Jump to content

AdwCleaner nightmare - black screen after login.


Recommended Posts

I hope someone here can help me!

I installed Malwarebytes and AdwCleaner on a laptop last night. Malwarebytes scan was great and cleaned up the system. Then I used AdwCleaner and managed to accidentally 'clean' over 7 GB of files from WINSXS. I thought I was only cleaning one file, but after it started I noticed the other tabs with multiple files in there. I tried to stop it, but couldn't so I shut down. Now I have a black screen after login (in all safe modes). I can reach task manager and through browsing I have found AdwCleaner under the C drive with the quarantined files in it.

I copied the quarantine folder to my desktop and thought I could remove the .vir extensions and then move the files back into the WINSXS folder. I can't select more than one file at a time while browsing in task manager - there are thousands of them - is there a way of moving them back where they belong? Task manager can't find explorer.exe. And I can't open any programs as I get an error COMCTL32.dll is missing.

Here is what I've tried so far:

System recovery options (start up repair and system restore - neither work)

Booting from a flash drive with windows defender offline.

SFC /SCANNOW

CHKDSK

If only I could undo AdwCleaner I think it would be back to normal.

Please help - this is my daughter's computer with her homework etc on it :-(

Windows 7 Home Premium

Lenovo Ideapad Z565

Thank you

Link to post
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


Can you tell me what system is installed? Especially I need to know if it's 32- or 64-bit.

Link to post
Share on other sites

Leave the scans for now, as I will need to check some things outside the windows. And here are the guidelines to check the -bit architecture:


WindowsKey.png Check Windows architecture

Please check your windows architecture:

  • Click the Start button.
  • Right-click on Computer and select Properties.
  • A window should appear - in the middle part of it there should be a note if your system has 32- or 64-bit architecture.

Please rewrite this information for me - it will help me choose better tools to assist you.

Link to post
Share on other sites

rufus-128.png_FRST.gif Scan with Farbar Recovery Scan Tool from the Recovery Environment

We will be working outside of Windows, so I think it would be prudent to save it or print down for further reference.

This instruction is a quite complicated one as it contains multiple steps. We will need a clean machine and a USB stick (thumbdrive).

DOWNLOADS

There will be three things to download on your clean machine:

Save them preferably to the desktop, as it would make the rest of instructions easier.

Recovery .iso file will be downloaded from my GoogleDrive. You will be notified that the file is too big for Google to scan it with built-in virus scanners - I assure you that it's perfectly safe.

PREPARATIONS

Prepare the tool on your clean machine.

rufus-128.png Create bootable USB drive with RUFUS

  • Right-click on rufus-128.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Configure it with the settings listed below:
    • Device - make sure that your pendrive is listed;
    • File System - set to NTFS;
    • Make sure that Quick format option is checked;
    • Create a bootable disk using - select ISO Image;
    • Click on the small CD icon next to ISO Image - select the downloaded Recovery Environment .iso file.
  • Press Start ant the process should run.

You will be notified on the lower bar when it will be completed.

After that please copy FRST to the root of your pendrive.

Now unplug your pendrive and move it into your corrupted machine.

ACTION

Insert your USB drive to the corrupted machine and start the computer.

Make sure that booting from USB is set. If you don't know how to do it, instructions HERE.

Getting form one step to another during this part will take some time. Please be patient.

WindowsKey.png Run Recovery Environment

  • When the machine boots-up, you will see the Install now window. Instead choose the Repair my computer option.
  • You will be presented with the list of operating systems (usually there will be only one). Highlight it by clicking on it and select Next.
  • In the Choose Recovery Tool menu select Command Prompt.

You will see a big black window with a blinking cursor (command prompt).

notepad.png Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.

Note down the letter and close the notepad.

FRST.gif Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

  • Type in e:\frst.exe and press Enter.

    You need to replace e with the letter of your USB drive taken from notepad!

  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.

When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.

Edited by Naathim
Link to post
Share on other sites

Hi :)
 
OK, I know what's going on. We need an additional scan to repair the missing explorer.



rufus-128.png_FRST.gif Scan with Farbar Recovery Scan Tool from the Recovery Environment

We will be working outside of Windows, so I think it would be prudent to save it or print down for further reference.
This instruction is a quite complicated one as it contains multiple steps. We will need a clean machine and a USB stick (thumbdrive).

Insert your USB drive to the corrupted machine and start the computer.
Make sure that booting from USB is set. If you don't know how to do it, instructions HERE.

Getting form one step to another during this part will take some time. Please be patient.

WindowsKey.png Run Recovery Environment

  • When the machine boots-up, you will see the Install now window. Instead choose the Repair my computer option.
  • You will be presented with the list of operating systems (usually there will be only one). Highlight it by clicking on it and select Next.
  • In the Choose Recovery Tool menu select Command Prompt.

You will see a big black window with a blinking cursor (command prompt).

notepad.png Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.

Note down the letter and close the notepad.

FRST.gif Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

  • Type in e:\frst.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the Search box please type in the following:
    explorer.exe;
  • In the main console, please click Search Files and wait.

When finished it will produce a logfile named Search.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.

Link to post
Share on other sites

Thank you so much for all your help! I enclose the search logfile;

(I switched to firefox and can now copy and paste!)

