e9gULnaMz44KVRGZNurSLupsveOICLKPgeEMQr85KVF6dVclepCEYTgzwSf7wyZl2IwASmZCp920nI_WJdWZ5Y4U8z7qIul9ETqzZOv4bo_b7N_RH0rWXuYfMRgoO5nSZIswE-f6QQtpBKbbR6rUjdy4uKgmw,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1QzuyByCtC0AtDyE0CtD0E0B0BtBtAtByB0CtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFtAtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyEyE0C0EtDtCtByEtGzz0BzytBtG0D0CtAyCtGyDzzyD0EtGtCzy0FtB0FtD0D0ByDtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzzyC0F0F0AtCtGzyzz0F0BtG0FyD0ByCtGyByDzz0DtGyB0E0Dzz0F0DzyyCtD0ByByC2Q&cr=326040651&ir=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1QzuyByCtC0AtDyE0CtD0E0B0BtBtAtByB0CtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFtAtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyEyE0C0EtDtCtByEtGzz0BzytBtG0D0CtAyCtGyDzzyD0EtGtCzy0FtB0FtD0D0ByDtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzzyC0F0F0AtCtGzyzz0F0BtG0FyD0ByCtGyByDzz0DtGyB0E0Dzz0F0DzyyCtD0ByByC2Q&cr=326040651&ir=
SearchScopes: HKCU - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcVtuJ97e9gULnaMz44KVRGZNurSLupsveOICLKPgeEMQr85KVF6dVclepCEYTgzwSf7wyZl2IwASmZCp920nI_WJdWZ5Y4U8z7qIul9ETqzZOv4bo_b7N_RH0rWXuYfMRgoO5nSZIswE-f6QQqp0gR5vutdAI_nxoQLQ,,&q={searchTerms}
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - No Name - !{82E1477C-B154-48D3-9891-33D83C26BCD3} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - !{82E1477C-B154-48D3-9891-33D83C26BCD3} -  No File
Toolbar: HKCU - No Name - {42435041-3100-A76A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524
FF SearchEngineOrder.1: default-search.net
FF Homepage: https://www.google.co.uk/
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcVtuJ97e9gULnaMz44KVRGZNurSLupsveOICLKPgeEMQr85KVF6dVclepCEYTgzwSf7wyZl2IwASmZCp920nI_WJdWZ5Y4U8z7qIul9ETqzZOv4bo_b7N_RH0rWXuYfMRgoO5nSZIswE-f6QQqp0gR5vutdAI_nxoQLQ,,&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Lesley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF user.js: detected! => C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Adblock Plus - C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2011-10-31]

Chrome:
=======
CHR HomePage: hxxp://groovorio.com/?f=1&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1QzuyByCtC0AtDyE0CtD0E0B0BtBtAtByB0CtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFtAtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyEyE0C0EtDtCtByEtGzz0BzytBtG0D0CtAyCtGyDzzyD0EtGtCzy0FtB0FtD0D0ByDtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzzyC0F0F0AtCtGzyzz0F0BtG0FyD0ByCtGyByDzz0DtGyB0E0Dzz0F0DzyyCtD0ByByC2Q&cr=326040651&ir=
CHR StartupUrls: "hxxp://groovorio.com/?f=7&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1QzuyByCtC0AtDyE0CtD0E0B0BtBtAtByB0CtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFtAtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyEyE0C0EtDtCtByEtGzz0BzytBtG0D0CtAyCtGyDzzyD0EtGtCzy0FtB0FtD0D0ByDtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzzyC0F0F0AtCtGzyzz0F0BtG0FyD0ByCtGyByDzz0DtGyB0E0Dzz0F0DzyyCtD0ByByC2Q&cr=326040651&ir=",  "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcVtuJ97e9gULnaMz44KVRGZNurSLupsveOICLKPgeEMQr85KVF6dVclepCEYTgzwST-Ta2b_j-4LS0Hbba3qJqpZ8eIP79afn6QOQrFrXmSMf6vO82odQlfE4KykMtUjeUUIgvbCJCBATdhb6dhPYNor-D0JHwemDNRw,"
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider:       "name": "Groovorio"
CHR DefaultNewTabURL:
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (Skype Click to Call) - C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-17]
CHR Extension: (Google Wallet) - C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [947528 2011-03-18] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-06-13] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-18] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-18] (globalUpdate) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 16:43 - 2014-07-19 16:44 - 00022403 _____ () C:\Users\Lesley\Downloads\FRST.txt
2014-07-19 16:42 - 2014-07-19 16:43 - 00000000 ____D () C:\FRST
2014-07-19 16:42 - 2014-07-19 16:42 - 02089984 _____ (Farbar) C:\Users\Lesley\Downloads\FRST64.exe
2014-07-19 16:30 - 2014-07-19 16:30 - 00000056 _____ () C:\Windows\setupact.log
2014-07-19 16:30 - 2014-07-19 16:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-19 15:10 - 2014-07-19 15:11 - 04872677 _____ () C:\Users\Lesley\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-19 14:13 - 2014-07-19 14:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lesley\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-19 13:28 - 2014-07-19 13:28 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-19 11:34 - 2014-07-19 16:35 - 00000296 _____ () C:\Windows\Tasks\Groovorio Updater.job
2014-07-19 11:34 - 2014-07-19 11:34 - 00003244 _____ () C:\Windows\System32\Tasks\Groovorio Updater
2014-07-19 11:34 - 2014-07-19 11:34 - 00000000 ____D () C:\Users\Lesley\AppData\Roaming\GroovorioUpdater
2014-07-19 00:58 - 2014-07-19 00:58 - 00000000 ____D () C:\Users\Lesley\AppData\Local\LPT
2014-07-18 23:50 - 2014-07-18 23:50 - 00001168 _____ () C:\Users\Lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-18 22:37 - 2014-07-18 22:37 - 00949504 _____ () C:\Users\Lesley\Downloads\java_installer.exe
2014-07-18 18:27 - 2014-07-18 18:27 - 00000000 ____D () C:\Users\Lesley\AppData\Local\com
2014-07-18 18:26 - 2014-07-18 18:26 - 00002496 _____ () C:\Users\Lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-18 18:25 - 2014-07-19 16:30 - 00000888 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-18 18:25 - 2014-07-19 00:30 - 00000892 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-18 18:25 - 2014-07-18 18:25 - 00003890 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-18 18:25 - 2014-07-18 18:25 - 00003636 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-18 18:25 - 2014-07-18 18:25 - 00000000 ____D () C:\Users\Lesley\AppData\Local\globalUpdate
2014-07-18 18:25 - 2014-07-18 18:25 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-18 18:24 - 2014-07-19 13:26 - 00000000 ____D () C:\Users\Lesley\AppData\Local\WeatherAlerts
2014-07-18 18:23 - 2014-07-18 18:23 - 01385040 _____ () C:\Users\Lesley\Downloads\Player_Setup.exe
2014-07-18 18:08 - 2014-07-18 18:09 - 14324706 _____ () C:\Users\Lesley\Downloads\book246_pdf.zip
2014-07-08 23:58 - 2014-07-08 23:58 - 00000000 ____D () C:\03986142ab9f920657d70c98
2014-07-08 23:53 - 2014-06-30 03:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 23:53 - 2014-06-30 03:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 23:51 - 2014-06-20 21:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 23:51 - 2014-06-20 20:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 23:51 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 23:51 - 2014-06-19 02:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 23:51 - 2014-06-19 02:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 23:51 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 23:51 - 2014-06-19 01:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 23:51 - 2014-06-19 01:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 23:51 - 2014-06-19 01:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 23:51 - 2014-06-19 01:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 23:51 - 2014-06-19 01:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 23:51 - 2014-06-19 01:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 23:51 - 2014-06-19 01:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 23:51 - 2014-06-19 01:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 23:51 - 2014-06-19 01:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 23:51 - 2014-06-19 01:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 23:51 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 23:51 - 2014-06-19 01:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 23:51 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 23:51 - 2014-06-19 00:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 23:51 - 2014-06-19 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 23:51 - 2014-06-19 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 23:51 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 23:51 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 23:51 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 23:51 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 23:51 - 2014-06-19 00:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 23:51 - 2014-06-19 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 23:51 - 2014-06-19 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 23:51 - 2014-06-19 00:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 23:51 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 23:51 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 23:51 - 2014-06-19 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 23:51 - 2014-06-19 00:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 23:51 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 23:51 - 2014-06-19 00:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 23:51 - 2014-06-19 00:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 23:51 - 2014-06-19 00:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 23:51 - 2014-06-19 00:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 23:51 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 23:51 - 2014-06-19 00:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 23:51 - 2014-06-19 00:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 23:51 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 23:51 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 23:51 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 23:51 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 23:51 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 23:51 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 23:51 - 2014-06-18 23:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 23:51 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 23:51 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 23:51 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 23:51 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 23:51 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 23:51 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 23:51 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 23:51 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 23:51 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 23:51 - 2014-06-18 02:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 23:51 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 23:51 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 23:51 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 23:48 - 2014-06-05 15:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 23:48 - 2014-06-05 15:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 23:48 - 2014-06-05 15:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-30 13:47 - 2014-06-30 13:47 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-06-30 13:47 - 2014-06-30 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-06-30 13:46 - 2014-06-30 13:46 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-30 13:43 - 2014-06-30 13:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-06-23 08:06 - 2014-06-23 08:06 - 00000000 ____D () C:\Users\Lesley\AppData\Local\{5A9F05D8-6BDD-4D64-9BF6-FA7D7560A984}
2014-06-20 16:25 - 2014-06-20 16:25 - 00000000 ____D () C:\Windows\CheckSur

