Jump to content

Problem after Restore Point


Recommended Posts

My problem is this: my daughter logged me out of skype and then when we tried to login we couldn't. So I uninstalled skype and tried to remove IE (Mircosoft help told me to do that).

 

It didn't work so I did a system restore, Skype then worked but when I open the computer I get: The Ordinal 791 could not be located in the dynamic link library iertutil.dll - I also get this message in my Windows Live Mail, I can't see the email messages, it only shows me that they have come in but nothing else, I can't email either.

 

I was told to post in here because it seems I have viruses. I just scanned my system with Malware and found I had 54 objects. I quarantined these. The log is below.

 

But I still have the problem - what do I do now

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/08/2014
Scan Time: 09:09:21
Logfile: 1.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.12.03
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294897
Time Elapsed: 16 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\toolbarImages, Quarantined, [7c37586d007ba88e276c38838a788f71],

Files: 52
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.129813684258939747.search.history, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.129813684258939747.search.selectedEngineId, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.129813684258939747.search.settings, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.AlertService, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.AlertsInfoData, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.appOptions, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.cookiesRepo, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.NotificationSettings, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.NOTIFICATION_ID.alert_login_service, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.NOTIFICATION_ID.notifications-repository, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.NOTIFICATION_ID.notifications-servicemap, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.NOTIFICATION_ID.notifications-service_1647765, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_translation, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_appsMetadata, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_appTrackingFirstTime, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_gottenAppsContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_login, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_otherAppsContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_searchAPI, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_serviceMap, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_toolbarContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_toolbarSettings, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_translation, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_appsMetadata, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_appTrackingFirstTime, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_gottenAppsContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_login, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_otherAppsContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_searchAPI, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_serviceMap, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_toolbarContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_toolbarSettings, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.NOTIFICATION_ID.notifications_serviceMap, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_toolbarSettings, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_RAW.serviceLayer_services_translation, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\toolbar_initializing_logger.txt, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\uninstallData, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\uninstallUrl, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.searchProtectorData, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468.skin, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_appsMetadata, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_appTrackingFirstTime, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_gottenAppsContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_login, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_otherAppsContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_searchAPI, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_serviceMap, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\CT3220468_10.10.27.6.serviceLayer_services_toolbarContextMenu, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\toolbarImages\http___storage_conduit_com_53_307_CT3072253_Images_634520779497696087.png, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif, Quarantined, [7c37586d007ba88e276c38838a788f71],
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\CT3220468\toolbarImages\storage.conduit.com, Quarantined, [7c37586d007ba88e276c38838a788f71],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by User (administrator) on USER-PC on 12-08-2014 09:40:07
Running from C:\Users\User\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Multidmedia Limited                 ) C:\Program Files (x86)\Vision Defense\Vision Defense.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\User\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-10] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1474768639-1737181589-514141678-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-05] (Google Inc.)
HKU\S-1-5-21-1474768639-1737181589-514141678-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1474768639-1737181589-514141678-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
HKU\S-1-5-21-1474768639-1737181589-514141678-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TalkTalk Setup CD Reporting Tool.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\visiondefense.lnk
ShortcutTarget: visiondefense.lnk -> C:\Program Files (x86)\Vision Defense\Vision Defense.exe (Multidmedia Limited                 )
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {81D594C2-04A0-4259-90F4-BD7B25340AAC} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN16397273002052910&UM=1
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default
FF Homepage: www.google.co.uk
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: PageRank for Firefox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\Extensions\pagerank@any-tech.ws.xpi [2012-08-02]
FF Extension: StumbleUpon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2013-04-20]
FF Extension: Property Bee - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fbp11f7m.default\Extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi [2012-09-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-02]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-24]
CHR Extension: (cconatinuaeeteosavve) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfomdijgjiomlfpmgbneopffnlemlljl [2013-06-04]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-02]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-11-19] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-11] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U3 Anetatoaaic; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 09:26 - 2014-08-12 09:26 - 00012119 _____ () C:\Users\User\Desktop\1.txt
2014-08-12 09:09 - 2014-08-12 09:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 09:08 - 2014-08-12 09:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-12 09:08 - 2014-08-12 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-12 09:08 - 2014-08-12 09:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 09:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-12 09:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-12 09:07 - 2014-08-12 09:07 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64(2).exe