 

Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by SYSTEM at 2014-09-20 09:46:34
Running from G:\
Boot Mode: Recovery

================== Search Files: "explorer.exe;" =============

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011-12-24 06:53][2011-02-25 22:14] 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-12-24 06:53][2011-02-24 22:19] 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011-12-25 08:02][2010-11-20 05:24] 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011-12-24 06:53][2011-02-25 22:26] 2870784 ____A (Microsoft Corporation) E38899074D4951D31B4040E994DD7C8D

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011-03-31 05:20][2011-03-31 05:20] 2870272 ____A (Microsoft Corporation) B8EC4BD49CE8F6FC457721BFC210B67F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011-03-31 05:22][2011-03-31 05:22] 2868224 ____A (Microsoft Corporation) 700073016DAC1C3D2E7E2CE4223334B6

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011-12-24 06:53][2011-02-25 22:23] 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011-03-31 05:20][2011-03-31 05:20] 2870272 ____A (Microsoft Corporation) 9AAAEC8DAC27AA17B053E6352AD233AE

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011-03-31 05:22][2011-03-31 05:22] 2868224 ____A (Microsoft Corporation) F170B4A061C9E026437B193B4D571799

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009-07-13 15:56][2009-07-13 17:39] 2868224 ____A (Microsoft Corporation) C235A51CB740E45FFA0EBFB9BAFCDA64

C:\Windows\SysWOW64\explorer.exe
[2011-12-24 06:53][2011-02-24 21:30] 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

====== End Of Search ======

Link to post
Share on other sites

Hi :)



rufus-128.png_FRST.gif Fix with Farbar Recovery Scan Tool from the Recovery Environment

We will be working outside of Windows, so I think it would be prudent to save it or print down for further reference.
This instruction is a quite complicated one as it contains multiple steps. We will need a clean machine and a USB stick (thumbdrive).

PREPARATIONS

notepad.png Prepare the fix on your clean machine
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    startReplace: C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe C:\Windows\explorer.exeend
  • Click File, Save As and type fixlist.txt as the File Name.

After that please copy fixlist.txt to the root of your pendrive (where FRST is located).
Now unplug your pendrive and move it into your corrupted machine.

ACTION

Insert your USB drive to the corrupted machine and start the computer.
Make sure that booting from USB is set. If you don't know how to do it, instructions HERE.

Getting from one step to another during this part will take some time. Please be patient.

WindowsKey.png Run Recovery Environment

  • When the machine boots-up, you will see the Install now window. Instead choose the Repair my computer option.
  • You will be presented with the list of operating systems (usually there will be only one). Highlight it by clicking on it and select Next.
  • In the Choose Recovery Tool menu select Command Prompt.

You will see a big black window with a blinking cursor (command prompt).

notepad.png Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.

Note down the letter and close the notepad.

FRST.gif Fix with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

  • Type in e:\frst.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click FIX and wait.

When finished it will produce a logfile named fixlog.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.


After that please try to boot in the regular manner.

Link to post
Share on other sites

Naat, I enclose the fixlog below. The computer started up normally and shows the desktop (Yes!). A system error window popped up;

CNSLMAIN.exe - the program cannot start because COMCTL32.dll is missing.

Thanks again for your help :)

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by SYSTEM at 2014-09-20 15:07:26 Run:1
Running from g:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe C:\Windows\explorer.exe
end
*****************

Could not find C:\Windows\explorer.exe.
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe copied successfully to C:\Windows\explorer.exe

==== End of Fixlog ====

Link to post
Share on other sites

OK, now please do the following:

Delete your version of FRST.

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

enclosed FRST logfile;

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by C Godfrey (administrator) on JASMINE-PC on 20-09-2014 18:11:02
Running from C:\Users\C Godfrey\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\pcreg\pcreg.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11448424 2010-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-08-20] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-03-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584 2011-05-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [38840 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640440 2009-12-21] (Adobe Systems Inc.)
HKLM-x32\...\Run: [(default)] => [X]
HKLM-x32\...\RunOnce: [start Savin-repairJob] => wscript.exe "C:\Users\C Godfrey\AppData\Local\Start Savin\repair.js" "Start Savin-repairJob"
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3647814712-1308302749-3176139663-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3647814712-1308302749-3176139663-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3647814712-1308302749-3176139663-1001\...\Policies\Explorer: [HideSCAHealth] 1
GroupPolicyUsers\S-1-5-21-3647814712-1308302749-3176139663-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCCE6102458D4CF01
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
URLSearchHook: HKLM-x32 - Installl Converter A Toolbar - {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Users\C Godfrey\AppData\LocalLow\Installl_Converter_A\prxtbIns1.dll (ClientConnect Ltd.)
URLSearchHook: HKLM-x32 - WiseConvert B2 Toolbar - {da7a20cf-bef4-4342-ad78-0240fdf87055} - C:\Users\C Godfrey\AppData\LocalLow\WiseConvert_B2\prxtbWis3.dll (ClientConnect Ltd.)
SearchScopes: HKLM-x32 - DefaultScope {B8BF35CB-8A5F-486E-95D2-9A46CBE5D71F} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: GreatArcadeHits Add-on -> {D0C21091-FF8E-432C-9006-0540E81BA9D7} -> C:\Users\Jasmine\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll ()
BHO-x32: WiseConvert B2 Toolbar -> {da7a20cf-bef4-4342-ad78-0240fdf87055} -> C:\Users\C Godfrey\AppData\LocalLow\WiseConvert_B2\prxtbWis3.dll (ClientConnect Ltd.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Installl Converter A Toolbar -> {f84db37a-ae6f-423b-9f51-14b5ec10c879} -> C:\Users\C Godfrey\AppData\LocalLow\Installl_Converter_A\prxtbIns1.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Installl Converter A Toolbar - {f84db37a-ae6f-423b-9f51-14b5ec10c879} - C:\Users\C Godfrey\AppData\LocalLow\Installl_Converter_A\prxtbIns1.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - WiseConvert B2 Toolbar - {da7a20cf-bef4-4342-ad78-0240fdf87055} - C:\Users\C Godfrey\AppData\LocalLow\WiseConvert_B2\prxtbWis3.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {DA7A20CF-BEF4-4342-AD78-0240FDF87055} -  No File
Toolbar: HKCU - No Name - {F84DB37A-AE6F-423B-9F51-14B5EC10C879} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-06]

