Jump to content

Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in your next reply...

 

Kevin

Link to post
Share on other sites

Thanks for your help..........TRovi.com appears to be gone.....

 

Following are the scan logs you requested:

 

Thanks Again

 

Rex

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/27/2014
Scan Time: 12:21:35 PM
Logfile: MBamScanLog102714.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.27.04
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Tyler

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349077
Time Elapsed: 16 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

# AdwCleaner v4.002 - Report created 27/10/2014 at 12:46:24
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Tyler - TYLERS_LAPTOP
# Running from : E:\Malware Tools\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Tyler\AppData\Roaming\Activeris
Folder Deleted : C:\Users\Todd\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Todd\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\Tyler\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Tyler\AppData\LocalLow\Object Browser
Folder Deleted : C:\Users\Tyler\Documents\PC Speed Maximizer
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\Tyler\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\y2kqfufi.default\Smartbar
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Folder Deleted : C:\Program Files (x86)\SmartTweak
Folder Deleted : C:\Program Files (x86)\TidyNetwork
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
Folder Deleted : C:\Users\Tyler\AppData\Local\CrashRpt
File Deleted : C:\END
File Deleted : C:\Users\Tyler\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Public\Desktop\Toolbar Cleaner.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\y2kqfufi.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
Task Deleted : ShopperPro
Task Deleted : ShopperProJSUpd
Task Deleted : SPDriver

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Tyler\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Shortcut Disinfected : C:\Users\Tyler\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Tyler\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe]
Key Deleted : HKCU\Software\ShopperPro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Object Browser
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\ShopperPro
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Video Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17116


-\\ Mozilla Firefox v33.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [5385 octets] - [27/10/2014 12:44:10]
AdwCleaner[s0].txt - [5699 octets] - [27/10/2014 12:46:24]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5759 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 8 x64
Ran by Tyler on Mon 10/27/2014 at 12:50:16.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util caramava



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Tyler\AppData\Roaming\mozilla\firefox\profiles\y2kqfufi.default\prefs.js