2014-08-12 09:02 - 2014-08-12 09:02 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2014-08-12 07:48 - 2014-08-12 07:48 - 00000000 ____D () C:\Users\User\AppData\Local\{3C116C6C-2B0B-495B-92B6-7B5704386779}
2014-08-11 19:47 - 2014-08-11 19:48 - 00000000 ____D () C:\Users\User\AppData\Local\{8AD31469-A7B6-441D-B1B4-D9EC8BF3E402}
2014-08-11 13:20 - 2014-08-12 09:35 - 00000224 _____ () C:\Windows\setupact.log
2014-08-11 13:20 - 2014-08-11 13:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-11 13:11 - 2014-08-11 13:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\WiseUpdate
2014-08-11 08:37 - 2014-08-11 08:38 - 00029728 _____ () C:\Users\User\Downloads\Addition.txt
2014-08-11 08:36 - 2014-08-12 09:40 - 00021489 _____ () C:\Users\User\Downloads\FRST.txt
2014-08-11 08:36 - 2014-08-12 09:40 - 00000000 ____D () C:\FRST
2014-08-11 08:35 - 2014-08-11 08:35 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-08-11 08:31 - 2014-08-11 08:31 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.scr
2014-08-11 07:47 - 2014-08-11 07:47 - 00000000 ____D () C:\Users\User\AppData\Local\{978C1CCD-C7E2-4F4B-BF58-B277ED124726}
2014-08-10 18:37 - 2014-08-10 18:37 - 00000020 _____ () C:\Windows\Øø¿
2014-08-10 17:05 - 2014-08-10 17:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 16:07 - 2014-08-10 16:07 - 00000000 ____D () C:\Users\User\AppData\Local\{31E75C00-6ADF-4103-987B-D3F6CAF0BAFB}
2014-08-10 13:56 - 2014-08-10 13:56 - 00000134 _____ () C:\Users\User\Desktop\Internet Explorer Troubleshooting.url
2014-08-10 11:59 - 2014-08-10 11:59 - 02077392 _____ (Microsoft Corporation) C:\Users\User\Downloads\IE11-Windows6.1.exe
2014-08-10 11:32 - 2014-08-10 11:32 - 01551008 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\skypesetup(1).exe
2014-08-10 11:32 - 2014-08-10 11:32 - 00003134 _____ () C:\Windows\System32\Tasks\{C6477BE5-03D4-4918-AC82-E44D44A370C2}
2014-08-10 11:28 - 2014-08-10 11:28 - 00000561 _____ () C:\Users\User\Downloads\css.zip
2014-08-10 08:43 - 2014-08-10 08:43 - 00000000 ____D () C:\Users\User\AppData\Local\{69B4AD83-BAA5-4E48-BBAA-8FC633574B9B}
2014-08-09 20:42 - 2014-08-09 20:42 - 00000000 ____D () C:\Users\User\AppData\Local\{2537390F-61AA-40E2-8C4A-39CDC2EB1B56}
2014-08-09 08:42 - 2014-08-09 08:42 - 00000000 ____D () C:\Users\User\AppData\Local\{C79AB55A-62EF-40BC-A041-1A22DD368CFB}
2014-08-08 20:42 - 2014-08-08 20:42 - 00000000 ____D () C:\Users\User\AppData\Local\{1E417506-EAE0-4CA0-BD76-C1AFAC6040E3}
2014-08-08 08:41 - 2014-08-08 08:41 - 00000000 ____D () C:\Users\User\AppData\Local\{E93612CA-022A-40F4-AF8C-43E5EBDABD24}
2014-08-07 20:41 - 2014-08-07 20:41 - 00000000 ____D () C:\Users\User\AppData\Local\{47394201-543C-4638-9149-D13C5A0690E5}
2014-08-07 08:41 - 2014-08-07 08:41 - 00000000 ____D () C:\Users\User\AppData\Local\{853F9A4B-2D04-4FEF-909B-018970FC030E}
2014-08-06 20:40 - 2014-08-06 20:40 - 00000000 ____D () C:\Users\User\AppData\Local\{25A5D269-238C-470B-BE16-268F3AEC5A92}
2014-08-06 10:24 - 2014-08-06 10:24 - 00115432 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-06 08:40 - 2014-08-06 08:40 - 00000000 ____D () C:\Users\User\AppData\Local\{D3B2A5F7-655C-4E9E-98BF-9AF9713374F8}
2014-08-05 20:39 - 2014-08-05 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\{55916C93-6244-452C-BA38-27F9E2105DA7}
2014-08-05 08:39 - 2014-08-05 08:39 - 00000000 ____D () C:\Users\User\AppData\Local\{FBEB232A-B783-4F89-934D-674C669DAF67}
2014-08-04 20:39 - 2014-08-04 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\{38B82AFF-38FC-4412-9062-F2E712C99898}
2014-08-04 12:14 - 2014-08-04 12:14 - 00000000 ____D () C:\Users\User\Documents\Updater
2014-08-04 08:38 - 2014-08-04 08:39 - 00000000 ____D () C:\Users\User\AppData\Local\{D6778506-5A31-4222-8824-326D294CF641}
2014-08-03 20:38 - 2014-08-03 20:38 - 00000000 ____D () C:\Users\User\AppData\Local\{F04C2325-EB2B-4D59-B677-18CA7DC3CBF4}
2014-08-03 08:38 - 2014-08-03 08:38 - 00000000 ____D () C:\Users\User\AppData\Local\{72BB4C27-948E-4448-BC43-9A7046D1A544}
2014-08-02 20:37 - 2014-08-02 20:38 - 00000000 ____D () C:\Users\User\AppData\Local\{EA983E21-1EBE-45B1-9A9F-63AAE80ABE0A}