==================== One Month Modified Files and Folders =======

2014-07-19 16:44 - 2014-07-19 16:43 - 00022403 _____ () C:\Users\Lesley\Downloads\FRST.txt
2014-07-19 16:44 - 2009-11-03 05:32 - 00000000 ____D () C:\ProgramData\Temp
2014-07-19 16:43 - 2014-07-19 16:42 - 00000000 ____D () C:\FRST
2014-07-19 16:42 - 2014-07-19 16:42 - 02089984 _____ (Farbar) C:\Users\Lesley\Downloads\FRST64.exe
2014-07-19 16:38 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 16:38 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 16:35 - 2014-07-19 11:34 - 00000296 _____ () C:\Windows\Tasks\Groovorio Updater.job
2014-07-19 16:33 - 2009-12-29 22:56 - 02042837 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 16:30 - 2014-07-19 16:30 - 00000056 _____ () C:\Windows\setupact.log
2014-07-19 16:30 - 2014-07-19 16:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-19 16:30 - 2014-07-18 18:25 - 00000888 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-19 16:30 - 2013-06-03 12:20 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-07-19 16:30 - 2012-07-05 20:11 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-19 16:30 - 2011-04-25 21:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 16:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 16:27 - 2013-10-03 13:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-19 16:27 - 2013-01-18 18:49 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 16:25 - 2012-04-05 22:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 16:06 - 2011-04-25 21:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 15:35 - 2013-06-12 21:30 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001UA.job
2014-07-19 15:12 - 2011-09-15 23:20 - 00000000 ____D () C:\Users\Lesley\Desktop\Tim Folder
2014-07-19 15:11 - 2014-07-19 15:10 - 04872677 _____ () C:\Users\Lesley\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-19 14:35 - 2013-10-03 12:20 - 00005434 _____ () C:\Windows\wininit.ini
2014-07-19 14:17 - 2014-07-19 14:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lesley\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-19 13:43 - 2014-03-05 13:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-19 13:28 - 2014-07-19 13:28 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-19 13:26 - 2014-07-18 18:24 - 00000000 ____D () C:\Users\Lesley\AppData\Local\WeatherAlerts
2014-07-19 13:23 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-19 11:34 - 2014-07-19 11:34 - 00003244 _____ () C:\Windows\System32\Tasks\Groovorio Updater
2014-07-19 11:34 - 2014-07-19 11:34 - 00000000 ____D () C:\Users\Lesley\AppData\Roaming\GroovorioUpdater
2014-07-19 11:32 - 2013-05-10 09:22 - 00000000 ____D () C:\Users\Lesley\Desktop\Kira
2014-07-19 00:58 - 2014-07-19 00:58 - 00000000 ____D () C:\Users\Lesley\AppData\Local\LPT
2014-07-19 00:30 - 2014-07-18 18:25 - 00000892 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-18 23:50 - 2014-07-18 23:50 - 00001168 _____ () C:\Users\Lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-18 22:56 - 2013-06-01 15:39 - 00000000 ____D () C:\Users\Lesley\AppData\Roaming\vlc
2014-07-18 22:37 - 2014-07-18 22:37 - 00949504 _____ () C:\Users\Lesley\Downloads\java_installer.exe
2014-07-18 22:11 - 2013-06-12 21:30 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001Core.job
2014-07-18 18:27 - 2014-07-18 18:27 - 00000000 ____D () C:\Users\Lesley\AppData\Local\com
2014-07-18 18:26 - 2014-07-18 18:26 - 00002496 _____ () C:\Users\Lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-18 18:26 - 2011-06-20 22:22 - 00002245 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 18:25 - 2014-07-18 18:25 - 00003890 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-18 18:25 - 2014-07-18 18:25 - 00003636 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-18 18:25 - 2014-07-18 18:25 - 00000000 ____D () C:\Users\Lesley\AppData\Local\globalUpdate
2014-07-18 18:25 - 2014-07-18 18:25 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-18 18:23 - 2014-07-18 18:23 - 01385040 _____ () C:\Users\Lesley\Downloads\Player_Setup.exe
2014-07-18 18:09 - 2014-07-18 18:08 - 14324706 _____ () C:\Users\Lesley\Downloads\book246_pdf.zip
2014-07-17 21:28 - 2013-06-16 13:38 - 00000388 _____ () C:\Windows\Tasks\RegTask.job
2014-07-17 11:38 - 2013-12-10 23:40 - 00000000 ____D () C:\Users\Lesley\AppData\Roaming\PrimoPDF
2014-07-10 00:25 - 2012-04-05 22:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 00:25 - 2012-04-05 22:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 00:25 - 2011-06-21 10:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 11:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 10:50 - 2009-07-14 05:45 - 00345024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 07:46 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 07:46 - 2009-07-14 08:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 07:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 07:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-08 23:58 - 2014-07-08 23:58 - 00000000 ____D () C:\03986142ab9f920657d70c98
2014-07-08 23:58 - 2013-07-13 18:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 23:58 - 2010-10-12 21:36 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-01 01:37 - 2013-12-19 11:49 - 00000000 ____D () C:\Users\Lesley\AppData\Local\Paint.NET
2014-06-30 16:10 - 2010-10-07 21:21 - 00080000 _____ () C:\Users\Lesley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-30 16:05 - 2013-07-20 17:59 - 01499136 ___SH () C:\Users\Lesley\Desktop\Thumbs.db
2014-06-30 13:47 - 2014-06-30 13:47 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-06-30 13:47 - 2014-06-30 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-06-30 13:46 - 2014-06-30 13:46 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-30 13:43 - 2014-06-30 13:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-06-30 03:09 - 2014-07-08 23:53 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 03:04 - 2014-07-08 23:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 13:09 - 2010-10-14 19:46 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-23 20:01 - 2011-04-25 21:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 20:01 - 2011-04-25 21:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-23 08:06 - 2014-06-23 08:06 - 00000000 ____D () C:\Users\Lesley\AppData\Local\{5A9F05D8-6BDD-4D64-9BF6-FA7D7560A984}
2014-06-21 16:10 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-20 21:14 - 2014-07-08 23:51 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 20:39 - 2014-07-08 23:51 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 16:25 - 2014-06-20 16:25 - 00000000 ____D () C:\Windows\CheckSur
2014-06-19 02:39 - 2014-07-08 23:51 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 02:06 - 2014-07-08 23:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 02:06 - 2014-07-08 23:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 01:48 - 2014-07-08 23:51 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 01:42 - 2014-07-08 23:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 01:42 - 2014-07-08 23:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 01:41 - 2014-07-08 23:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 01:41 - 2014-07-08 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 01:32 - 2014-07-08 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 01:31 - 2014-07-08 23:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 01:26 - 2014-07-08 23:51 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 01:24 - 2014-07-08 23:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 01:24 - 2014-07-08 23:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 01:23 - 2014-07-08 23:51 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 01:16 - 2014-07-08 23:51 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 01:14 - 2014-07-08 23:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 01:09 - 2014-07-08 23:51 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 00:59 - 2014-07-08 23:51 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 00:56 - 2014-07-08 23:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 00:53 - 2014-07-08 23:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 00:51 - 2014-07-08 23:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 00:50 - 2014-07-08 23:51 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 00:48 - 2014-07-08 23:51 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 00:39 - 2014-07-08 23:51 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 00:38 - 2014-07-08 23:51 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 00:37 - 2014-07-08 23:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 00:36 - 2014-07-08 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 00:35 - 2014-07-08 23:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 00:33 - 2014-07-08 23:51 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 00:32 - 2014-07-08 23:51 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 00:28 - 2014-07-08 23:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 00:28 - 2014-07-08 23:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 00:27 - 2014-07-08 23:51 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 00:27 - 2014-07-08 23:51 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 00:25 - 2014-07-08 23:51 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 00:23 - 2014-07-08 23:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 00:22 - 2014-07-08 23:51 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 00:12 - 2014-07-08 23:51 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 00:06 - 2014-07-08 23:51 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 00:01 - 2014-07-08 23:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 11:19

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by Lesley at 2014-07-19 16:45:15
Running from C:\Users\Lesley\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Internet Security 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 (Disabled) {621CC794-9486-F902-D092-0484E8EA828B}

==================== Installed Programs ======================

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AVG 2012 (HKLM\...\AVG) (Version: 2012.0.2221 - AVG Technologies)
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2637 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.15.1 - Synaptics Incorporated)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

17-06-2014 15:43:03 Restore Operation
18-06-2014 05:27:25 Windows Update
20-06-2014 15:25:37 Windows Update
27-06-2014 16:37:31 Scheduled Checkpoint
30-06-2014 12:45:42 DCInstallRestorePoint
08-07-2014 22:56:40 Windows Update
09-07-2014 06:44:30 Windows Update
16-07-2014 22:42:50 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-10-03 14:24 - 00450636 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {011A58F3-76B4-4764-9A7F-BAA1AE5E1ED9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {06F67644-2CAD-4B13-BAFD-133C575652B7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {09E3C3DE-402E-456F-A99B-8978926A7A70} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-18] (globalUpdate) <==== ATTENTION
Task: {170472E2-E53C-45FD-A633-6E3012F6D146} - System32\Tasks\Groovorio Updater => C:\Users\Lesley\AppData\Roaming\GroovorioUpdater\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {1792BE74-B273-48C6-9B9A-9E303818172F} - System32\Tasks\RegTask => C:\Program Files (x86)\RegTask\RegTask.exe
Task: {1A12B977-B5CD-480F-A1CC-4B42D7FFF12E} - \DSite No Task File <==== ATTENTION
Task: {2B64D353-D7F0-4A07-921E-4591CF496011} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {3FEC1DE7-AF20-4CD4-BD6E-9D2CC773B9DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {45651AB4-7DFA-4767-A055-F09C0B5986FC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001UA => C:\Users\Lesley\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {58DF46D0-64E6-414D-90C8-DAE67F554420} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001Core => C:\Users\Lesley\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5AF42912-4D95-48FA-9C4E-4E7EEBB85C5E} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-18] (globalUpdate) <==== ATTENTION
Task: {8435822C-1749-43F6-8DB9-670F924B22D5} - System32\Tasks\{CFF87891-D582-4415-AA0A-A4F508A5D932} => Firefox.exe http://ui.skype.com/ui/0/6.3.0.105/en/abandoninstall?page=tsProgressBar
Task: {870B774A-8C86-429F-9CB0-555D95ACD791} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{2DDED61D-FB39-4DBE-95E2-25CEC22414C5}.exe
Task: {9486112B-3DB8-4789-8325-4D1C0539CA28} - System32\Tasks\{5B0920DE-2259-442E-A1C4-DD343DCA9C20} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-03-01] (Skype Technologies S.A.)
Task: {A15048B8-7E62-410A-A8D7-E707232BCADE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A5FDD733-1FC7-451F-9D6C-DF5B92C7157A} - System32\Tasks\{6F779F99-4A35-4FA5-A020-C1180D4BFE6E} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/es/abandoninstall?page=tsMain
Task: {AA1B7833-F108-4ECF-89B9-E4FCC5E8107E} - System32\Tasks\{C7BEA79D-44E5-4850-8570-8E2ADE8F32AF} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.120/en/abandoninstall?source=lightinstaller&page=tsBing
Task: {B69F9C47-E5FD-4784-8B59-033BCFF39ADB} - \Dealply No Task File <==== ATTENTION
Task: {B826B514-9357-42CA-BA72-3403F4E809C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: {C4E4EEDE-53A4-4B53-A126-5D9EDCF3C193} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {C550A9A5-C2E4-451E-8580-3BF1C443AB5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {CCB98A60-5957-456D-8CC4-EB96479407B0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2105457643-2191922377-1169254503-1001
Task: {E0CF8434-8B1E-4673-A5B8-C0D3BD7CAA1E} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Lesley Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
Task: {F62F04C5-46E4-4B97-8652-7A91A3F1DF93} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {FECD5787-8FB1-4529-BC67-3DFC9E3F215E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{2DDED61D-FB39-4DBE-95E2-25CEC22414C5}.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001Core.job => C:\Users\Lesley\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001UA.job => C:\Users\Lesley\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Groovorio Updater.job => C:\Users\Lesley\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\RegTask.job => C:\Program Files (x86)\RegTask\RegTask.exe

==================== Loaded Modules (whitelisted) =============

2013-12-10 23:40 - 2011-02-28 23:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2012-01-25 00:12 - 2011-11-03 18:21 - 00350024 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
2012-01-25 00:12 - 2011-11-03 18:21 - 00184136 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
2012-01-25 00:12 - 2011-11-03 18:21 - 00050504 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
2014-05-10 09:18 - 2014-06-18 17:53 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-10 00:25 - 2014-07-10 00:25 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\Users\Lesley\Documents\attachment.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2014 04:31:06 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/19/2014 04:31:06 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/19/2014 04:31:06 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/19/2014 04:31:06 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/19/2014 04:31:01 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/19/2014 04:31:01 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/19/2014 04:31:01 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/19/2014 04:31:01 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/19/2014 04:31:01 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

Error: (07/19/2014 04:31:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (4044) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00625.log.