Chrome:
=======
CHR Profile: C:\Users\C Godfrey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DealPly  Shopping) - C:\Users\C Godfrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-12-23] (Macrovision Europe Ltd.) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [33824 2013-12-17] ()
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 19:07 - 2011-02-26 02:14 - 02871808 _____ (Microsoft Corporation) C:\windows\explorer.exe
2014-09-20 18:11 - 2014-09-20 18:12 - 00017571 _____ () C:\Users\C Godfrey\Desktop\FRST.txt
2014-09-20 18:09 - 2014-09-20 18:05 - 02105856 _____ (Farbar) C:\Users\C Godfrey\Desktop\FRST64.exe
2014-09-20 00:25 - 2014-09-20 18:11 - 00000000 ____D () C:\FRST
2014-09-19 18:52 - 2014-09-19 18:52 - 00014848 ___SH () C:\Users\C Godfrey\Thumbs.db
2014-09-19 14:34 - 2014-09-18 21:18 - 08444118 _____ () C:\Users\C Godfrey\Desktop\Quarantine.txt
2014-09-19 14:34 - 2014-09-18 21:09 - 00020032 _____ () C:\Users\C Godfrey\Desktop\AdwCleaner[R0].txt
2014-09-19 14:16 - 2014-09-19 13:58 - 01373475 _____ () C:\Users\C Godfrey\Desktop\AdwCleaner.exe
2014-09-19 11:01 - 2014-09-19 11:47 - 00000000 ____D () C:\Users\C Godfrey\Desktop\winsxs folder in adwcleaner quarantine
2014-09-18 21:48 - 2014-09-19 17:14 - 00000000 ____D () C:\windows\Microsoft Antimalware
2014-09-18 21:24 - 2014-09-20 18:07 - 00002028 _____ () C:\windows\setupact.log
2014-09-18 21:24 - 2014-09-18 21:24 - 00000000 _____ () C:\windows\setuperr.log
2014-09-18 21:24 - 2014-09-18 21:24 - 00000000 _____ () C:\windows\ativpsrm.bin
2014-09-18 21:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-09-18 21:08 - 2014-09-18 21:09 - 00000000 ____D () C:\AdwCleaner
2014-09-18 20:26 - 2014-09-18 20:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-18 20:26 - 2014-09-18 20:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-18 20:26 - 2014-09-18 20:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-18 20:22 - 2014-09-18 20:22 - 14087848 _____ (Microsoft Corporation) C:\Users\C Godfrey\Downloads\mseinstall.exe
2014-09-18 18:58 - 2014-09-18 18:58 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\CrashDumps
2014-09-18 18:27 - 2014-09-18 18:27 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:26 - 2014-09-18 18:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-18 18:26 - 2014-09-18 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 18:26 - 2014-09-18 18:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 18:26 - 2014-09-18 18:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 18:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-18 18:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-18 18:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-18 18:03 - 2014-09-18 18:03 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\{DFDAED30-9598-4403-A562-627CD7246F3E}
2014-09-13 19:14 - 2014-09-14 07:53 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\{1CF4ED87-B000-4C2E-A89F-86CA969AE1FE}
2014-09-13 15:31 - 2014-09-13 15:31 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\{0F110382-BDDB-4C93-B8D6-927FFA6454D6}
2014-09-13 15:18 - 2014-09-13 15:18 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\{EF173B67-95A5-4423-A56B-24604AB2BA9D}
2014-09-13 13:53 - 2014-09-13 13:53 - 00282984 _____ () C:\windows\Minidump\091314-56409-01.dmp
2014-09-12 17:19 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-12 17:19 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-12 17:19 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-12 17:19 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-12 17:19 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-12 17:19 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-12 17:19 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-12 17:19 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-12 17:19 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-12 17:19 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-12 17:19 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-12 17:19 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-12 17:19 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 17:19 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-12 17:19 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-12 17:19 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-12 17:19 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-12 17:19 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-12 17:19 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-12 17:19 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-12 17:19 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-12 17:19 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-12 17:19 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-12 17:19 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-12 17:19 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-12 17:19 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-12 17:19 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-12 17:18 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-12 17:18 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-12 17:18 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-12 17:18 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-12 17:18 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-12 17:18 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-12 17:18 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-12 17:18 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-12 17:18 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-12 17:18 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-12 17:18 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-12 17:18 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-12 17:18 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-12 17:18 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-12 17:18 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-12 17:18 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-12 17:18 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-12 17:18 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-12 17:18 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 17:18 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-12 17:18 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-12 17:18 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-12 17:18 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-12 17:18 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-12 17:18 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-12 17:18 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-12 17:18 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-12 17:18 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-12 17:18 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-12 16:33 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-12 16:33 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 17:08 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-10 17:08 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-10 17:07 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-10 17:07 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-10 17:07 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-10 17:07 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-10 17:07 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-10 17:07 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-10 17:07 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-10 17:05 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 17:05 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-05 18:58 - 2014-09-05 18:58 - 00000000 ____D () C:\Users\Jasmine\228002049E5345C7B6F35BB0F1C1A147.TMP