2014-08-02 08:37 - 2014-08-02 08:37 - 00000000 ____D () C:\Users\User\AppData\Local\{0A2CA0C7-5BE3-4F30-82EE-2EA453FC6045}
2014-08-01 20:37 - 2014-08-01 20:37 - 00000000 ____D () C:\Users\User\AppData\Local\{A90A0B75-2A0B-4404-9BC9-F02F35E770B2}
2014-08-01 08:37 - 2014-08-01 08:37 - 00000000 ____D () C:\Users\User\AppData\Local\{2E281637-8D11-4CB2-8F37-8A66F3C160E9}
2014-07-31 20:36 - 2014-07-31 20:36 - 00000000 ____D () C:\Users\User\AppData\Local\{1B218C7E-00E5-4088-93DE-A6F764A7D2C2}
2014-07-31 08:36 - 2014-07-31 08:36 - 00000000 ____D () C:\Users\User\AppData\Local\{734C47F4-8B17-4D64-B18A-C8E356F01548}
2014-07-31 04:06 - 2014-05-14 17:23 - 00700384 ____N (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 04:06 - 2014-05-14 17:23 - 00044512 ____N (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 04:06 - 2014-05-14 17:23 - 00038880 ____N (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-30 20:35 - 2014-07-30 20:36 - 00000000 ____D () C:\Users\User\AppData\Local\{9A529490-352B-452A-82C8-8AB6DFA8F69D}
2014-07-30 08:35 - 2014-07-30 08:35 - 00000000 ____D () C:\Users\User\AppData\Local\{93C5A0CE-7077-4296-B59B-9979435ACABD}
2014-07-29 20:35 - 2014-07-29 20:35 - 00000000 ____D () C:\Users\User\AppData\Local\{14B52461-FCB3-4EB6-ABD4-EDA0380A70B2}
2014-07-29 08:34 - 2014-07-29 08:35 - 00000000 ____D () C:\Users\User\AppData\Local\{3FBEDCF5-0102-4282-B79A-6AA48391F89A}
2014-07-28 20:34 - 2014-07-28 20:34 - 00000000 ____D () C:\Users\User\AppData\Local\{35CE915D-9DD2-413E-8A27-B09F007ABC73}
2014-07-28 08:34 - 2014-07-28 08:34 - 00000000 ____D () C:\Users\User\AppData\Local\{0CC3042D-BFC8-4BA1-8B56-E12507D5639F}
2014-07-27 20:33 - 2014-07-27 20:34 - 00000000 ____D () C:\Users\User\AppData\Local\{C2A665F8-6D6F-48E0-BE73-D31B67D1BC5E}
2014-07-27 08:33 - 2014-07-27 08:33 - 00000000 ____D () C:\Users\User\AppData\Local\{AFB813BB-337E-4781-A97D-F3D079C71202}
2014-07-26 20:33 - 2014-07-26 20:33 - 00000000 ____D () C:\Users\User\AppData\Local\{E6555A06-E4F7-473E-A142-499EE3FC1002}
2014-07-26 08:32 - 2014-07-26 08:33 - 00000000 ____D () C:\Users\User\AppData\Local\{95EFCA16-0880-4D8D-A8D6-E4A1D6783366}
2014-07-25 20:26 - 2014-07-25 20:26 - 00000000 ____D () C:\Users\User\AppData\Local\{89A1B035-E81A-4BF8-A90C-1240D9D15D2A}
2014-07-25 08:26 - 2014-07-25 08:26 - 00000000 ____D () C:\Users\User\AppData\Local\{696B8B77-022A-4166-92D8-28247415019A}
2014-07-24 20:25 - 2014-07-24 20:25 - 00000000 ____D () C:\Users\User\AppData\Local\{C6A19A19-8FDA-423D-8865-B6F668E68B90}
2014-07-24 08:25 - 2014-07-24 08:25 - 00000000 ____D () C:\Users\User\AppData\Local\{F88E373A-997E-44EA-96A5-A4B43B9F1134}
2014-07-23 20:24 - 2014-07-23 20:25 - 00000000 ____D () C:\Users\User\AppData\Local\{4F89C185-D7AF-41A4-975A-8AB4620572BB}
2014-07-23 12:38 - 2014-07-23 12:42 - 299567486 _____ () C:\Users\User\Downloads\Audio.zip
2014-07-23 11:09 - 2014-07-23 11:09 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-23 11:09 - 2014-07-23 11:09 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-23 08:24 - 2014-07-23 08:24 - 00000000 ____D () C:\Users\User\AppData\Local\{B93F3412-8F01-4D81-8D67-999CF1F971C8}
2014-07-22 20:24 - 2014-07-22 20:24 - 00000000 ____D () C:\Users\User\AppData\Local\{95E7AD8E-0C70-401A-B805-38DC2605FD71}
2014-07-22 08:23 - 2014-07-22 08:24 - 00000000 ____D () C:\Users\User\AppData\Local\{99C6B4F6-3F05-4F2C-8136-0BCF0B57F592}
2014-07-21 20:23 - 2014-07-21 20:23 - 00000000 ____D () C:\Users\User\AppData\Local\{311C97D2-32B7-4014-8CE8-473747FA57F1}
2014-07-21 16:38 - 2014-07-21 16:38 - 12231958 _____ () C:\Users\User\Downloads\DP Mar 2014 - updated by Andrew.pptx
2014-07-21 08:23 - 2014-07-21 08:23 - 00000000 ____D () C:\Users\User\AppData\Local\{5B4CC727-AEE9-48E4-AC78-9E4C47A09DB1}
2014-07-20 20:22 - 2014-07-20 20:23 - 00000000 ____D () C:\Users\User\AppData\Local\{E8CAB33C-9991-40E4-A0B7-4FA32D003C44}
2014-07-20 08:22 - 2014-07-20 08:22 - 00000000 ____D () C:\Users\User\AppData\Local\{C1B5BFB2-BEEE-478F-8918-47929037721A}