System errors:
=============
Error: (07/19/2014 04:31:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/19/2014 04:31:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/19/2014 04:31:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (07/19/2014 04:30:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error: (07/19/2014 04:30:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVG WatchDog service terminated with service-specific error %%-536805315.

Error: (07/19/2014 02:39:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/19/2014 02:37:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error: (07/19/2014 02:37:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVG WatchDog service terminated with service-specific error %%-536805315.

Error: (07/19/2014 02:37:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%2

Error: (07/19/2014 01:47:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 4025.98 MB
Available physical RAM: 2296.84 MB
Total Pagefile: 8050.13 MB
Available Pagefile: 6152.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:285.99 GB) (Free:209.88 GB) NTFS
Drive d: (LOTR_TWO_TOWERS_SEE_D1) (CDROM) (Total:6.41 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E8D2BF38)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Step 2

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop

  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.
Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.

    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.

    Give the program a few seconds to appear.

  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.

    FFdefaults;CHRdefaults;iedefaults;emptyclsid;autoclean;
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.
Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.

    Please copy and paste the log in your next reply.

Link to post
Share on other sites

Hiya Jürgen

 

Thanks for your quick reply. I've followed your instructions and copied and pasted the log files here.

No problems, but I did accidently run the ADWCleaner scan twice (both log files are here). Hope that won't cause any issues.

 

I look forward to hearing your repy about my system.

 

# AdwCleaner v3.216 - Report created 19/07/2014 at 19:11:46
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lesley - LESLEY-ACER
# Running from : C:\Users\Lesley\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Uninstaller
Folder Deleted : C:\Users\Lesley\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Lesley\AppData\Local\LPT
Folder Deleted : C:\Users\Lesley\AppData\Local\Tuguu_SL
Folder Deleted : C:\Users\Lesley\AppData\Local\WeatherAlerts
Folder Deleted : C:\Users\Lesley\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Lesley\AppData\Roaming\Solvusoft
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Lesley\daemonprocess.txt
File Deleted : C:\Users\Lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml
File Deleted : C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524\searchplugins\Web Search.xml
File Deleted : C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524\user.js
File Deleted : C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\ht12gc1q.default-1377021369491\user.js
File Deleted : C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\Lesley\user.js
File Deleted : C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\3c26ckff.default\user.js
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA

***** [ Shortcuts ] *****

# AdwCleaner v3.216 - Report created 19/07/2014 at 19:13:30
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lesley - LESLEY-ACER
# Running from : C:\Users\Lesley\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [LManager]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\FreeSoftToday
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKLM\Software\Tutorials
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "default-search.net");
Line Deleted : user_pref("extensions.crossrider.bic", "144a6af7590720cc7cd00602a500e21e");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.helperbar.backPageCapacity", 3);
Line Deleted : user_pref("extensions.helperbar.backPageCounter", 0);
Line Deleted : user_pref("extensions.helperbar.backPageDay", 18);
Line Deleted : user_pref("extensions.helperbar.backPageLastEvent", "1405531639066");
Line Deleted : user_pref("extensions.helperbar.backPageMinInterval", 15);
Line Deleted : user_pref("extensions.helperbar.barcodeid", "145696");
Line Deleted : user_pref("extensions.helperbar.countryiso", "gb");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "yahootu");
Line Deleted : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\",\\\".search.yahoo.com\\\\\\/yhs\\\\\\/search?hspart=lkry\\\",\\\"www.only-apart[...]
Line Deleted : user_pref("extensions.helperbar.fromautoupdate", "false");
Line Deleted : user_pref("extensions.helperbar.installationid", "52724f3c-107d-fe6c-d7ec-d1a8a439fedc");
Line Deleted : user_pref("extensions.helperbar.installdate", "18/07/2014");
Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1405704429");
Line Deleted : user_pref("extensions.helperbar.lastExternalJsUpdate", "1405704483230");
Line Deleted : user_pref("extensions.helperbar.publisher", "yahootu");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcVtuJ97e9gULnaMz44KVRGZNurSLupsveOICLKPgeEMQr85KVF6dVclepCEYTgzwSf7wyZl2IwASmZCp920nI_W[...]

[ File : C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\ht12gc1q.default-1377021369491\prefs.js ]


[ File : C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\Lesley\prefs.js ]


[ File : C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\3c26ckff.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11471&tm=270&src=ds&p={searchTerms}
Deleted [startup_urls] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcVtuJ97e9gULnaMz44KVRGZNurSLupsveOICLKPgeEMQr85KVF6dVclepCEYTgzwST-Ta2b_j-4LS0Hbba3qJqpZ8eIP79afn6QOQrFrXmSMf6vO82odQlfE4KykMtUjeUUIgvbCJCBATdhb6dhPYNor-D0JHwemDNRw,

*************************

AdwCleaner[0].txt - [12596 octets] - [03/10/2013 16:15:05]
AdwCleaner[R0].txt - [23918 octets] - [05/03/2014 13:25:38]
AdwCleaner[R1].txt - [11063 octets] - [19/07/2014 19:01:56]
AdwCleaner[R2].txt - [9239 octets] - [19/07/2014 19:12:46]
AdwCleaner[s0].txt - [22384 octets] - [05/03/2014 13:26:33]
AdwCleaner[s1].txt - [2073 octets] - [19/07/2014 19:11:46]
AdwCleaner[s2].txt - [7367 octets] - [19/07/2014 19:13:30]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [7427 octets] ##########
 

 

Zoek.exe v5.0.0.0 Updated 16-07-2014
Tool run by Lesley on 19/07/2014 at 19:20:44.65.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Lesley\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

19/07/2014 19:23:06 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2105457643-2191922377-1169254503-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} deleted successfully
HKEY_USERS\S-1-5-21-2105457643-2191922377-1169254503-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2105457643-2191922377-1169254503-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42435041-3100-A76A-76A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.co.uk/");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\ht12gc1q.default-1377021369491\prefs.js:
user_pref("browser.startup.homepage", "http://groovorio.com/?f=1&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1QzuyByCtC0AtDyE0CtD0E0B0BtBtAtByB0CtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFtAtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyEyE0C0EtDtCtByEtGzz0BzytBtG0D0CtAyCtGyDzzyD0EtGtCzy0FtB0FtD0D0ByDtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzzyC0F0F0AtCtGzyzz0F0BtG0FyD0ByCtGyByDzz0DtGyB0E0Dzz0F0DzyyCtD0ByByC2Q&cr=326040651&ir=");
user_pref("browser.search.selectedEngine", "Groovorio");

Added to C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\ht12gc1q.default-1377021369491\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\Lesley\prefs.js:
user_pref("browser.startup.homepage", "http://groovorio.com/?f=1&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1QzuyByCtC0AtDyE0CtD0E0B0BtBtAtByB0CtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFtAtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyEyE0C0EtDtCtByEtGzz0BzytBtG0D0CtAyCtGyDzzyD0EtGtCzy0FtB0FtD0D0ByDtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzzyC0F0F0AtCtGzyzz0F0BtG0FyD0ByCtGyByDzz0DtGyB0E0Dzz0F0DzyyCtD0ByByC2Q&cr=326040651&ir=");
user_pref("browser.search.selectedEngine", "Groovorio");

Added to C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\Lesley\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\Lesley\AppData\Roaming\Mozilla\Profiles\fsb2a4ww.Lesley\prefs.js:
user_pref("browser.startup.homepage", );

Added to C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\Lesley\AppData\Roaming\Mozilla\Profiles\fsb2a4ww.Lesley\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\3c26ckff.default\prefs.js:
user_pref("browser.startup.homepage", "http://groovorio.com/?f=1&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1QzuyByCtC0AtDyE0CtD0E0B0BtBtAtByB0CtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFtAtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyEyE0C0EtDtCtByEtGzz0BzytBtG0D0CtAyCtGyDzzyD0EtGtCzy0FtB0FtD0D0ByDtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzzyC0F0F0AtCtGzyzz0F0BtG0FyD0ByCtGyByDzz0DtGyB0E0Dzz0F0DzyyCtD0ByByC2Q&cr=326040651&ir=");
user_pref("browser.search.selectedEngine", "Groovorio");

Added to C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\3c26ckff.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_072014_1940_.backup

ProfilePath: C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\ht12gc1q.default-1377021369491

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_072014_1940_.backup

ProfilePath: C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\Lesley

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_072014_1940_.backup

ProfilePath: C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\Lesley\AppData\Roaming\Mozilla\Profiles\fsb2a4ww.Lesley

---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "5485327c000000000000761a04c0ebb2");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15936");
user_pref("extensions.delta.vrsn", "1.8.24.5");
user_pref("extensions.delta.vrsni", "1.8.24.5");
user_pref("extensions.delta.vrsnTs", "1.8.24.521:48:50");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4979");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);

---- FireFox user.js and prefs.js backups ----

user_072014_1940_.backup
prefs_072014_1940_.backup

ProfilePath: C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\3c26ckff.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_072014_1940_.backup

==== Deleting Files \ Folders ======================

C:\Users\Lesley\.android deleted
C:\PROGRA~2\Coupon Printer deleted
C:\Users\Lesley\AppData\Roaming\cbl32.dll deleted
C:\PROGRA~3\Excellent4App deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\SummerSoft deleted
C:\Users\Lesley\AppData\Local\avgchrome deleted
C:\Users\Lesley\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer deleted
C:\Users\Lesley\Searches deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\wininit.ini deleted
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted
C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\ht12gc1q.default-1377021369491\extensions\staged deleted
C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\Lesley\extensions\staged deleted
C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\3c26ckff.default\extensions\staged deleted
C:\Users\Default\AppData\Roaming\gacutil.exe deleted
C:\Users\Default\AppData\Roaming\PnPutil.exe deleted
C:\Users\TEST\AppData\Roaming\gacutil.exe deleted
C:\Users\TEST\AppData\Roaming\PnPutil.exe deleted
C:\Users\Lesley\Downloads\dreamcatcher-spa-5122151.exe deleted
"C:\Windows\Installer\2a9198.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files (x86)\AVG\AVG2012\Firefox4" [19/01/2013 02:47]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524
4390CCD3790F8D9C427C0C29590C62D7    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll -    Shockwave Flash
0C0C5C207121C7A78414A8250E8E099A    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll -    Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blmchfpimpbbdmgpcieclabeafkljbhm - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[14/05/2013 13:27]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
blmchfpimpbbdmgpcieclabeafkljbhm - No path found[]

Google Voice Search Hotword (Beta) - Lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Skype Click to Call - Lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chrome Fix ======================