2014-09-05 18:57 - 2014-09-05 18:57 - 06692840 _____ () C:\Users\Jasmine\Desktop\jing.exe
2014-09-05 18:54 - 2014-09-05 18:57 - 00000187 _____ () C:\Users\Jasmine\Desktop\eula.txt
2014-09-05 18:53 - 2014-09-05 18:55 - 00000002 _____ () C:\Users\Jasmine\Desktop\ops.json
2014-09-05 18:53 - 2014-09-05 18:55 - 00000002 _____ () C:\Users\Jasmine\Desktop\banned-players.json
2014-09-05 18:53 - 2014-09-05 18:55 - 00000002 _____ () C:\Users\Jasmine\Desktop\banned-ips.json
2014-09-05 17:10 - 2014-09-05 18:55 - 00000000 ____D () C:\Users\Jasmine\Desktop\Minecraft Server!
2014-09-03 21:14 - 2014-09-03 21:15 - 00282984 _____ () C:\windows\Minidump\090314-54974-01.dmp
2014-09-03 20:02 - 2014-09-03 20:02 - 00282984 _____ () C:\windows\Minidump\090314-66877-01.dmp
2014-09-01 18:23 - 2014-09-01 18:23 - 00282984 _____ () C:\windows\Minidump\090114-116142-01.dmp
2014-09-01 15:03 - 2014-09-01 15:03 - 00282984 _____ () C:\windows\Minidump\090114-133427-01.dmp
2014-09-01 12:10 - 2014-09-01 12:11 - 00282984 _____ () C:\windows\Minidump\090114-119871-01.dmp
2014-08-27 16:38 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-27 16:38 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-27 16:38 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-25 17:59 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-25 17:59 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-25 17:59 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-25 17:59 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-25 17:59 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-25 17:59 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-25 17:59 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-25 17:59 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-25 17:55 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-25 17:54 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-25 17:54 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-25 17:54 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-25 17:54 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-25 17:53 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-25 17:53 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-25 17:53 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-25 17:53 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-25 17:53 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-25 17:53 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-25 17:53 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-25 17:51 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-25 17:51 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-25 17:32 - 2014-08-25 17:34 - 00781048 _____ ( ) C:\Users\Jasmine\Downloads\adobe_flash_setup.exe
2014-08-25 17:17 - 2014-08-25 17:17 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\{FCDF1DCB-FA55-4669-8BFC-F31055B36C3D}
2014-08-25 16:55 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-25 16:55 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-25 16:55 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-25 16:55 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-25 16:53 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-25 16:53 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-25 16:53 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-25 16:53 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-25 16:53 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-25 16:53 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-25 16:51 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-25 16:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-25 16:51 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-25 16:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 18:12 - 2014-09-20 18:11 - 00017571 _____ () C:\Users\C Godfrey\Desktop\FRST.txt
2014-09-20 18:11 - 2014-09-20 00:25 - 00000000 ____D () C:\FRST
2014-09-20 18:11 - 2011-03-31 17:59 - 01943154 _____ () C:\windows\WindowsUpdate.log
2014-09-20 18:10 - 2013-08-18 17:31 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3647814712-1308302749-3176139663-1003UA.job
2014-09-20 18:07 - 2014-09-18 21:24 - 00002028 _____ () C:\windows\setupact.log
2014-09-20 18:07 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-20 18:05 - 2014-09-20 18:09 - 02105856 _____ (Farbar) C:\Users\C Godfrey\Desktop\FRST64.exe
2014-09-20 15:18 - 2013-10-23 18:18 - 00000284 _____ () C:\windows\Tasks\GreatArcadeHits.job
2014-09-20 15:18 - 2009-07-14 00:45 - 00022464 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 15:18 - 2009-07-14 00:45 - 00022464 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 19:45 - 2013-04-07 14:18 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 19:41 - 2013-12-29 15:41 - 00000300 _____ () C:\windows\Tasks\Digital Sites.job
2014-09-19 19:36 - 2014-04-06 10:04 - 00000352 _____ () C:\windows\Tasks\bench-sys.job
2014-09-19 19:35 - 2013-12-29 15:41 - 00000300 _____ () C:\windows\Tasks\MySearchDial.job
2014-09-19 18:52 - 2014-09-19 18:52 - 00014848 ___SH () C:\Users\C Godfrey\Thumbs.db
2014-09-19 18:52 - 2011-12-23 13:07 - 00000000 ____D () C:\Users\C Godfrey
2014-09-19 18:02 - 2014-04-06 10:04 - 00000352 _____ () C:\windows\Tasks\bench-S-1-5-21-3647814712-1308302749-3176139663-1001.job
2014-09-19 17:14 - 2014-09-18 21:48 - 00000000 ____D () C:\windows\Microsoft Antimalware
2014-09-19 14:17 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-19 13:58 - 2014-09-19 14:16 - 01373475 _____ () C:\Users\C Godfrey\Desktop\AdwCleaner.exe
2014-09-19 13:10 - 2013-08-18 17:31 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3647814712-1308302749-3176139663-1003Core.job
2014-09-19 11:47 - 2014-09-19 11:01 - 00000000 ____D () C:\Users\C Godfrey\Desktop\winsxs folder in adwcleaner quarantine