user_pref("CT3297959_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1385605181208,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3297959");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3
user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.Resources_resource_817949.value", "%22function%20startAskCom%2
user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.Resources_resource_817951.value", "%22/*%21%5Cn%20*%20domready
user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.Resources_resource_817957.value", "%22%28function%20%28%29%20%
user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A
user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_meta.value", "%7B%2219x19.png%22%3A%7B%22id%22%3A485
user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_resource_485550.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A
user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A
user_pref("extensions.af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920.52920.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("iminent.LayoutId", "1");
user_pref("iminent.adapters", "{\"www-search\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13943071141761814400\"},\"youtube\":{\"CountryCode\":\"US\"
user_pref("iminent.enabledAds", "false");
user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.imitinjs.info/imitin/
user_pref("iminent.newtabredirect", "true");
user_pref("iminent.nomsi", "true");
user_pref("iminent.registerToolbarEvent101", "1402285371089");
user_pref("iminent.registerToolbarEvent102", "1402192281925");
user_pref("iminent.registerToolbarEvent140", "1403977060684");
user_pref("iminent.searchindex", "1");
user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
user_pref("iminent.version", "8.10.2.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.10.2.1\",\"InstallEventCTime\":1394307106233,\"InstallEvent\":\"True\"}");
user_pref("plugin.state.npconduitfirefoxplugin", 0);
user_pref("smartbar.machineId", "JIN94B4GZHVOLGVYM8DBUXXUJ3+++X4KJQRRXENHYEHSJ69G/YWH9UJ0IH6X8DM9ZSY4MN3WF3TCAX2OAE0CMA");
user_pref("valueApps.storage.mam_gk_userId", "39353334326430622D396562622D346332332D383837352D336133373131613533333661");
Emptied folder: C:\Users\Tyler\AppData\Roaming\mozilla\firefox\profiles\y2kqfufi.default\minidumps [60 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/27/2014 at 12:53:39.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014
Ran by Tyler (administrator) on TYLERS_LAPTOP on 27-10-2014 12:55:50
Running from E:\Malware Tools
Loaded Profile: Tyler (Available profiles: Tyler & Todd)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-775045778-2574787548-2418169733-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20917408 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-775045778-2574787548-2418169733-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-775045778-2574787548-2418169733-1001\...\MountPoints2: {4c55c60e-e3c6-11e3-becd-208984601ac1} - "E:\MotoCastSetup.exe" -a
HKU\S-1-5-21-775045778-2574787548-2418169733-1001\...\MountPoints2: {7afabae5-27f5-11e3-bea0-208984601ac1} - "E:\VZW_Software_upgrade_assistant_installer.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gateway MyBackup Tray.lnk
ShortcutTarget: Gateway MyBackup Tray.lnk -> C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findweather/hdfForecast?query=Muscatine%2C+iowa
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - {A37A1DB0-57B4-4697-B8C8-D0EB000452B8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
SearchScopes: HKCU - {A37A1DB0-57B4-4697-B8C8-D0EB000452B8} URL =
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\y2kqfufi.default
FF Homepage: hxxp://www.wunderground.com/cgi-bin/findweather/hdfForecast?query=Muscatine%2C+Iowa
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-03-25] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-18] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-03-25] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] ()
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-02-26] (LogMeIn Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-25] (Dritek System Inc.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 12:55 - 2014-10-27 12:55 - 00000000 ____D () C:\FRST
2014-10-27 12:53 - 2014-10-27 12:55 - 00004697 _____ () C:\Users\Tyler\Desktop\JRT.txt
2014-10-27 12:50 - 2014-10-27 12:50 - 00000000 ____D () C:\Windows\ERUNT
2014-10-27 12:49 - 2014-10-27 12:49 - 00005851 _____ () C:\Users\Tyler\Desktop\AdwCleaner[s0].txt
2014-10-27 12:44 - 2014-10-27 12:46 - 00000000 ____D () C:\AdwCleaner
2014-10-24 15:08 - 2014-10-24 15:09 - 12885701 _____ () C:\Users\Tyler\Downloads\kp0bwlur.exe.part
2014-10-24 15:03 - 2014-10-27 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-10-24 15:03 - 2014-10-24 15:03 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-10-24 15:03 - 2014-10-24 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-10-24 15:03 - 2014-10-24 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-10-24 13:41 - 2012-11-20 05:48 - 02213776 _____ (ELAN Microelectronics Corp.) C:\Windows\ETDUninst.dll
2014-10-24 13:21 - 2014-10-24 13:21 - 00000632 _____ () C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HijackThis.lnk
2014-10-24 12:20 - 2014-10-27 11:57 - 00161266 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 11:51 - 2014-10-27 12:48 - 00047600 _____ () C:\Windows\PFRO.log
2014-10-24 11:41 - 2014-10-24 11:41 - 00001285 _____ () C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-24 10:55 - 2014-10-24 10:55 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-24 10:53 - 2014-10-24 10:53 - 00244032 _____ () C:\Users\Tyler\Downloads\Firefox Setup Stub 33.0.exe
2014-10-24 10:11 - 2014-10-24 10:11 - 00281624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-24 10:09 - 2014-10-24 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-24 10:08 - 2014-10-24 10:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-24 10:08 - 2014-10-24 10:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-24 10:07 - 2014-09-13 01:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-24 10:07 - 2014-09-05 19:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-24 10:07 - 2014-09-02 21:48 - 00457728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-10-24 10:07 - 2014-09-02 21:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-10-24 10:07 - 2014-09-02 21:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-10-24 10:07 - 2014-09-02 21:21 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-10-24 10:07 - 2014-09-02 21:21 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-10-24 10:07 - 2014-08-28 23:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-10-24 10:07 - 2014-08-28 23:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-10-24 10:07 - 2014-08-28 23:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-10-24 10:07 - 2014-08-28 23:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-10-24 10:07 - 2014-08-28 01:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
2014-10-24 10:07 - 2014-08-28 01:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-10-24 10:07 - 2014-08-28 00:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-10-24 10:07 - 2014-08-28 00:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-10-24 10:07 - 2014-08-28 00:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-10-24 10:07 - 2014-08-28 00:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