2014-07-19 20:22 - 2014-07-19 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\{96DB0404-B93A-40DC-B472-9FAD9AD4214B}
2014-07-19 08:22 - 2014-07-19 08:22 - 00000000 ____D () C:\Users\User\AppData\Local\{BB118FAD-5807-4700-BCA1-4C95BB253F3A}
2014-07-18 20:21 - 2014-07-18 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\{F7F41CA6-DDA6-43F4-9C7C-510DF864A93D}
2014-07-18 08:20 - 2014-07-18 08:20 - 00000000 ____D () C:\Users\User\AppData\Local\{EA71133B-A32D-4535-B414-62B439AFD652}
2014-07-17 20:20 - 2014-07-17 20:20 - 00000000 ____D () C:\Users\User\AppData\Local\{ED34583A-9302-44F0-AC23-6E07CD8ED050}
2014-07-17 08:19 - 2014-07-17 08:19 - 00000000 ____D () C:\Users\User\AppData\Local\{2F33F488-E1FB-4E99-8046-716344C897D0}
2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\User\AppData\Local\{AC6611B0-134F-4161-BCC3-8119988AE8D4}
2014-07-16 08:18 - 2014-07-16 08:19 - 00000000 ____D () C:\Users\User\AppData\Local\{CCC090DF-01DD-4753-819F-F14022909E94}
2014-07-15 20:18 - 2014-07-15 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\{96DD099B-9457-45DF-9DDF-D48AA7A6A85B}
2014-07-15 08:18 - 2014-07-15 08:18 - 00000000 ____D () C:\Users\User\AppData\Local\{A9882D1A-B19B-497F-86D1-9B3641B0E8DA}
2014-07-14 20:17 - 2014-07-14 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\{BF74A961-3ADC-45BA-8F80-70A01D6BC2F6}
2014-07-14 08:17 - 2014-07-14 08:17 - 00000000 ____D () C:\Users\User\AppData\Local\{6647C923-A635-4F67-B663-9F5224A460A2}
2014-07-13 20:17 - 2014-07-13 20:17 - 00000000 ____D () C:\Users\User\AppData\Local\{0D66674A-5B6F-418B-A0D4-984AE3270635}
2014-07-13 08:17 - 2014-07-13 08:17 - 00000000 ____D () C:\Users\User\AppData\Local\{EAEEF6BD-B079-4063-8712-94CF3950CDF7}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 09:40 - 2014-08-11 08:36 - 00021489 _____ () C:\Users\User\Downloads\FRST.txt
2014-08-12 09:40 - 2014-08-11 08:36 - 00000000 ____D () C:\FRST
2014-08-12 09:36 - 2012-07-06 08:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-08-12 09:35 - 2014-08-12 09:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 09:35 - 2014-08-11 13:20 - 00000224 _____ () C:\Windows\setupact.log
2014-08-12 09:35 - 2014-06-21 17:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 09:35 - 2014-05-28 08:26 - 00000420 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-12 09:35 - 2014-05-28 08:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Wise Care 365
2014-08-12 09:35 - 2013-06-12 09:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-12 09:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 09:34 - 2014-07-12 07:30 - 00596848 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 09:26 - 2014-08-12 09:26 - 00012119 _____ () C:\Users\User\Desktop\1.txt
2014-08-12 09:15 - 2012-07-05 18:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 09:08 - 2014-08-12 09:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-12 09:08 - 2014-08-12 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-12 09:08 - 2014-08-12 09:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 09:08 - 2013-01-01 15:33 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-12 09:08 - 2012-08-04 17:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-08-12 09:08 - 2012-08-04 17:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-12 09:07 - 2014-08-12 09:07 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64(2).exe
2014-08-12 09:02 - 2014-08-12 09:02 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2014-08-12 08:46 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-12 08:42 - 2012-08-04 12:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 07:48 - 2014-08-12 07:48 - 00000000 ____D () C:\Users\User\AppData\Local\{3C116C6C-2B0B-495B-92B6-7B5704386779}
2014-08-12 07:22 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 07:22 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 19:48 - 2014-08-11 19:47 - 00000000 ____D () C:\Users\User\AppData\Local\{8AD31469-A7B6-441D-B1B4-D9EC8BF3E402}
2014-08-11 19:46 - 2012-07-06 10:12 - 00000000 ____D () C:\Users\User\Documents\PASSWORDS