2014-09-19 08:25 - 2009-07-14 01:08 - 00032530 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-18 21:49 - 2011-12-23 15:40 - 00688854 __RSH () C:\Users\Jasmine\ntuser.pol
2014-09-18 21:49 - 2011-12-23 15:40 - 00000000 ____D () C:\Users\Jasmine
2014-09-18 21:24 - 2014-09-18 21:24 - 00000000 _____ () C:\windows\setuperr.log
2014-09-18 21:24 - 2014-09-18 21:24 - 00000000 _____ () C:\windows\ativpsrm.bin
2014-09-18 21:18 - 2014-09-19 14:34 - 08444118 _____ () C:\Users\C Godfrey\Desktop\Quarantine.txt
2014-09-18 21:09 - 2014-09-19 14:34 - 00020032 _____ () C:\Users\C Godfrey\Desktop\AdwCleaner[R0].txt
2014-09-18 21:09 - 2014-09-18 21:08 - 00000000 ____D () C:\AdwCleaner
2014-09-18 20:56 - 2011-12-23 14:22 - 00000632 __RSH () C:\Users\C Godfrey\ntuser.pol
2014-09-18 20:55 - 2011-12-23 13:23 - 00000000 ____D () C:\ProgramData\Norton
2014-09-18 20:26 - 2014-09-18 20:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-18 20:26 - 2014-09-18 20:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-18 20:26 - 2014-09-18 20:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-18 20:22 - 2014-09-18 20:22 - 14087848 _____ (Microsoft Corporation) C:\Users\C Godfrey\Downloads\mseinstall.exe
2014-09-18 18:58 - 2014-09-18 18:58 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\CrashDumps
2014-09-18 18:27 - 2014-09-18 18:27 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:26 - 2014-09-18 18:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-18 18:26 - 2014-09-18 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 18:26 - 2014-09-18 18:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 18:26 - 2014-09-18 18:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 18:03 - 2014-09-18 18:03 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\{DFDAED30-9598-4403-A562-627CD7246F3E}
2014-09-14 09:22 - 2013-12-29 16:41 - 00000142 _____ () C:\Users\Jasmine\AppData\Roaming\WB.CFG
2014-09-14 09:14 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-14 08:44 - 2012-07-23 19:35 - 00000000 ____D () C:\Users\Jasmine\AppData\Local\CrashDumps
2014-09-14 07:53 - 2014-09-13 19:14 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\{1CF4ED87-B000-4C2E-A89F-86CA969AE1FE}
2014-09-13 15:31 - 2014-09-13 15:31 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\{0F110382-BDDB-4C93-B8D6-927FFA6454D6}
2014-09-13 15:18 - 2014-09-13 15:18 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\{EF173B67-95A5-4423-A56B-24604AB2BA9D}
2014-09-13 13:53 - 2014-09-13 13:53 - 00282984 _____ () C:\windows\Minidump\091314-56409-01.dmp
2014-09-13 13:53 - 2012-07-21 10:17 - 00000000 ____D () C:\windows\Minidump
2014-09-13 11:44 - 2013-08-10 09:22 - 00000000 ____D () C:\Users\Jasmine\AppData\Roaming\.minecraft
2014-09-12 18:43 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-09-12 17:44 - 2014-05-09 06:21 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-12 17:09 - 2013-10-23 19:11 - 00775994 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-12 16:59 - 2013-11-26 08:56 - 00000000 ____D () C:\windows\system32\MRT
2014-09-12 16:36 - 2012-03-17 11:29 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-12 16:31 - 2013-04-07 14:18 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-12 16:31 - 2013-04-07 14:18 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-12 16:31 - 2013-04-07 14:18 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 14:49 - 2013-09-17 17:07 - 00000000 ____D () C:\Users\Jasmine\AppData\Local\Torch
2014-09-07 10:23 - 2013-09-17 17:08 - 00001194 _____ () C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2014-09-05 18:58 - 2014-09-05 18:58 - 00000000 ____D () C:\Users\Jasmine\228002049E5345C7B6F35BB0F1C1A147.TMP
2014-09-05 18:57 - 2014-09-05 18:57 - 06692840 _____ () C:\Users\Jasmine\Desktop\jing.exe
2014-09-05 18:57 - 2014-09-05 18:54 - 00000187 _____ () C:\Users\Jasmine\Desktop\eula.txt
2014-09-05 18:55 - 2014-09-05 18:53 - 00000002 _____ () C:\Users\Jasmine\Desktop\ops.json
2014-09-05 18:55 - 2014-09-05 18:53 - 00000002 _____ () C:\Users\Jasmine\Desktop\banned-players.json
2014-09-05 18:55 - 2014-09-05 18:53 - 00000002 _____ () C:\Users\Jasmine\Desktop\banned-ips.json
2014-09-05 18:55 - 2014-09-05 17:10 - 00000000 ____D () C:\Users\Jasmine\Desktop\Minecraft Server!
2014-09-05 18:55 - 2014-04-30 18:45 - 00000002 _____ () C:\Users\Jasmine\Desktop\usercache.json
2014-09-05 18:55 - 2013-08-10 12:21 - 00000000 ____D () C:\Users\Jasmine\Desktop\world
2014-09-05 18:55 - 2013-08-10 12:20 - 00000781 _____ () C:\Users\Jasmine\Desktop\server.properties
2014-09-04 22:10 - 2014-09-10 17:05 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-10 17:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-03 21:15 - 2014-09-03 21:14 - 00282984 _____ () C:\windows\Minidump\090314-54974-01.dmp
2014-09-03 20:02 - 2014-09-03 20:02 - 00282984 _____ () C:\windows\Minidump\090314-66877-01.dmp
2014-09-01 18:23 - 2014-09-01 18:23 - 00282984 _____ () C:\windows\Minidump\090114-116142-01.dmp
2014-09-01 15:03 - 2014-09-01 15:03 - 00282984 _____ () C:\windows\Minidump\090114-133427-01.dmp
2014-09-01 12:11 - 2014-09-01 12:10 - 00282984 _____ () C:\windows\Minidump\090114-119871-01.dmp
2014-08-29 19:13 - 2009-07-14 00:45 - 04915744 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-25 21:21 - 2013-11-17 21:42 - 00000000 ____D () C:\Users\C Godfrey\AppData\Roaming\Open Download Manager
2014-08-25 20:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-25 17:34 - 2014-08-25 17:32 - 00781048 _____ ( ) C:\Users\Jasmine\Downloads\adobe_flash_setup.exe
2014-08-25 17:34 - 2013-12-26 17:09 - 00000000 ____D () C:\Program Files\pcreg
2014-08-25 17:24 - 2013-11-17 21:44 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\AVG SafeGuard toolbar
2014-08-25 17:17 - 2014-08-25 17:17 - 00000000 ____D () C:\Users\C Godfrey\AppData\Local\{FCDF1DCB-FA55-4669-8BFC-F31055B36C3D}
2014-08-25 16:40 - 2013-10-23 18:18 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-08-22 22:07 - 2014-08-27 16:38 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 16:38 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 16:38 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\C Godfrey\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\C Godfrey\AppData\Local\Temp\Quarantine.exe
C:\Users\C Godfrey\AppData\Local\Temp\SymCCIS.dll
C:\Users\Jasmine\AppData\Local\Temp\air7885.exe
C:\Users\Jasmine\AppData\Local\Temp\ICReinstall_FileExtractorSetup.exe
C:\Users\Jasmine\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Jasmine\AppData\Local\Temp\setup.exe
C:\Users\Jasmine\AppData\Local\Temp\Sqlite3.dll
C:\Users\Jasmine\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Jasmine\AppData\Local\Temp\update121562453.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-07 15:11