C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmchfpimpbbdmgpcieclabeafkljbhm_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://groovorio.com/?f=1&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1QzuyByCtC0AtDyE0CtD0E0B0BtBtAtByB0CtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFtAtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyEyE0C0EtDtCtByEtGzz0BzytBtG0D0CtAyCtGyDzzyD0EtGtCzy0FtB0FtD0D0ByDtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzzyC0F0F0AtCtGzyzz0F0BtG0FyD0ByCtGyByDzz0DtGyB0E0Dzz0F0DzyyCtD0ByByC2Q&cr=326040651&ir="
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://groovorio.com/?f=1&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1QzuyByCtC0AtDyE0CtD0E0B0BtBtAtByB0CtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFtAtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyEyE0C0EtDtCtByEtGzz0BzytBtG0D0CtAyCtGyDzzyD0EtGtCzy0FtB0FtD0D0ByDtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzzyC0F0F0AtCtGzyzz0F0BtG0FyD0ByCtGyByDzz0DtGyB0E0Dzz0F0DzyyCtD0ByByC2Q&cr=326040651&ir="
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Reset Google Chrome ======================

C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A3C14B8429A918B46B359CF7BE589C01 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\78d2d94e-8239-49e9-9a1b-5c22c5aaf97a deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A3C14B8429A918B46B359CF7BE589C01 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lesley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lesley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\TEST\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Lesley\AppData\Local\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524\Cache emptied successfully
C:\Users\TEST\AppData\Local\Mozilla\Firefox\Profiles\3c26ckff.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=501 folders=91 13914933 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Lesley\AppData\Local\Temp will be emptied at reboot
C:\Users\TEST\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Lesley\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 19/07/2014 at 19:47:43.12 ======================
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Lesley (administrator) on LESLEY-ACER on 19-07-2014 19:52:03
Running from C:\Users\Lesley\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Spotify Ltd) C:\Users\Lesley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [822816 2009-10-29] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-22] (Acer Corp.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [fst_gb_69] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2105457643-2191922377-1169254503-1001\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2105457643-2191922377-1169254503-1001\...\Run: [spotify Web Helper] => C:\Users\Lesley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-12] (Spotify Ltd)
HKU\S-1-5-21-2105457643-2191922377-1169254503-1001\...\MountPoints2: {56d211de-c0c8-11e2-8050-705ab616d325} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groovorio.com/?f=1&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1QzuyByCtC0AtDyE0CtD0E0B0BtBtAtByB0CtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFtAtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyEyE0C0EtDtCtByEtGzz0BzytBtG0D0CtAyCtGyDzzyD0EtGtCzy0FtB0FtD0D0ByDtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzzyC0F0F0AtCtGzyzz0F0BtG0FyD0ByCtGyByDzz0DtGyB0E0Dzz0F0DzyyCtD0ByByC2Q&cr=326040651&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Lesley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Adblock Plus - C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2011-10-31]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (Skype Click to Call) - C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-17]
CHR Extension: (Google Wallet) - C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [947528 2011-03-18] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-06-13] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 19:52 - 2014-07-19 19:52 - 00016298 _____ () C:\Users\Lesley\Desktop\FRST.txt
2014-07-19 19:48 - 2014-07-19 19:48 - 00023764 _____ () C:\Users\Lesley\Desktop\zoek-results.txt
2014-07-19 19:46 - 2014-07-19 19:20 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-19 19:22 - 2014-07-19 19:47 - 00023764 _____ () C:\zoek-results.log
2014-07-19 19:20 - 2014-07-19 19:44 - 00000000 ____D () C:\zoek_backup
2014-07-19 19:19 - 2014-07-19 19:19 - 01287168 _____ () C:\Users\Lesley\Desktop\zoek.exe
2014-07-19 19:18 - 2014-07-19 19:18 - 00002073 _____ () C:\Users\Lesley\Desktop\AdwCleaner[s1].txt
2014-07-19 19:16 - 2014-07-19 19:16 - 00007519 _____ () C:\Users\Lesley\Desktop\AdwCleaner[s2].txt
2014-07-19 19:14 - 2014-07-19 19:47 - 00000648 _____ () C:\Windows\PFRO.log
2014-07-19 19:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-19 18:59 - 2014-07-19 18:59 - 01354223 _____ () C:\Users\Lesley\Desktop\AdwCleaner.exe
2014-07-19 16:45 - 2014-07-19 16:46 - 00019672 _____ () C:\Users\Lesley\Downloads\Addition.txt
2014-07-19 16:43 - 2014-07-19 16:46 - 00049506 _____ () C:\Users\Lesley\Downloads\FRST.txt
2014-07-19 16:42 - 2014-07-19 19:52 - 00000000 ____D () C:\FRST
2014-07-19 16:42 - 2014-07-19 16:42 - 02089984 _____ (Farbar) C:\Users\Lesley\Desktop\FRST64.exe
2014-07-19 16:30 - 2014-07-19 19:47 - 00000224 _____ () C:\Windows\setupact.log
2014-07-19 16:30 - 2014-07-19 16:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-19 15:10 - 2014-07-19 15:11 - 04872677 _____ () C:\Users\Lesley\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-19 14:13 - 2014-07-19 14:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lesley\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-19 11:34 - 2014-07-19 19:35 - 00000296 _____ () C:\Windows\Tasks\Groovorio Updater.job
2014-07-19 11:34 - 2014-07-19 11:34 - 00003244 _____ () C:\Windows\System32\Tasks\Groovorio Updater
2014-07-19 11:34 - 2014-07-19 11:34 - 00000000 ____D () C:\Users\Lesley\AppData\Roaming\GroovorioUpdater
2014-07-18 23:50 - 2014-07-18 23:50 - 00001168 _____ () C:\Users\Lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-18 22:37 - 2014-07-18 22:37 - 00949504 _____ () C:\Users\Lesley\Downloads\java_installer.exe
2014-07-18 18:27 - 2014-07-18 18:27 - 00000000 ____D () C:\Users\Lesley\AppData\Local\com
2014-07-18 18:23 - 2014-07-18 18:23 - 01385040 _____ () C:\Users\Lesley\Downloads\Player_Setup.exe
2014-07-18 18:08 - 2014-07-18 18:09 - 14324706 _____ () C:\Users\Lesley\Downloads\book246_pdf.zip
2014-07-08 23:58 - 2014-07-08 23:58 - 00000000 ____D () C:\03986142ab9f920657d70c98
2014-07-08 23:53 - 2014-06-30 03:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 23:53 - 2014-06-30 03:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 23:51 - 2014-06-20 21:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 23:51 - 2014-06-20 20:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 23:51 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 23:51 - 2014-06-19 02:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 23:51 - 2014-06-19 02:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 23:51 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 23:51 - 2014-06-19 01:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 23:51 - 2014-06-19 01:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 23:51 - 2014-06-19 01:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 23:51 - 2014-06-19 01:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 23:51 - 2014-06-19 01:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 23:51 - 2014-06-19 01:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 23:51 - 2014-06-19 01:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 23:51 - 2014-06-19 01:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 23:51 - 2014-06-19 01:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 23:51 - 2014-06-19 01:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 23:51 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 23:51 - 2014-06-19 01:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 23:51 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 23:51 - 2014-06-19 00:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 23:51 - 2014-06-19 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 23:51 - 2014-06-19 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 23:51 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 23:51 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 23:51 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 23:51 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 23:51 - 2014-06-19 00:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 23:51 - 2014-06-19 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 23:51 - 2014-06-19 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 23:51 - 2014-06-19 00:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 23:51 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 23:51 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 23:51 - 2014-06-19 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 23:51 - 2014-06-19 00:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 23:51 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 23:51 - 2014-06-19 00:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 23:51 - 2014-06-19 00:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 23:51 - 2014-06-19 00:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 23:51 - 2014-06-19 00:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 23:51 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 23:51 - 2014-06-19 00:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 23:51 - 2014-06-19 00:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 23:51 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 23:51 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 23:51 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 23:51 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 23:51 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 23:51 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 23:51 - 2014-06-18 23:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 23:51 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 23:51 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 23:51 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 23:51 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 23:51 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 23:51 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 23:51 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 23:51 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 23:51 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 23:51 - 2014-06-18 02:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 23:51 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 23:51 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 23:51 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 23:48 - 2014-06-05 15:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 23:48 - 2014-06-05 15:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 23:48 - 2014-06-05 15:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-30 13:47 - 2014-06-30 13:47 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-06-30 13:47 - 2014-06-30 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-06-30 13:46 - 2014-06-30 13:46 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-30 13:43 - 2014-06-30 13:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-06-20 16:25 - 2014-06-20 16:25 - 00000000 ____D () C:\Windows\CheckSur