2014-08-11 13:48 - 2014-06-23 12:47 - 00000000 ____D () C:\Users\User\Desktop\Rob Moore
2014-08-11 13:20 - 2014-08-11 13:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-11 13:18 - 2012-07-05 07:20 - 00000000 ____D () C:\Windows\Panther
2014-08-11 13:12 - 2014-08-11 13:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\WiseUpdate
2014-08-11 08:56 - 2014-01-22 16:06 - 00000000 ____D () C:\Users\User\Documents\Averil
2014-08-11 08:38 - 2014-08-11 08:37 - 00029728 _____ () C:\Users\User\Downloads\Addition.txt
2014-08-11 08:35 - 2014-08-11 08:35 - 02099712 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-08-11 08:31 - 2014-08-11 08:31 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.scr
2014-08-11 07:47 - 2014-08-11 07:47 - 00000000 ____D () C:\Users\User\AppData\Local\{978C1CCD-C7E2-4F4B-BF58-B277ED124726}
2014-08-11 07:10 - 2012-07-06 10:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-10 18:37 - 2014-08-10 18:37 - 00000020 _____ () C:\Windows\Øø¿
2014-08-10 18:37 - 2012-07-05 16:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-08-10 18:37 - 2012-07-05 16:20 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-08-10 18:37 - 2012-07-05 16:18 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-08-10 18:37 - 2012-07-05 16:16 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-08-10 18:37 - 2012-07-05 16:15 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-08-10 17:56 - 2012-07-06 08:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-10 17:56 - 2012-07-06 08:42 - 00000000 ____D () C:\ProgramData\Skype
2014-08-10 17:05 - 2014-08-10 17:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 16:07 - 2014-08-10 16:07 - 00000000 ____D () C:\Users\User\AppData\Local\{31E75C00-6ADF-4103-987B-D3F6CAF0BAFB}
2014-08-10 16:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-10 16:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-10 15:59 - 2014-04-26 05:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-10 15:59 - 2012-07-13 10:36 - 00000000 ____D () C:\ProgramData\pdf995
2014-08-10 15:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-08-10 15:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-10 13:56 - 2014-08-10 13:56 - 00000134 _____ () C:\Users\User\Desktop\Internet Explorer Troubleshooting.url
2014-08-10 11:59 - 2014-08-10 11:59 - 02077392 _____ (Microsoft Corporation) C:\Users\User\Downloads\IE11-Windows6.1.exe
2014-08-10 11:32 - 2014-08-10 11:32 - 01551008 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\skypesetup(1).exe
2014-08-10 11:32 - 2014-08-10 11:32 - 00003134 _____ () C:\Windows\System32\Tasks\{C6477BE5-03D4-4918-AC82-E44D44A370C2}
2014-08-10 11:28 - 2014-08-10 11:28 - 00000561 _____ () C:\Users\User\Downloads\css.zip
2014-08-10 08:43 - 2014-08-10 08:43 - 00000000 ____D () C:\Users\User\AppData\Local\{69B4AD83-BAA5-4E48-BBAA-8FC633574B9B}
2014-08-09 20:42 - 2014-08-09 20:42 - 00000000 ____D () C:\Users\User\AppData\Local\{2537390F-61AA-40E2-8C4A-39CDC2EB1B56}
2014-08-09 08:42 - 2014-08-09 08:42 - 00000000 ____D () C:\Users\User\AppData\Local\{C79AB55A-62EF-40BC-A041-1A22DD368CFB}
2014-08-08 20:42 - 2014-08-08 20:42 - 00000000 ____D () C:\Users\User\AppData\Local\{1E417506-EAE0-4CA0-BD76-C1AFAC6040E3}
2014-08-08 08:41 - 2014-08-08 08:41 - 00000000 ____D () C:\Users\User\AppData\Local\{E93612CA-022A-40F4-AF8C-43E5EBDABD24}
2014-08-07 20:41 - 2014-08-07 20:41 - 00000000 ____D () C:\Users\User\AppData\Local\{47394201-543C-4638-9149-D13C5A0690E5}
2014-08-07 08:41 - 2014-08-07 08:41 - 00000000 ____D () C:\Users\User\AppData\Local\{853F9A4B-2D04-4FEF-909B-018970FC030E}
2014-08-06 20:40 - 2014-08-06 20:40 - 00000000 ____D () C:\Users\User\AppData\Local\{25A5D269-238C-470B-BE16-268F3AEC5A92}
2014-08-06 10:24 - 2014-08-06 10:24 - 00115432 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-06 08:40 - 2014-08-06 08:40 - 00000000 ____D () C:\Users\User\AppData\Local\{D3B2A5F7-655C-4E9E-98BF-9AF9713374F8}
2014-08-05 20:39 - 2014-08-05 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\{55916C93-6244-452C-BA38-27F9E2105DA7}