==================== End Of Log ============================

Link to post
Share on other sites

Enclosed Addition logfile;

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by C Godfrey at 2014-09-20 18:13:48
Running from C:\Users\C Godfrey\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.11.0 - Mirillis)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.3.0 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.3.0 - Adobe Systems) Hidden
Adobe Acrobat 9.3.0 - CPSID_52073 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_930) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.0.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90100000001}) (Version: 9.0.1 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{6CADC615-64C7-7366-A49A-342E8B7D3C9B}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
Canon iP2700 series User Registration (HKLM-x32\...\Canon iP2700 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0719.1349.22889 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0719.1349.22889 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0719.1349.22889 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help English (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help French (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help German (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0719.1349.22889 - ATI) Hidden
ccc-utility64 (Version: 2010.0719.1349.22889 - ATI) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.9 - Lenovo)
ETDWare PS/2-x64 7.0.4.17_WHQL (HKLM\...\Elantech) (Version: 7.0.4.17 - ELAN Microelectronics Corp.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.96.2018.21 - Lenovo EasyCamera)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 0.38.389.2 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Level Quality Watcher (x32 Version: 1.0.0.0 - Adpeak, Inc.) Hidden <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)
Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6184 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
ScorpionSaver (HKLM-x32\...\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Slender: The Arrival (HKLM-x32\...\Steam App 252330) (Version:  - Blue Isle Studios)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SweetPacks Updater Service (HKLM-x32\...\WNLT) (Version: 5.0.8.6 - ) <==== ATTENTION
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3647814712-1308302749-3176139663-1001_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3647814712-1308302749-3176139663-1001_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3647814712-1308302749-3176139663-1001_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2BFFF1C5-9261-4578-8055-F2C72F02C376} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {2E7C85B6-52EB-468A-B58A-4F1B3E85960B} - System32\Tasks\MySearchDial => C:\Users\Jasmine\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {4406CB3E-046B-4694-BEAC-585EC61DD99A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3647814712-1308302749-3176139663-1003Core => C:\Users\Jasmine\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {4D0074C0-14F1-471D-9505-3336ABAA4F84} - System32\Tasks\{67B9EE60-C7A2-4B73-8AFB-3BB407FAD409} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2012-10-04] (Mirillis Ltd.)
Task: {57E8C2D6-FC4E-402F-81EC-E0B113F7F4CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3647814712-1308302749-3176139663-1003UA => C:\Users\Jasmine\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {78A89819-4D53-4714-B573-23AD0372E61D} - System32\Tasks\{2C0FA57D-4D85-4DD7-8AEA-6FB0683EA9D2} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2012-10-04] (Mirillis Ltd.)
Task: {7D6702BF-ABDA-4F59-835B-89DD0BD88513} - System32\Tasks\Digital Sites => C:\Users\Jasmine\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {849FDCBD-F380-44B9-AC7F-C2D7BB3BC8AF} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-03-27] () <==== ATTENTION
Task: {912F5EA2-5E62-4F9A-819B-5A2E0615E738} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: {94DF87E4-3B4A-46C2-B46B-500CD1F062B2} - System32\Tasks\{9B6A2345-1BAF-4762-8E6C-3D104574340B} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2012-10-04] (Mirillis Ltd.)
Task: {9800C344-B3BC-4196-8878-3039ED438CB5} - System32\Tasks\AdobeAAMUpdater-1.0-Jasmine-PC-Jasmine => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {9C8ABD6E-DBD3-482F-9943-E34FBC74A8F6} - System32\Tasks\{5CB36992-397A-4B79-AD7E-3EDF1AF2A1E2} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2012-10-04] (Mirillis Ltd.)
Task: {AF4E14DE-3AC4-4F01-8960-C108B9718C84} - System32\Tasks\bench-S-1-5-21-3647814712-1308302749-3176139663-1001 => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-03-27] () <==== ATTENTION
Task: {B5805002-FA7B-44CC-B70D-73C1D0C33BE3} - System32\Tasks\{FCD1D418-B365-49C4-BACB-067C4D070D0E} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2012-10-04] (Mirillis Ltd.)
Task: {C403EB34-B5D1-493C-8522-F70272F76357} - System32\Tasks\GreatArcadeHits => C:\Users\Jasmine\AppData\Local\GreatArcadeHits\GAHUpdate.exe [2014-07-01] () <==== ATTENTION
Task: {D46D64F6-ECCA-47E6-A7FC-412AFD43DE9E} - System32\Tasks\{97E4CF1A-1FC8-48B5-9C9B-E26A78FDF724} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2012-10-04] (Mirillis Ltd.)