==================== One Month Modified Files and Folders =======

2014-07-19 19:53 - 2014-07-19 19:52 - 00016298 _____ () C:\Users\Lesley\Desktop\FRST.txt
2014-07-19 19:53 - 2009-11-03 05:32 - 00000000 ____D () C:\ProgramData\Temp
2014-07-19 19:52 - 2014-07-19 16:42 - 00000000 ____D () C:\FRST
2014-07-19 19:48 - 2014-07-19 19:48 - 00023764 _____ () C:\Users\Lesley\Desktop\zoek-results.txt
2014-07-19 19:47 - 2014-07-19 19:22 - 00023764 _____ () C:\zoek-results.log
2014-07-19 19:47 - 2014-07-19 19:14 - 00000648 _____ () C:\Windows\PFRO.log
2014-07-19 19:47 - 2014-07-19 16:30 - 00000224 _____ () C:\Windows\setupact.log
2014-07-19 19:47 - 2012-07-05 20:11 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-19 19:47 - 2011-04-25 21:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 19:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 19:46 - 2009-12-29 22:56 - 02060136 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 19:44 - 2014-07-19 19:20 - 00000000 ____D () C:\zoek_backup
2014-07-19 19:41 - 2010-10-07 21:21 - 00000000 ____D () C:\Users\Lesley
2014-07-19 19:35 - 2014-07-19 11:34 - 00000296 _____ () C:\Windows\Tasks\Groovorio Updater.job
2014-07-19 19:25 - 2012-04-05 22:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 19:22 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 19:22 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 19:20 - 2014-07-19 19:46 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-19 19:19 - 2014-07-19 19:19 - 01287168 _____ () C:\Users\Lesley\Desktop\zoek.exe
2014-07-19 19:18 - 2014-07-19 19:18 - 00002073 _____ () C:\Users\Lesley\Desktop\AdwCleaner[s1].txt
2014-07-19 19:16 - 2014-07-19 19:16 - 00007519 _____ () C:\Users\Lesley\Desktop\AdwCleaner[s2].txt
2014-07-19 19:13 - 2013-10-03 16:14 - 00000000 ____D () C:\AdwCleaner
2014-07-19 19:07 - 2011-04-25 21:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 18:59 - 2014-07-19 18:59 - 01354223 _____ () C:\Users\Lesley\Desktop\AdwCleaner.exe
2014-07-19 16:46 - 2014-07-19 16:45 - 00019672 _____ () C:\Users\Lesley\Downloads\Addition.txt
2014-07-19 16:46 - 2014-07-19 16:43 - 00049506 _____ () C:\Users\Lesley\Downloads\FRST.txt
2014-07-19 16:42 - 2014-07-19 16:42 - 02089984 _____ (Farbar) C:\Users\Lesley\Desktop\FRST64.exe
2014-07-19 16:30 - 2014-07-19 16:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-19 16:27 - 2013-10-03 13:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-19 16:27 - 2013-01-18 18:49 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 15:35 - 2013-06-12 21:30 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001UA.job
2014-07-19 15:12 - 2011-09-15 23:20 - 00000000 ____D () C:\Users\Lesley\Desktop\Tim Folder
2014-07-19 15:11 - 2014-07-19 15:10 - 04872677 _____ () C:\Users\Lesley\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-19 14:17 - 2014-07-19 14:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lesley\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-19 13:43 - 2014-03-05 13:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-19 13:23 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-19 11:34 - 2014-07-19 11:34 - 00003244 _____ () C:\Windows\System32\Tasks\Groovorio Updater
2014-07-19 11:34 - 2014-07-19 11:34 - 00000000 ____D () C:\Users\Lesley\AppData\Roaming\GroovorioUpdater
2014-07-19 11:32 - 2013-05-10 09:22 - 00000000 ____D () C:\Users\Lesley\Desktop\Kira
2014-07-18 23:50 - 2014-07-18 23:50 - 00001168 _____ () C:\Users\Lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-18 22:56 - 2013-06-01 15:39 - 00000000 ____D () C:\Users\Lesley\AppData\Roaming\vlc
2014-07-18 22:37 - 2014-07-18 22:37 - 00949504 _____ () C:\Users\Lesley\Downloads\java_installer.exe
2014-07-18 22:11 - 2013-06-12 21:30 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001Core.job
2014-07-18 18:27 - 2014-07-18 18:27 - 00000000 ____D () C:\Users\Lesley\AppData\Local\com
2014-07-18 18:26 - 2011-06-20 22:22 - 00002245 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 18:23 - 2014-07-18 18:23 - 01385040 _____ () C:\Users\Lesley\Downloads\Player_Setup.exe
2014-07-18 18:09 - 2014-07-18 18:08 - 14324706 _____ () C:\Users\Lesley\Downloads\book246_pdf.zip
2014-07-17 21:28 - 2013-06-16 13:38 - 00000388 _____ () C:\Windows\Tasks\RegTask.job
2014-07-17 11:38 - 2013-12-10 23:40 - 00000000 ____D () C:\Users\Lesley\AppData\Roaming\PrimoPDF
2014-07-10 00:25 - 2012-04-05 22:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 00:25 - 2012-04-05 22:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 00:25 - 2011-06-21 10:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 11:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 10:50 - 2009-07-14 05:45 - 00345024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 07:46 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 07:46 - 2009-07-14 08:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 07:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 07:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-08 23:58 - 2014-07-08 23:58 - 00000000 ____D () C:\03986142ab9f920657d70c98
2014-07-08 23:58 - 2013-07-13 18:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 23:58 - 2010-10-12 21:36 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-01 01:37 - 2013-12-19 11:49 - 00000000 ____D () C:\Users\Lesley\AppData\Local\Paint.NET
2014-06-30 16:10 - 2010-10-07 21:21 - 00080000 _____ () C:\Users\Lesley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-30 16:05 - 2013-07-20 17:59 - 01499136 ___SH () C:\Users\Lesley\Desktop\Thumbs.db
2014-06-30 13:47 - 2014-06-30 13:47 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-06-30 13:47 - 2014-06-30 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-06-30 13:46 - 2014-06-30 13:46 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-30 13:43 - 2014-06-30 13:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-06-30 03:09 - 2014-07-08 23:53 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 03:04 - 2014-07-08 23:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 13:09 - 2010-10-14 19:46 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-23 20:01 - 2011-04-25 21:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 20:01 - 2011-04-25 21:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-21 16:10 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-20 21:14 - 2014-07-08 23:51 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 20:39 - 2014-07-08 23:51 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 16:25 - 2014-06-20 16:25 - 00000000 ____D () C:\Windows\CheckSur
2014-06-19 02:39 - 2014-07-08 23:51 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 02:06 - 2014-07-08 23:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 02:06 - 2014-07-08 23:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 01:48 - 2014-07-08 23:51 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 01:42 - 2014-07-08 23:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 01:42 - 2014-07-08 23:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 01:41 - 2014-07-08 23:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 01:41 - 2014-07-08 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 01:32 - 2014-07-08 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 01:31 - 2014-07-08 23:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 01:26 - 2014-07-08 23:51 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 01:24 - 2014-07-08 23:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 01:24 - 2014-07-08 23:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 01:23 - 2014-07-08 23:51 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 01:16 - 2014-07-08 23:51 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 01:14 - 2014-07-08 23:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 01:09 - 2014-07-08 23:51 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 00:59 - 2014-07-08 23:51 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 00:56 - 2014-07-08 23:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 00:53 - 2014-07-08 23:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 00:51 - 2014-07-08 23:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 00:50 - 2014-07-08 23:51 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 00:48 - 2014-07-08 23:51 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 00:39 - 2014-07-08 23:51 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 00:38 - 2014-07-08 23:51 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 00:37 - 2014-07-08 23:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 00:36 - 2014-07-08 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 00:35 - 2014-07-08 23:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 00:33 - 2014-07-08 23:51 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 00:32 - 2014-07-08 23:51 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 00:28 - 2014-07-08 23:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 00:28 - 2014-07-08 23:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 00:27 - 2014-07-08 23:51 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 00:27 - 2014-07-08 23:51 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 00:25 - 2014-07-08 23:51 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 00:23 - 2014-07-08 23:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 00:22 - 2014-07-08 23:51 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 00:12 - 2014-07-08 23:51 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 00:06 - 2014-07-08 23:51 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 00:01 - 2014-07-08 23:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 11:19

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

 

please try this now:

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Link to post
Share on other sites

Let's do a final check up:

Step 1

Download mbar.PNGMalwarebytes Anti-Rootkit to your desktop.

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
Step 2

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
Link to post
Share on other sites

OK

 

Finally done! See what you mean about it might take some time to scan! Here's the log file.