2014-08-05 08:39 - 2014-08-05 08:39 - 00000000 ____D () C:\Users\User\AppData\Local\{FBEB232A-B783-4F89-934D-674C669DAF67}
2014-08-04 20:39 - 2014-08-04 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\{38B82AFF-38FC-4412-9062-F2E712C99898}
2014-08-04 12:14 - 2014-08-04 12:14 - 00000000 ____D () C:\Users\User\Documents\Updater
2014-08-04 08:39 - 2014-08-04 08:38 - 00000000 ____D () C:\Users\User\AppData\Local\{D6778506-5A31-4222-8824-326D294CF641}
2014-08-03 20:38 - 2014-08-03 20:38 - 00000000 ____D () C:\Users\User\AppData\Local\{F04C2325-EB2B-4D59-B677-18CA7DC3CBF4}
2014-08-03 08:38 - 2014-08-03 08:38 - 00000000 ____D () C:\Users\User\AppData\Local\{72BB4C27-948E-4448-BC43-9A7046D1A544}
2014-08-02 20:38 - 2014-08-02 20:37 - 00000000 ____D () C:\Users\User\AppData\Local\{EA983E21-1EBE-45B1-9A9F-63AAE80ABE0A}
2014-08-02 08:37 - 2014-08-02 08:37 - 00000000 ____D () C:\Users\User\AppData\Local\{0A2CA0C7-5BE3-4F30-82EE-2EA453FC6045}
2014-08-01 20:37 - 2014-08-01 20:37 - 00000000 ____D () C:\Users\User\AppData\Local\{A90A0B75-2A0B-4404-9BC9-F02F35E770B2}
2014-08-01 08:37 - 2014-08-01 08:37 - 00000000 ____D () C:\Users\User\AppData\Local\{2E281637-8D11-4CB2-8F37-8A66F3C160E9}
2014-07-31 20:36 - 2014-07-31 20:36 - 00000000 ____D () C:\Users\User\AppData\Local\{1B218C7E-00E5-4088-93DE-A6F764A7D2C2}
2014-07-31 16:38 - 2012-09-26 14:05 - 00000000 ____D () C:\Users\User\Documents\Beep
2014-07-31 08:36 - 2014-07-31 08:36 - 00000000 ____D () C:\Users\User\AppData\Local\{734C47F4-8B17-4D64-B18A-C8E356F01548}
2014-07-30 20:36 - 2014-07-30 20:35 - 00000000 ____D () C:\Users\User\AppData\Local\{9A529490-352B-452A-82C8-8AB6DFA8F69D}
2014-07-30 08:35 - 2014-07-30 08:35 - 00000000 ____D () C:\Users\User\AppData\Local\{93C5A0CE-7077-4296-B59B-9979435ACABD}
2014-07-30 08:00 - 2014-05-28 08:26 - 00000400 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-07-29 20:35 - 2014-07-29 20:35 - 00000000 ____D () C:\Users\User\AppData\Local\{14B52461-FCB3-4EB6-ABD4-EDA0380A70B2}
2014-07-29 08:35 - 2014-07-29 08:34 - 00000000 ____D () C:\Users\User\AppData\Local\{3FBEDCF5-0102-4282-B79A-6AA48391F89A}
2014-07-28 20:34 - 2014-07-28 20:34 - 00000000 ____D () C:\Users\User\AppData\Local\{35CE915D-9DD2-413E-8A27-B09F007ABC73}
2014-07-28 08:34 - 2014-07-28 08:34 - 00000000 ____D () C:\Users\User\AppData\Local\{0CC3042D-BFC8-4BA1-8B56-E12507D5639F}
2014-07-27 20:34 - 2014-07-27 20:33 - 00000000 ____D () C:\Users\User\AppData\Local\{C2A665F8-6D6F-48E0-BE73-D31B67D1BC5E}
2014-07-27 08:33 - 2014-07-27 08:33 - 00000000 ____D () C:\Users\User\AppData\Local\{AFB813BB-337E-4781-A97D-F3D079C71202}
2014-07-26 20:33 - 2014-07-26 20:33 - 00000000 ____D () C:\Users\User\AppData\Local\{E6555A06-E4F7-473E-A142-499EE3FC1002}
2014-07-26 08:33 - 2014-07-26 08:32 - 00000000 ____D () C:\Users\User\AppData\Local\{95EFCA16-0880-4D8D-A8D6-E4A1D6783366}
2014-07-25 20:26 - 2014-07-25 20:26 - 00000000 ____D () C:\Users\User\AppData\Local\{89A1B035-E81A-4BF8-A90C-1240D9D15D2A}
2014-07-25 08:26 - 2014-07-25 08:26 - 00000000 ____D () C:\Users\User\AppData\Local\{696B8B77-022A-4166-92D8-28247415019A}
2014-07-25 06:26 - 2013-03-14 21:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 06:26 - 2013-03-14 21:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 21:15 - 2013-03-14 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 20:25 - 2014-07-24 20:25 - 00000000 ____D () C:\Users\User\AppData\Local\{C6A19A19-8FDA-423D-8865-B6F668E68B90}
2014-07-24 08:25 - 2014-07-24 08:25 - 00000000 ____D () C:\Users\User\AppData\Local\{F88E373A-997E-44EA-96A5-A4B43B9F1134}
2014-07-23 20:25 - 2014-07-23 20:24 - 00000000 ____D () C:\Users\User\AppData\Local\{4F89C185-D7AF-41A4-975A-8AB4620572BB}
2014-07-23 12:42 - 2014-07-23 12:38 - 299567486 _____ () C:\Users\User\Downloads\Audio.zip
2014-07-23 11:09 - 2014-07-23 11:09 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-23 11:09 - 2014-07-23 11:09 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-23 11:09 - 2013-06-17 14:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-23 11:09 - 2013-06-17 14:11 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-23 11:09 - 2012-10-16 18:37 - 00000000 ____D () C:\Program Files\Java