Task: {E382E25E-8FCB-49E7-8E5F-2558CC0F7353} - System32\Tasks\{511384BD-25BF-4B49-B1B4-11D2173A5545} => C:\Program Files (x86)\Mirillis\Action!\Action.exe [2012-10-04] (Mirillis Ltd.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\bench-S-1-5-21-3647814712-1308302749-3176139663-1001.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Jasmine\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3647814712-1308302749-3176139663-1003Core.job => C:\Users\Jasmine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3647814712-1308302749-3176139663-1003UA.job => C:\Users\Jasmine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GreatArcadeHits.job => C:\Users\Jasmine\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\MySearchDial.job => C:\Users\Jasmine\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-12-17 21:14 - 2013-12-17 21:14 - 00033824 _____ () C:\Program Files\pcreg\pcreg.exe
2014-08-11 11:10 - 2014-08-11 11:10 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2011-03-31 18:56 - 2009-12-18 22:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-03-31 18:56 - 2009-12-18 22:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2011-03-31 19:20 - 2009-07-15 11:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-03-31 19:20 - 2009-07-15 11:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2011-03-31 18:56 - 2009-12-18 22:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2014 09:21:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2014 09:21:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2014 08:53:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2014 08:53:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2014 08:28:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Vista Network Dispatch Driver.

System Error:
The system cannot find the file specified.
.

Error: (09/18/2014 08:28:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.

System Error:
The system cannot find the file specified.
.

Error: (09/18/2014 08:28:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver.

System Error:
The system cannot find the file specified.
.

Error: (09/18/2014 08:28:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3647814712-1308302749-3176139663-1003.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {60302029-c191-4e8d-8074-5fdee6938fcd}

Error: (09/18/2014 07:59:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2014 06:59:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (09/20/2014 06:10:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error:
%%2

Error: (09/20/2014 06:08:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live Family Safety Service service failed to start due to the following error:
%%1053

Error: (09/20/2014 06:08:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live Family Safety Service service to connect.

Error: (09/20/2014 06:08:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (09/20/2014 06:08:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

Error: (09/20/2014 03:13:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error:
%%2

Error: (09/20/2014 03:10:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live Family Safety Service service failed to start due to the following error:
%%1053

Error: (09/20/2014 03:10:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live Family Safety Service service to connect.

Error: (09/20/2014 03:10:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (09/20/2014 03:10:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.


Microsoft Office Sessions:
=========================
Error: (09/18/2014 09:21:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (09/18/2014 09:21:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (09/18/2014 08:53:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (09/18/2014 08:53:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (09/18/2014 08:28:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Vista Network Dispatch Driver.

System Error:
The system cannot find the file specified.

Error: (09/18/2014 08:28:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.

System Error:
The system cannot find the file specified.

Error: (09/18/2014 08:28:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver.

System Error:
The system cannot find the file specified.

Error: (09/18/2014 08:28:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3647814712-1308302749-3176139663-1003.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {60302029-c191-4e8d-8074-5fdee6938fcd}

Error: (09/18/2014 07:59:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jasmine\Desktop\SoftonicDownloader_for_slender-the-eight-pages.exe

Error: (09/18/2014 06:59:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

==================== Memory info ===========================

Processor: AMD Phenom II N660 Dual-Core Processor
Percentage of memory in use: 38%
Total physical RAM: 2810.9 MB
Available physical RAM: 1727.95 MB
Total Pagefile: 5619.98 MB
Available Pagefile: 4471.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:165.44 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:28.91 GB) NTFS
Drive e: (Repair disc Windows 7 64-bit) (Removable) (Total:1.89 GB) (Free:1.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D487738F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 01545DCF)
Partition 1: (Active) - (Size=1.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Looks good so far! :)



51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Don't forget to re-enable your previously switched-off protection software!