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=78f93017ae441a42a461b3fce3734df2
# engine=19256
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-19 11:23:50
# local_time=2014-07-20 12:23:50 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 32377920 158277280 0 0
# scanned=210542
# found=116
# cleaned=0
# scan_time=7597
sh=B992ED7A1B4DF30F6AF8A911FBFDE92ED9F77519 ft=1 fh=5dac4dde3cd39976 vn="a variant of MSIL/DomaIQ.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir"
sh=A48F78E3190E0426CAB7017C85D371A0B2515CE9 ft=1 fh=678a4d58de41779d vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\lrrot.dll.vir"
sh=402E3F17023EC662028C5C419DF48D31B4C47954 ft=1 fh=86c7edc6432607ef vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\Newtonsoft.Json.dll.vir"
sh=821846614584D57FC24BB86CF24C5B044C3A5AB0 ft=1 fh=38f8d8ab5d5f7ec8 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\Proxy.Lib.dll.vir"
sh=5D592B28A47C58385B38BF5BE85B9522912BC10A ft=1 fh=3b5e61ca8a8504aa vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\ProxySettings.dll.vir"
sh=B4878E4D93560399EE0DC807D08C50BEB6761808 ft=1 fh=69632074c0150e80 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\Smartbar.Common.dll.vir"
sh=DF700E3E3451218A58F0353A32510F8634D296BA ft=1 fh=b309d8039acdc591 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\Smartbar.Communication.dll.vir"
sh=6C259E1D637082DF6DA4D6B398F82FDCABB8B765 ft=1 fh=4acbf6ce984aa41c vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\Smartbar.Communication.NamedPipe.dll.vir"
sh=5AC61EEEFD4864B54ADD4859705CAAFA6C4CF5A2 ft=1 fh=d729506a85ba5934 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll.vir"
sh=FBCF47C3668D6C9145A1DF8256F9121D15B31E7F ft=1 fh=a050f1bff8747171 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=985F7D915121BCC1622053A4E733017C79B30730 ft=1 fh=32db1fe504d77fbd vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\Smartbar.Personalization.Common.dll.vir"
sh=F954138CC8E03FB04A455990DE15E0338D6AB912 ft=1 fh=36f8e81135ac0afb vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=282C3784574E4D63842B459989D58D9A01FDE6AF ft=1 fh=acb2d21d2c2498cd vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\sppsm.dll.vir"
sh=719A34FC1A21E40761C045E0C52F8855E80CDCCF ft=1 fh=c81f8f636f5132a4 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\spusm.dll.vir"
sh=CF4B12FE9E659B034ECB77641D0DC5363767BDFA ft=1 fh=b2fc897ff3c3a9c1 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\srbs.dll.vir"
sh=3401A6D9D8AF4649034F7F8656061193AA03465C ft=1 fh=8db55f9452f6901a vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\srbu.dll.vir"
sh=43F238352B0408FAEB2C4F0913D466BF5ED00FAD ft=1 fh=134f92e041cba1a2 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\sreu.dll.vir"
sh=6B3C75BCF39B5C7C513E9E8F7002C1E7DFF0FD92 ft=1 fh=3acc90857f6076ca vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\srpdm.dll.vir"
sh=02AC509D825A3429FD8DA7598346097157010284 ft=1 fh=77f0c1495b29d1a6 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\srprl.dll.vir"
sh=3FDA5C133E6451D7FD25E35279A38DE0C966D4F8 ft=1 fh=70c5ecb890da71d8 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\srpt.dll.vir"
sh=C44EC6E4DC487DFC18CB5A5B2795E02579F47C8B ft=1 fh=843f1902f422e7c7 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\srptc.dll.vir"
sh=CCBE054E6D592E0B63726E204F78350068612669 ft=1 fh=01825806541cfe88 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\LPT\srut.dll.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=A15C9536148CE02615132AE1DB1A6BF8F873A726 ft=1 fh=41c25fe63c7f6257 vn="Win32/Toolbar.Conduit.R potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lesley\AppData\Roaming\OpenCandy\7C31DF39CACE48FFA165309A105A5B7B\search_protect_global.exe.vir"
sh=46296181E78D3B1F6A53F1CACDD6035B02B57E1D ft=1 fh=9d321d3b0a34bff2 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c78d9.rbf"
sh=B83094E276B956450B7ACF68CE93DCD85D95362F ft=1 fh=81a29741229eb52a vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c78da.rbf"
sh=1BD8C2722CFC9112780B116B32E241CA56FED378 ft=1 fh=ccbd55e792ffd4a5 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c78db.rbf"
sh=7BC6332DBC2D5DF45298C0575AA545798AF8ECB2 ft=1 fh=6170fef5860c8c93 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c78dc.rbf"
sh=26399AE8BDC2D7215045EACBE0422111C796DFC4 ft=1 fh=c8795392d93927f2 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Config.Msi\3c78df.rbf"
sh=CC140B2680061037EE0A8E09FFD1DF589E31D02B ft=1 fh=9a344598546bc5c8 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c791d.rbf"
sh=482BB3D3E448D54A6520E973CF271961B32ED4F6 ft=1 fh=4ddb6dcafd630cb2 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c791e.rbf"
sh=6AC9D369C7B58F5BE35AF423774D6F350BFD0561 ft=1 fh=1cb38c3299e1660f vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c791f.rbf"
sh=FD8009322EFE5C62E162BC6E88023EF8BA339E7F ft=1 fh=583143ef04de1314 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7922.rbf"
sh=B0AC0139021B61046A6BF011D95E0779DAD11F99 ft=1 fh=7df27588bb9c1087 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7926.rbf"
sh=99AF6ECDEBB152B3A2C967F80FFA90E9168A671D ft=1 fh=85a6bd0378e94ee9 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7927.rbf"
sh=1E09548020705131357796B6F68AC61B5180CC86 ft=1 fh=7cd8f36d1f3f4f4e vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7928.rbf"
sh=5AC61EEEFD4864B54ADD4859705CAAFA6C4CF5A2 ft=1 fh=d729506a85ba5934 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7929.rbf"
sh=34A1BB19F84A433CCF57DB94EF3A9BE732F714DA ft=1 fh=6a35be02fe18f9e5 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c792a.rbf"
sh=00DEECDF3C98B4858DBFF5DE0EA4A52A4F645C89 ft=1 fh=759597e18afc46cb vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c792b.rbf"
sh=985F7D915121BCC1622053A4E733017C79B30730 ft=1 fh=32db1fe504d77fbd vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c792c.rbf"
sh=67D92E10B0698D5FEBC4F9A462236BD8BEB9C7A4 ft=1 fh=fc04499782a79bec vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c792d.rbf"
sh=719A34FC1A21E40761C045E0C52F8855E80CDCCF ft=1 fh=c81f8f636f5132a4 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c792e.rbf"
sh=282C3784574E4D63842B459989D58D9A01FDE6AF ft=1 fh=acb2d21d2c2498cd vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c792f.rbf"
sh=37EB6534E3D8B753F98A41BC16F402C909B39ED2 ft=1 fh=d9ccf5dc08eaea01 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7930.rbf"
sh=F954138CC8E03FB04A455990DE15E0338D6AB912 ft=1 fh=36f8e81135ac0afb vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7931.rbf"
sh=481E78E7AC2D66FA47CA2473B92DF87834912EB1 ft=1 fh=11859c11abe34608 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7932.rbf"
sh=E64D27FE025476730144D7CB1FB88351523DAFE3 ft=1 fh=f62074867e208329 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7933.rbf"
sh=8ED02920C203A906B1B2BCA267CC1ADF91805DC6 ft=1 fh=1ed4e1b87baac737 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7934.rbf"
sh=8175A8AE1F2DB1A34AF959A9A7FC08C61E2551BE ft=1 fh=2803c3b5568a6e48 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7935.rbf"
sh=2268FF7CE8C0FBA5212C1974FD64A659B67B698F ft=1 fh=24d569904a6990c9 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7936.rbf"
sh=CCBE054E6D592E0B63726E204F78350068612669 ft=1 fh=01825806541cfe88 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7937.rbf"
sh=B5190936D771F4F95AF1D6D25A1AFD4CA442FE4C ft=1 fh=c84bd411ffb6f50c vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7938.rbf"
sh=B30DAF63ED6EE63AB6B70F4BDE3982F40E0AF319 ft=1 fh=d31df0d3b3772a4f vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7939.rbf"
sh=0D421B32AD2D65114D3F7CF09D33BF1D3600F960 ft=1 fh=5baaf36006c8ac9a vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c793f.rbf"
sh=F8DECDAD3EB07DFB736A5134E14A1A5F03077B77 ft=1 fh=c5b89d195122ef24 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7940.rbf"
sh=CF4B12FE9E659B034ECB77641D0DC5363767BDFA ft=1 fh=b2fc897ff3c3a9c1 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7941.rbf"
sh=402E3F17023EC662028C5C419DF48D31B4C47954 ft=1 fh=86c7edc6432607ef vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7942.rbf"
sh=6B3C75BCF39B5C7C513E9E8F7002C1E7DFF0FD92 ft=1 fh=3acc90857f6076ca vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7944.rbf"
sh=28B8C47DB9B0E9EC2EFE464D7F8A1342A0E8C7B8 ft=1 fh=52bfb6a85f371785 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7945.rbf"
sh=50AD95CE5FD82838E19D7174B549A7BD0E4FB40A ft=1 fh=ddaa5a6a231246ec vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7946.rbf"
sh=0A02C60CA9DF48818A811160A46DA8891A3DFC79 ft=1 fh=9ed14ed1c43085ca vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7948.rbf"
sh=FBCF47C3668D6C9145A1DF8256F9121D15B31E7F ft=1 fh=a050f1bff8747171 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c794d.rbf"
sh=821846614584D57FC24BB86CF24C5B044C3A5AB0 ft=1 fh=38f8d8ab5d5f7ec8 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c794e.rbf"
sh=5D592B28A47C58385B38BF5BE85B9522912BC10A ft=1 fh=3b5e61ca8a8504aa vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c794f.rbf"
sh=B8321125D3DD8FBE693497FD476804986E8D5443 ft=1 fh=e0c870c40d823fbd vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7950.rbf"
sh=7B7980FE9F0A9488AD49CC74956634F74AB55E51 ft=1 fh=eef88e5d9859c86e vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7952.rbf"
sh=02AC509D825A3429FD8DA7598346097157010284 ft=1 fh=77f0c1495b29d1a6 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7954.rbf"
sh=A48F78E3190E0426CAB7017C85D371A0B2515CE9 ft=1 fh=678a4d58de41779d vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7955.rbf"
sh=4ADEED9853020E9C608517699CE35E4AB46B1A6F ft=1 fh=f17c6a58ae8e51e6 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7956.rbf"
sh=43F238352B0408FAEB2C4F0913D466BF5ED00FAD ft=1 fh=134f92e041cba1a2 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7957.rbf"
sh=B4878E4D93560399EE0DC807D08C50BEB6761808 ft=1 fh=69632074c0150e80 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7958.rbf"
sh=DF700E3E3451218A58F0353A32510F8634D296BA ft=1 fh=b309d8039acdc591 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7959.rbf"
sh=6C259E1D637082DF6DA4D6B398F82FDCABB8B765 ft=1 fh=4acbf6ce984aa41c vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c795a.rbf"
sh=AA36575A40264209CC6F99345542FC841BA626B0 ft=1 fh=4d304fca6bb460c9 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c795b.rbf"
sh=734715A3C53478C47B667F2687DF1693B022D529 ft=1 fh=61538d6f9e36af3a vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c795c.rbf"
sh=3401A6D9D8AF4649034F7F8656061193AA03465C ft=1 fh=8db55f9452f6901a vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c795d.rbf"
sh=67EB8AF8E2C8ED10D29364A3927AAC8E376B7870 ft=1 fh=d0245071c2cee8ce vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c795e.rbf"
sh=550E36B251DA813A5FB075D4DDBE728B5FC7786D ft=1 fh=ca67ef67b5a5be99 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c795f.rbf"
sh=44341AC3075A630346D44C97F22FE3B8DB90A2C8 ft=1 fh=03026ae03c5e9bfc vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7962.rbf"
sh=71D7A552FF38B19CD9E29AC73F660BE4DF75B31A ft=1 fh=8fcfed294dd9d419 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7963.rbf"
sh=893F4D87D875F6B5F5565F6A86DCAA4729D16712 ft=1 fh=f255c18676cf4594 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7965.rbf"
sh=59C517C8E1476806AC0B4453C863381F877C7E59 ft=1 fh=44fb8e74d96dfeb6 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7968.rbf"
sh=370E12565221A99CA327F8FB1EAAF243856E879C ft=1 fh=f6cdb3ec75080afe vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7969.rbf"
sh=D3558CD8505E43CC94A8BE5A1FFC2C3D39409CD9 ft=1 fh=9bada0f6814a3287 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c796a.rbf"
sh=9FB49C995BBC6508CC80D88EE251DE926201BE6B ft=1 fh=ab88d352dd6d144d vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c796b.rbf"
sh=7D1FEDA559B59DBFF01C4B4F53134F121D4377C1 ft=1 fh=c2a5d07a8b4f82a0 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c796c.rbf"
sh=EF09058F1A8249F38882470126CBBE1B927788C4 ft=1 fh=7c3bb5a116a7be08 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c796d.rbf"
sh=5D0FF82E89BC0A4963B3FD2CF51F514250A3E4DF ft=1 fh=8b6bc8b332059833 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c796e.rbf"
sh=E733700395C6E285DF6D36C59D119CADF14EC136 ft=1 fh=f3d835ac74302d04 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c796f.rbf"
sh=20E137221A0CD062EE988380349F197FF6156CA2 ft=1 fh=8e867a7f15acd36f vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7970.rbf"
sh=DAB0DB732EF1B3148F2A8409C69693A8BC0F668D ft=1 fh=4741d303503cb92b vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Config.Msi\3c7971.rbf"
sh=4D9BCE1D082A97684B2862361C8C6B1117384D3D ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup4.zip"
sh=A1E0EB95C588D58B2D4B797936CEDA58E5990B89 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\Pricepeep25.zip"
sh=4D9BCE1D082A97684B2862361C8C6B1117384D3D ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup4.zip"
sh=A1E0EB95C588D58B2D4B797936CEDA58E5990B89 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\Pricepeep25.zip"
sh=B01AC08195E304AA4A9C1708EF20018EDBB46466 ft=1 fh=c0a411ccca8d6207 vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="C:\Users\Lesley\AppData\Roaming\GroovorioUpdater\UpdateProc\UpdateTask.exe"
sh=427EBFD216B66AE77FF460F0BA36267C1D46DE71 ft=1 fh=b84e9e26347b9408 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\Lesley\Documents\APNSetup.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Lesley\Downloads\cbsidlm-cbsi183-AdwCleaner-ORG-75851221.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Lesley\Downloads\ccsetup411.exe"
sh=9CCBE2B6ECAE188A149B547423FB6193E41C6D1F ft=1 fh=82c142bd1fa13d80 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Users\Lesley\Downloads\CodecPackage.exe"
sh=7B458228C83AC9032408217D7C6B6E8286689972 ft=1 fh=e7c44e4f2fd49fb6 vn="a variant of Win32/SquareNet.A potentially unwanted application" ac=I fn="C:\Users\Lesley\Downloads\java_installer.exe"
sh=E6F9780ABAFD1E53216C86A86D962E1B1B754690 ft=1 fh=7eb6a2c1ed2592e2 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Users\Lesley\Downloads\Player_Setup.exe"
sh=CF2E98C819BFCC938E8F4DA0E7C36C57CCEC7938 ft=1 fh=39546902c9734c35 vn="multiple threats" ac=I fn="C:\Users\Lesley\Downloads\Regtask_WebInstall.exe"
sh=44A7AE70AA7AC181E962591F263CFA55C823B4FC ft=1 fh=cf972a16567b49c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Lesley\Downloads\Shockwave_Installer_Slim.exe"
sh=5BA2A1AB903E6B0FAC7FD1B0BC4B4F32262BAC67 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Windows\Installer\83344f.msi"
sh=9FFE733FFA9E48BDE9F2D399822DA9FE5284CF55 ft=1 fh=6e56d9f8aef3b200 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSID07A.tmp"
sh=925A0BAB5160A2463684131985BF453F59282D4C ft=1 fh=e26cd0c06f3e0509 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\Installer\MSIBDEE.tmp-\FiddlerCore.dll"
sh=9AA379DBA3254708473EBD116A7C87070E3E1416 ft=1 fh=d53322916ab5f2f6 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Windows\Installer\MSIBDEE.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=C1DE928C5BED1D277969D3946EEAC0889DC81C8F ft=1 fh=34728812cfdd98cc vn="a variant of MSIL/Toolbar.Linkury.C potentially unwanted application" ac=I fn="C:\Windows\Installer\MSIBDEE.tmp-\srbs.dll"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=86055EA143BA33A982F3AE0E462282E4155FC351 ft=1 fh=7300211bcdeaa8fd vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Lesley_Downloads_dreamcatcher-spa-5122151.exe.vir"
sh=9927B82A825E80CFB729DEB18F1C168BEC922B02 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~3_InstallMate\{788668D6-59ED-485E-AAB5-11CFA3654A20}\Custom.dll"