2014-07-23 08:24 - 2014-07-23 08:24 - 00000000 ____D () C:\Users\User\AppData\Local\{B93F3412-8F01-4D81-8D67-999CF1F971C8}
2014-07-22 20:24 - 2014-07-22 20:24 - 00000000 ____D () C:\Users\User\AppData\Local\{95E7AD8E-0C70-401A-B805-38DC2605FD71}
2014-07-22 08:24 - 2014-07-22 08:23 - 00000000 ____D () C:\Users\User\AppData\Local\{99C6B4F6-3F05-4F2C-8136-0BCF0B57F592}
2014-07-21 20:23 - 2014-07-21 20:23 - 00000000 ____D () C:\Users\User\AppData\Local\{311C97D2-32B7-4014-8CE8-473747FA57F1}
2014-07-21 16:38 - 2014-07-21 16:38 - 12231958 _____ () C:\Users\User\Downloads\DP Mar 2014 - updated by Andrew.pptx
2014-07-21 08:23 - 2014-07-21 08:23 - 00000000 ____D () C:\Users\User\AppData\Local\{5B4CC727-AEE9-48E4-AC78-9E4C47A09DB1}
2014-07-20 20:23 - 2014-07-20 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\{E8CAB33C-9991-40E4-A0B7-4FA32D003C44}
2014-07-20 08:22 - 2014-07-20 08:22 - 00000000 ____D () C:\Users\User\AppData\Local\{C1B5BFB2-BEEE-478F-8918-47929037721A}
2014-07-19 20:22 - 2014-07-19 20:22 - 00000000 ____D () C:\Users\User\AppData\Local\{96DB0404-B93A-40DC-B472-9FAD9AD4214B}
2014-07-19 08:22 - 2014-07-19 08:22 - 00000000 ____D () C:\Users\User\AppData\Local\{BB118FAD-5807-4700-BCA1-4C95BB253F3A}
2014-07-18 20:22 - 2014-07-18 20:21 - 00000000 ____D () C:\Users\User\AppData\Local\{F7F41CA6-DDA6-43F4-9C7C-510DF864A93D}
2014-07-18 13:46 - 2012-07-06 10:03 - 00000000 ____D () C:\Users\User\Documents\Copywriting Jobs Done
2014-07-18 11:18 - 2013-09-30 09:28 - 00000000 ____D () C:\Users\User\Documents\Clickbank-Articles
2014-07-18 10:04 - 2012-07-06 09:59 - 00000000 ____D () C:\Users\User\Documents\My Webs
2014-07-18 10:02 - 2014-06-24 13:22 - 00000000 ____D () C:\Users\User\Documents\Property
2014-07-18 10:00 - 2014-01-08 13:28 - 00000000 ____D () C:\Users\User\Documents\AFFILIATE-CPA
2014-07-18 08:20 - 2014-07-18 08:20 - 00000000 ____D () C:\Users\User\AppData\Local\{EA71133B-A32D-4535-B414-62B439AFD652}
2014-07-18 06:38 - 2012-07-06 10:13 - 00000000 ____D () C:\Users\User\Documents\address
2014-07-17 20:20 - 2014-07-17 20:20 - 00000000 ____D () C:\Users\User\AppData\Local\{ED34583A-9302-44F0-AC23-6E07CD8ED050}
2014-07-17 08:19 - 2014-07-17 08:19 - 00000000 ____D () C:\Users\User\AppData\Local\{2F33F488-E1FB-4E99-8046-716344C897D0}
2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\User\AppData\Local\{AC6611B0-134F-4161-BCC3-8119988AE8D4}
2014-07-16 08:19 - 2014-07-16 08:18 - 00000000 ____D () C:\Users\User\AppData\Local\{CCC090DF-01DD-4753-819F-F14022909E94}
2014-07-15 20:18 - 2014-07-15 20:18 - 00000000 ____D () C:\Users\User\AppData\Local\{96DD099B-9457-45DF-9DDF-D48AA7A6A85B}
2014-07-15 08:18 - 2014-07-15 08:18 - 00000000 ____D () C:\Users\User\AppData\Local\{A9882D1A-B19B-497F-86D1-9B3641B0E8DA}
2014-07-14 20:18 - 2014-07-14 20:17 - 00000000 ____D () C:\Users\User\AppData\Local\{BF74A961-3ADC-45BA-8F80-70A01D6BC2F6}
2014-07-14 08:17 - 2014-07-14 08:17 - 00000000 ____D () C:\Users\User\AppData\Local\{6647C923-A635-4F67-B663-9F5224A460A2}
2014-07-13 20:17 - 2014-07-13 20:17 - 00000000 ____D () C:\Users\User\AppData\Local\{0D66674A-5B6F-418B-A0D4-984AE3270635}
2014-07-13 08:17 - 2014-07-13 08:17 - 00000000 ____D () C:\Users\User\AppData\Local\{EAEEF6BD-B079-4063-8712-94CF3950CDF7}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 07:20

==================== End Of Log ==========================

 

I did not get theAddition.txt file

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
    
 
    
Before we start please read and note the following:
    
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    
icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
 
P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 
 
 
 
 
adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.
  • Please include the contents of that file in your reply.

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.