Link to post
Share on other sites

OK, so let's try something totally another.



Repair_Windows.png Repair Windows with Tweaking.com

Please download Tweaking.com Windows Repair All-In-One (portable edition) and save the file to your desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.
I strongly suggest to print out these guidelines for further reference.

This one needs to be done in steps. You will see many tabs with them, each one containing its own tasks. Please make sure to perform only the ones listed below!
This is very important to follow only these steps and guidelines. Running another ones may conflict with the other things that are currently being repaired.
Also I would recommend a cup of tea while the whole procedures will be done. It will surely take some amount of time.

Enter the Tweaking.com directory, right-click on Repair_Windows.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

Tab 1: Proper power drain

  • You will be prompted to perform a proper power drain.
  • Shut down your machine and uplug the power cord (remove battery if it is a portable machine).
  • Try to power it up by hitting the power button a couple of times. This should drain the remaining inside energy
  • Once finished, plug in the power cord (and the battery).
  • Boot-up your machine and once again run the tool as mentioned prior.

Once completed, please proceed to the next step.

Tab 2: Run Malwarebytes'

  • Windows Repair AIO will advice you to clean any infections using Malwarebytes' Anti-Malware (free version).
  • You may do it by clicking Download and scan system.
  • Remove all it finds.

Once completed, please proceed to the next step.

Tab 3: Check File System

  • Click the Check button. It will verify if the full scan is needed.
  • If no errors will be found, please proceed to the next step.
  • If errors are found, please click the Do it button:
    • Your system will be restarted
    • Repairing File System errors may take some time.
    • Please be patient and let it run uninterrupted!

Once completed, please proceed to the next step.

Tab 4: Check System Files

  • Click the Do it button to perform the scan.
  • System Files check usually takes some time to complete. Please be patient and let it run uninterrupted!
  • If any corruptions are found, there will be an attempt to fix it:
    • If running Windows XP, you may need to insert your installation CD to complete repairs.
    • If running Windows Vista, 7 or 8 the CD won't be needed in most cases.
  • Your machine may need to be rebooted to complete repairs.

Once completed, please proceed to the next step.

Tab 5: Registry Backup & System Restore

  • We need to create a Registry backup and a System Restore point prior to any fixes - this is crucial because fixing is always a invasive procedure.
  • Click Backup to backup your registry.
  • When finished, click Create to create a fresh Restore point.

Once completed, please proceed to the next step.

Tab 6: Start Repairs

  • Click Start.
  • You will be presented with a new window, divided verticaly
  • Under the right one please make sure that Restart/Shutdown System when finished is ticked and the Restart System option is marked.
  • Inside the left one you will see listed fixing options.
  • Click Unselect All at the bottom and then make sure these ones are checked:
    • 01 - Reset Registry Permissions
    • 02 - Reset File Permissions
    • 03 - Reset Service Permissions
    • 04 - Register System Files
    • 05 - Repair WMI
    • 06 - Repair Windows Firewall
    • 07 - Repair Internet Explorer
    • 08 - Repair Repair MDAC/MSJet
    • 09 - Repair Hosts File
    • 10 - Remove Policies Set By Infections
    • 11 - Repair Start Menu Icons Removed By Infections
    • 12 - Repair Icons
    • 13 - Repair Winsock & DNS Cache
    • 14 - Remove Temp Files
    • 15 - Repair Proxy Settings
    • 16 - Unhide Non System Files
    • 17 - Repair Windows Updates
    • 18 - Repair CD/DVD Missing/Not Working
    • 19 - Repair Volume Shadow Copy Service
    • 20 - Repair Windows Sidebar/Gadgets
    • 21 - Repair MSI (Windows Installer)
    • 22 - Repair Windows Snipping Tool
    • 23 - Repair File Associations
    • 24 - Repair Windows Safe Mode
    • 25 - Repair Print Spooler
    • 26 - Restore Important Windows Services
    • 27 - Set Windows Services To Default Startup
    • 28 - Repair Windows 8 App Store
    • 29 - Repair Windows 8 Component Store
    • 30 - Restore Windows 8 COM+ Unmarshalers
    • 31 - Repair Windows 'New' Submenu
  • Press Start Repairs button on the lower right.
  • This whole procedure may take some amount of time and your machine will be rebooted upon completion.
  • After the reboot, navigate to the Tweaking.com folder once again.
  • Enter the subfolder called Logs.

Please include here for me any logfile(s) you will find there.

 

 

Also please update me how is your machine after the taken repairs.

Link to post
Share on other sites

Being honest - I start thinking, that either it's something very nasty (like polymorphic file infector) here, or your system is very heavily damaged. But I'd like to make some more scans.



DrWebCureIt.png Scan with Dr.Web CureIt

Please visit this page: Dr.Web CureIt!
You will find there a download site and instructions how to run a free scan with Dr.Web.

Some notes from me:
icon_exclaim.gif The file will come totally randomly named (like h34cva7) - that's normal; however it will have this icon: DrWebCureIt.png
icon_exclaim.gif It may take a while to finish, depending of your capacities and system specs, be patient
icon_exclaim.gif Don't fix anything on your own using Dr.Web - this type of scans often produces false positives; I will tell you what to remove and how to do it after inspecting provided results

Upon completion, please click Open Report and paste it here for my analysis.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.