 

Link to post
Share on other sites

Hi,

Step 1

frst.pngfrstfix.png

Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

    Please copy and paste its contents in your next reply.

fixlist.txt

Step 2

  • Please download mbam-clean.exe from here to your desktop and save it.
  • Please close all open applications and temporarily shutdown your antivirus to avoid any conflicts when running the tool.
  • Locate the file mbam-clean.exe and double-click to run it and follow the onscreen prompts.
  • It will ask to restart your computer, please allow it to do so very important
Step 3
  • Disable the realtime-protection of your antivirus and anti-malware programs.
  • Download wraioneu.PNGWindows Repair (All in One) from this site

    Install the program then run it.

    windowsrepair271.png

Link to post
Share on other sites

No worries....there were two "fixlists" I picked the wrong one. Done it now. Here the frst fixlog. I will continue now with the rest of the steps.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014
Ran by Lesley at 2014-07-20 15:54:09 Run:4
Running from C:\Users\Lesley\Desktop\Tim Folder\anti malware\Advice
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Lesley\AppData\Roaming\GroovorioUpdater\UpdateProc\UpdateTask.exe
C:\Users\Lesley\Documents\APNSetup.exe
C:\Users\Lesley\Downloads\cbsidlm-cbsi183-AdwCleaner-ORG-75851221.exe
C:\Users\Lesley\Downloads\CodecPackage.exe
C:\Users\Lesley\Downloads\java_installer.exe
C:\Users\Lesley\Downloads\Player_Setup.exe
C:\Users\Lesley\Downloads\Regtask_WebInstall.exe
HKLM-x32\...\Run: [fst_gb_69] => [X]
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

*****************

C:\Users\Lesley\AppData\Roaming\GroovorioUpdater\UpdateProc\UpdateTask.exe => Moved successfully.
C:\Users\Lesley\Documents\APNSetup.exe => Moved successfully.
C:\Users\Lesley\Downloads\cbsidlm-cbsi183-AdwCleaner-ORG-75851221.exe => Moved successfully.
C:\Users\Lesley\Downloads\CodecPackage.exe => Moved successfully.
C:\Users\Lesley\Downloads\java_installer.exe => Moved successfully.
C:\Users\Lesley\Downloads\Player_Setup.exe => Moved successfully.
C:\Users\Lesley\Downloads\Regtask_WebInstall.exe => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_gb_69 => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}' => Key deleted successfully.
'HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Hi, try now a fresh download and install of MBAM

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Link to post
Share on other sites

Fresh logs please...

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

Ok new logs :)

also can I just say again thanks for doing this. It's really good of you! And really...your English seems to me to be excellent...and much better than my German :)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Lesley (administrator) on LESLEY-ACER on 20-07-2014 19:47:32
Running from C:\Users\Lesley\Desktop\Tim Folder\anti malware\Advice
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Spotify Ltd) C:\Users\Lesley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [822816 2009-10-29] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-22] (Acer Corp.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2105457643-2191922377-1169254503-1001\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2105457643-2191922377-1169254503-1001\...\Run: [spotify Web Helper] => C:\Users\Lesley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-12] (Spotify Ltd)
HKU\S-1-5-21-2105457643-2191922377-1169254503-1001\...\MountPoints2: {56d211de-c0c8-11e2-8050-705ab616d325} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groovorio.com/?f=1&a=grv_tutofirst_14_26&cd=2XzuyEtN2Y1L1QzuyByCtC0AtDyE0CtD0E0B0BtBtAtByB0CtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFtAtN1L1Czu1N1C2X1V2Z2Y2Z1F1O1L1C1B2Z1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyEyE0C0EtDtCtByEtGzz0BzytBtG0D0CtAyCtGyDzzyD0EtGtCzy0FtB0FtD0D0ByDtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzzyC0F0F0AtCtGzyzz0F0BtG0FyD0ByCtGyByDzz0DtGyB0E0Dzz0F0DzyyCtD0ByByC2Q&cr=326040651&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Lesley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Adblock Plus - C:\Users\Lesley\AppData\Roaming\Mozilla\Firefox\Profiles\9r9l7nm3.default-1380812248524\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2011-10-31]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (Skype Click to Call) - C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-17]
CHR Extension: (Google Wallet) - C:\Users\Lesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) =================

S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [947528 2011-03-18] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-06-13] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 17:32 - 2014-07-20 17:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 16:41 - 2014-07-20 16:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LESLEY-ACER-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-07-20 16:41 - 2014-07-20 16:41 - 00000000 ____D () C:\RegBackup
2014-07-20 16:18 - 2014-07-20 16:18 - 00003352 ____N () C:\bootsqm.dat
2014-07-20 16:04 - 2014-07-20 16:04 - 00002167 _____ () C:\Users\Lesley\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-20 16:04 - 2014-07-20 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-20 16:04 - 2014-07-20 16:04 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-19 22:12 - 2014-07-19 22:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-19 21:40 - 2014-07-19 22:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-19 21:39 - 2014-07-19 22:08 - 00000000 ____D () C:\Users\Lesley\mbar
2014-07-19 19:46 - 2014-07-19 19:20 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-19 19:22 - 2014-07-19 19:47 - 00023764 _____ () C:\zoek-results.log
2014-07-19 19:20 - 2014-07-19 19:44 - 00000000 ____D () C:\zoek_backup
2014-07-19 19:14 - 2014-07-20 17:10 - 00022936 _____ () C:\Windows\PFRO.log
2014-07-19 19:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-19 16:45 - 2014-07-19 16:46 - 00019672 _____ () C:\Users\Lesley\Downloads\Addition.txt
2014-07-19 16:43 - 2014-07-19 16:46 - 00049506 _____ () C:\Users\Lesley\Downloads\FRST.txt
2014-07-19 16:42 - 2014-07-20 19:47 - 00000000 ____D () C:\FRST
2014-07-19 16:30 - 2014-07-20 19:45 - 00000840 _____ () C:\Windows\setupact.log
2014-07-19 16:30 - 2014-07-19 16:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-19 15:10 - 2014-07-19 15:11 - 04872677 _____ () C:\Users\Lesley\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-19 11:34 - 2014-07-20 17:34 - 00000296 _____ () C:\Windows\Tasks\Groovorio Updater.job
2014-07-19 11:34 - 2014-07-19 11:34 - 00003244 _____ () C:\Windows\System32\Tasks\Groovorio Updater
2014-07-19 11:34 - 2014-07-19 11:34 - 00000000 ____D () C:\Users\Lesley\AppData\Roaming\GroovorioUpdater
2014-07-18 23:50 - 2014-07-18 23:50 - 00001168 _____ () C:\Users\Lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-18 18:27 - 2014-07-18 18:27 - 00000000 ____D () C:\Users\Lesley\AppData\Local\com
2014-07-18 18:08 - 2014-07-18 18:09 - 14324706 _____ () C:\Users\Lesley\Downloads\book246_pdf.zip
2014-07-08 23:58 - 2014-07-08 23:58 - 00000000 ____D () C:\03986142ab9f920657d70c98
2014-07-08 23:53 - 2014-06-30 03:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 23:53 - 2014-06-30 03:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 23:51 - 2014-06-20 21:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 23:51 - 2014-06-20 20:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 23:51 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 23:51 - 2014-06-19 02:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 23:51 - 2014-06-19 02:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 23:51 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 23:51 - 2014-06-19 01:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 23:51 - 2014-06-19 01:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 23:51 - 2014-06-19 01:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 23:51 - 2014-06-19 01:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 23:51 - 2014-06-19 01:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 23:51 - 2014-06-19 01:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 23:51 - 2014-06-19 01:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 23:51 - 2014-06-19 01:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 23:51 - 2014-06-19 01:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 23:51 - 2014-06-19 01:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 23:51 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 23:51 - 2014-06-19 01:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 23:51 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 23:51 - 2014-06-19 00:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 23:51 - 2014-06-19 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 23:51 - 2014-06-19 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 23:51 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 23:51 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 23:51 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 23:51 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 23:51 - 2014-06-19 00:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 23:51 - 2014-06-19 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 23:51 - 2014-06-19 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 23:51 - 2014-06-19 00:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 23:51 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 23:51 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 23:51 - 2014-06-19 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 23:51 - 2014-06-19 00:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 23:51 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 23:51 - 2014-06-19 00:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 23:51 - 2014-06-19 00:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 23:51 - 2014-06-19 00:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 23:51 - 2014-06-19 00:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 23:51 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 23:51 - 2014-06-19 00:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 23:51 - 2014-06-19 00:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 23:51 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 23:51 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 23:51 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 23:51 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 23:51 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 23:51 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 23:51 - 2014-06-18 23:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 23:51 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 23:51 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 23:51 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 23:51 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 23:51 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 23:51 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 23:51 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 23:51 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 23:51 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 23:51 - 2014-06-18 02:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 23:51 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 23:51 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 23:51 - 2014-05-30 09:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 23:51 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 23:51 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 23:48 - 2014-06-05 15:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 23:48 - 2014-06-05 15:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 23:48 - 2014-06-05 15:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-30 13:47 - 2014-06-30 13:47 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-06-30 13:47 - 2014-06-30 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-06-30 13:46 - 2014-06-30 13:46 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-30 13:43 - 2014-06-30 13:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-06-20 16:25 - 2014-06-20 16:25 - 00000000 ____D () C:\Windows\CheckSur

==================== One Month Modified Files and Folders =======

2014-07-20 19:49 - 2009-11-03 05:32 - 00000000 ____D () C:\ProgramData\Temp
2014-07-20 19:47 - 2014-07-19 16:42 - 00000000 ____D () C:\FRST
2014-07-20 19:45 - 2014-07-19 16:30 - 00000840 _____ () C:\Windows\setupact.log
2014-07-20 19:45 - 2012-07-05 20:11 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-20 19:45 - 2011-04-25 21:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 19:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 17:44 - 2009-12-29 22:56 - 01063533 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 17:34 - 2014-07-19 11:34 - 00000296 _____ () C:\Windows\Tasks\Groovorio Updater.job
2014-07-20 17:32 - 2014-07-20 17:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 17:25 - 2012-04-05 22:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 17:16 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 17:16 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 17:15 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-20 17:10 - 2014-07-19 19:14 - 00022936 _____ () C:\Windows\PFRO.log
2014-07-20 17:10 - 2009-07-14 05:45 - 00345024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-20 17:06 - 2011-04-25 21:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 17:04 - 2009-07-14 03:34 - 00000471 _____ () C:\Windows\win.ini
2014-07-20 16:41 - 2014-07-20 16:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LESLEY-ACER-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-07-20 16:41 - 2014-07-20 16:41 - 00000000 ____D () C:\RegBackup
2014-07-20 16:18 - 2014-07-20 16:18 - 00003352 ____N () C:\bootsqm.dat
2014-07-20 16:04 - 2014-07-20 16:04 - 00002167 _____ () C:\Users\Lesley\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-20 16:04 - 2014-07-20 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-20 16:04 - 2014-07-20 16:04 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-20 03:35 - 2013-06-12 21:30 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001UA.job
2014-07-19 22:12 - 2014-07-19 22:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-19 22:08 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-19 22:08 - 2014-07-19 21:39 - 00000000 ____D () C:\Users\Lesley\mbar
2014-07-19 21:39 - 2010-10-07 21:21 - 00000000 ____D () C:\Users\Lesley
2014-07-19 21:35 - 2013-06-12 21:30 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001Core.job
2014-07-19 19:47 - 2014-07-19 19:22 - 00023764 _____ () C:\zoek-results.log
2014-07-19 19:44 - 2014-07-19 19:20 - 00000000 ____D () C:\zoek_backup
2014-07-19 19:20 - 2014-07-19 19:46 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-19 19:13 - 2013-10-03 16:14 - 00000000 ____D () C:\AdwCleaner
2014-07-19 16:46 - 2014-07-19 16:45 - 00019672 _____ () C:\Users\Lesley\Downloads\Addition.txt
2014-07-19 16:46 - 2014-07-19 16:43 - 00049506 _____ () C:\Users\Lesley\Downloads\FRST.txt
2014-07-19 16:30 - 2014-07-19 16:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-19 16:27 - 2013-10-03 13:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-19 16:27 - 2013-01-18 18:49 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 15:12 - 2011-09-15 23:20 - 00000000 ____D () C:\Users\Lesley\Desktop\Tim Folder
2014-07-19 15:11 - 2014-07-19 15:10 - 04872677 _____ () C:\Users\Lesley\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-19 11:34 - 2014-07-19 11:34 - 00003244 _____ () C:\Windows\System32\Tasks\Groovorio Updater
2014-07-19 11:34 - 2014-07-19 11:34 - 00000000 ____D () C:\Users\Lesley\AppData\Roaming\GroovorioUpdater
2014-07-19 11:32 - 2013-05-10 09:22 - 00000000 ____D () C:\Users\Lesley\Desktop\Kira
2014-07-18 23:50 - 2014-07-18 23:50 - 00001168 _____ () C:\Users\Lesley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-18 22:56 - 2013-06-01 15:39 - 00000000 ____D () C:\Users\Lesley\AppData\Roaming\vlc
2014-07-18 18:27 - 2014-07-18 18:27 - 00000000 ____D () C:\Users\Lesley\AppData\Local\com
2014-07-18 18:26 - 2011-06-20 22:22 - 00002245 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 18:09 - 2014-07-18 18:08 - 14324706 _____ () C:\Users\Lesley\Downloads\book246_pdf.zip
2014-07-17 21:28 - 2013-06-16 13:38 - 00000388 _____ () C:\Windows\Tasks\RegTask.job
2014-07-17 11:38 - 2013-12-10 23:40 - 00000000 ____D () C:\Users\Lesley\AppData\Roaming\PrimoPDF
2014-07-10 00:25 - 2012-04-05 22:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 00:25 - 2012-04-05 22:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 00:25 - 2011-06-21 10:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 11:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 07:46 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 07:46 - 2009-07-14 08:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 07:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 07:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-08 23:58 - 2014-07-08 23:58 - 00000000 ____D () C:\03986142ab9f920657d70c98
2014-07-08 23:58 - 2013-07-13 18:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 23:58 - 2010-10-12 21:36 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-01 01:37 - 2013-12-19 11:49 - 00000000 ____D () C:\Users\Lesley\AppData\Local\Paint.NET
2014-06-30 16:10 - 2010-10-07 21:21 - 00080000 _____ () C:\Users\Lesley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-30 16:05 - 2013-07-20 17:59 - 01499136 ___SH () C:\Users\Lesley\Desktop\Thumbs.db
2014-06-30 13:47 - 2014-06-30 13:47 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-06-30 13:47 - 2014-06-30 13:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-06-30 13:47 - 2014-06-30 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-06-30 13:46 - 2014-06-30 13:46 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-30 13:43 - 2014-06-30 13:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-06-30 03:09 - 2014-07-08 23:53 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 03:04 - 2014-07-08 23:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 13:09 - 2010-10-14 19:46 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-23 20:01 - 2011-04-25 21:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 20:01 - 2011-04-25 21:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-21 16:10 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-20 21:14 - 2014-07-08 23:51 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 20:39 - 2014-07-08 23:51 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 16:25 - 2014-06-20 16:25 - 00000000 ____D () C:\Windows\CheckSur

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 21:31

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by Lesley at 2014-07-20 19:50:01
Running from C:\Users\Lesley\Desktop\Tim Folder\anti malware\Advice
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: AVG Internet Security 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 (Disabled) {621CC794-9486-F902-D092-0484E8EA828B}

==================== Installed Programs ======================

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AVG 2012 (HKLM\...\AVG) (Version: 2012.0.2221 - AVG Technologies)
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2637 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.15.1 - Synaptics Incorporated)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.2 - Tweaking.com)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

17-06-2014 15:43:03 Restore Operation
18-06-2014 05:27:25 Windows Update
20-06-2014 15:25:37 Windows Update
27-06-2014 16:37:31 Scheduled Checkpoint
30-06-2014 12:45:42 DCInstallRestorePoint
08-07-2014 22:56:40 Windows Update
09-07-2014 06:44:30 Windows Update
16-07-2014 22:42:50 Scheduled Checkpoint
19-07-2014 18:22:44 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-07-20 17:05 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {011A58F3-76B4-4764-9A7F-BAA1AE5E1ED9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {06F67644-2CAD-4B13-BAFD-133C575652B7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {09E3C3DE-402E-456F-A99B-8978926A7A70} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {170472E2-E53C-45FD-A633-6E3012F6D146} - System32\Tasks\Groovorio Updater => C:\Users\Lesley\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {1792BE74-B273-48C6-9B9A-9E303818172F} - System32\Tasks\RegTask => C:\Program Files (x86)\RegTask\RegTask.exe
Task: {1A12B977-B5CD-480F-A1CC-4B42D7FFF12E} - \DSite No Task File <==== ATTENTION
Task: {2B64D353-D7F0-4A07-921E-4591CF496011} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {3FEC1DE7-AF20-4CD4-BD6E-9D2CC773B9DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {45651AB4-7DFA-4767-A055-F09C0B5986FC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001UA => C:\Users\Lesley\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {58DF46D0-64E6-414D-90C8-DAE67F554420} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001Core => C:\Users\Lesley\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5AF42912-4D95-48FA-9C4E-4E7EEBB85C5E} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {8435822C-1749-43F6-8DB9-670F924B22D5} - System32\Tasks\{CFF87891-D582-4415-AA0A-A4F508A5D932} => Firefox.exe http://ui.skype.com/ui/0/6.3.0.105/en/abandoninstall?page=tsProgressBar
Task: {9486112B-3DB8-4789-8325-4D1C0539CA28} - System32\Tasks\{5B0920DE-2259-442E-A1C4-DD343DCA9C20} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-03-01] (Skype Technologies S.A.)
Task: {A15048B8-7E62-410A-A8D7-E707232BCADE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A5FDD733-1FC7-451F-9D6C-DF5B92C7157A} - System32\Tasks\{6F779F99-4A35-4FA5-A020-C1180D4BFE6E} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/es/abandoninstall?page=tsMain
Task: {AA1B7833-F108-4ECF-89B9-E4FCC5E8107E} - System32\Tasks\{C7BEA79D-44E5-4850-8570-8E2ADE8F32AF} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.120/en/abandoninstall?source=lightinstaller&page=tsBing
Task: {B69F9C47-E5FD-4784-8B59-033BCFF39ADB} - \Dealply No Task File <==== ATTENTION
Task: {B826B514-9357-42CA-BA72-3403F4E809C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: {C4E4EEDE-53A4-4B53-A126-5D9EDCF3C193} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {C550A9A5-C2E4-451E-8580-3BF1C443AB5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {CCB98A60-5957-456D-8CC4-EB96479407B0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2105457643-2191922377-1169254503-1001
Task: {E0CF8434-8B1E-4673-A5B8-C0D3BD7CAA1E} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Lesley Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
Task: {F62F04C5-46E4-4B97-8652-7A91A3F1DF93} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {FECD5787-8FB1-4529-BC67-3DFC9E3F215E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001Core.job => C:\Users\Lesley\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2105457643-2191922377-1169254503-1001UA.job => C:\Users\Lesley\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Groovorio Updater.job => C:\Users\Lesley\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\RegTask.job => C:\Program Files (x86)\RegTask\RegTask.exe

==================== Loaded Modules (whitelisted) =============

2013-12-10 23:40 - 2011-02-28 23:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2012-01-25 00:12 - 2011-11-03 18:21 - 00350024 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
2012-01-25 00:12 - 2011-11-03 18:21 - 00184136 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
2012-01-25 00:12 - 2011-11-03 18:21 - 00050504 _____ () C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
2014-05-10 09:18 - 2014-06-18 17:53 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\Users\Lesley\Documents\attachment.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2014 05:30:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/20/2014 05:11:27 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/20/2014 05:11:26 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/20/2014 04:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ePowerTray.exe, version: 4.5.3006.0, time stamp: 0x4ae9048f
Faulting module name: ePowerTray.exe, version: 4.5.3006.0, time stamp: 0x4ae9048f
Exception code: 0xc0000005
Fault offset: 0x00000000000102a5
Faulting process id: 0x938
Faulting application start time: 0xePowerTray.exe0
Faulting application path: ePowerTray.exe1
Faulting module path: ePowerTray.exe2
Report Id: ePowerTray.exe3

Error: (07/20/2014 03:46:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/20/2014 03:46:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/20/2014 00:31:39 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2014 10:12:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2014 10:12:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2014 10:12:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (07/20/2014 07:46:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/20/2014 07:45:57 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error: (07/20/2014 07:45:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVG WatchDog service terminated with service-specific error %%-536805315.

Error: (07/20/2014 05:42:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/20/2014 05:32:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/20/2014 05:22:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/20/2014 05:12:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/20/2014 05:11:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error: (07/20/2014 05:11:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVG WatchDog service terminated with service-specific error %%-536805315.

Error: (07/20/2014 05:09:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Tweaking Run As System Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 4025.98 MB
Available physical RAM: 2445.87 MB
Total Pagefile: 8050.13 MB
Available Pagefile: 6379.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:285.99 GB) (Free:208.58 GB) NTFS
Drive d: (LOTR_TWO_TOWERS_SEE_D1) (CDROM) (Total:6.41 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E8D2BF38)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.