2014-10-24 10:07 - 2014-07-24 08:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-10-24 09:30 - 2014-10-24 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-24 09:30 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-24 09:30 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-24 09:30 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-24 09:30 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-24 09:29 - 2014-10-24 09:30 - 00005682 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-24 09:25 - 2014-10-24 10:57 - 00007606 _____ () C:\Users\Tyler\AppData\Local\Resmon.ResmonCfg
2014-10-23 20:49 - 2014-09-29 17:49 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-23 20:49 - 2014-09-29 17:49 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-23 20:43 - 2014-10-23 20:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-23 20:22 - 2014-07-15 17:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-10-23 20:13 - 2014-06-10 17:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-23 20:13 - 2014-06-10 17:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-23 20:01 - 2014-10-23 20:01 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-23 20:00 - 2014-10-24 13:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-23 20:00 - 2014-10-23 20:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-23 20:00 - 2014-10-23 20:00 - 00001398 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-23 20:00 - 2014-10-23 20:00 - 00001386 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-23 20:00 - 2014-10-23 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-23 20:00 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-23 19:48 - 2014-10-23 19:48 - 00015502 _____ () C:\Users\Tyler\Downloads\cc_20141023_194836.reg
2014-10-23 19:48 - 2014-10-23 19:48 - 00015502 _____ () C:\Users\Tyler\Downloads\cc_20141023_194815.reg
2014-10-23 19:45 - 2014-10-23 19:50 - 156062696 _____ () C:\Users\Tyler\Downloads\k05rg578(1).exe
2014-10-23 19:45 - 2014-10-23 19:48 - 156062696 _____ () C:\Users\Tyler\Downloads\k05rg578.exe
2014-10-23 19:45 - 2014-10-23 19:47 - 04965896 _____ (Piriform Ltd) C:\Users\Tyler\Downloads\ccsetup418(1).exe
2014-10-23 19:45 - 2014-10-23 19:46 - 04965896 _____ (Piriform Ltd) C:\Users\Tyler\Downloads\ccsetup418.exe
2014-10-23 19:38 - 2014-10-23 19:38 - 00006280 _____ () C:\Users\Tyler\Downloads\cc_20141023_193830.reg
2014-10-23 19:37 - 2014-10-23 19:38 - 00097384 _____ () C:\Users\Tyler\Downloads\cc_20141023_193731.reg
2014-10-23 19:32 - 2014-10-23 19:47 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-23 19:32 - 2014-10-23 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-23 19:32 - 2014-10-23 19:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-23 19:32 - 2014-10-23 19:32 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-23 19:28 - 2014-10-23 19:28 - 00000000 ____D () C:\Users\Tyler\Doctor Web
2014-10-23 18:43 - 2014-10-27 12:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-23 18:42 - 2014-10-23 18:45 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-23 18:42 - 2014-10-23 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-23 18:42 - 2014-10-23 18:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-23 18:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-23 18:42 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-23 17:39 - 2014-09-13 00:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-23 17:39 - 2014-09-12 23:02 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-23 17:39 - 2014-07-23 22:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-10-23 17:39 - 2014-07-23 22:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-10-23 17:37 - 2014-06-12 20:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-23 17:37 - 2014-06-12 20:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-10-23 17:37 - 2014-06-04 20:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-10-23 17:37 - 2014-06-03 18:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-10-23 17:36 - 2014-08-20 18:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-10-23 17:36 - 2014-08-20 12:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-23 17:36 - 2014-08-20 12:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-10-23 17:36 - 2014-08-20 12:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-23 17:36 - 2014-08-20 12:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-23 17:36 - 2014-08-20 12:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-23 17:36 - 2014-06-24 02:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-10-23 17:36 - 2014-06-24 01:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-10-23 17:35 - 2014-07-07 00:53 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-23 17:35 - 2014-07-07 00:52 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-23 17:35 - 2014-07-07 00:52 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-23 17:35 - 2014-07-07 00:52 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-23 17:35 - 2014-07-07 00:51 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-23 17:35 - 2014-07-06 23:01 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-23 17:35 - 2014-07-06 23:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-23 17:35 - 2014-07-06 23:00 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-23 17:35 - 2014-07-06 22:59 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-23 17:34 - 2014-06-17 18:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-10-23 17:34 - 2014-06-17 18:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-10-23 17:34 - 2014-06-02 17:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-10-23 17:33 - 2014-09-20 00:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-23 17:33 - 2014-09-20 00:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-23 17:33 - 2014-09-20 00:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-23 17:33 - 2014-09-20 00:17 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-10-23 17:33 - 2014-09-20 00:17 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-23 17:33 - 2014-09-20 00:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-23 17:33 - 2014-09-20 00:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-23 17:33 - 2014-09-20 00:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-23 17:33 - 2014-09-20 00:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-23 17:33 - 2014-09-19 22:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-23 17:33 - 2014-09-19 22:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-23 17:33 - 2014-09-19 22:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-23 17:33 - 2014-09-19 22:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-23 17:33 - 2014-09-19 22:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-23 17:33 - 2014-09-19 22:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-23 17:33 - 2014-09-19 20:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-10-23 17:33 - 2014-07-31 18:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-10-23 17:32 - 2014-10-09 23:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-23 17:32 - 2014-10-09 23:47 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-23 17:32 - 2014-10-07 23:26 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-23 17:32 - 2014-08-28 06:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-23 17:32 - 2014-08-28 01:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-23 17:32 - 2014-08-28 01:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-23 17:32 - 2014-08-28 01:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-23 17:32 - 2014-08-28 01:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-23 17:32 - 2014-08-28 01:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-23 17:32 - 2014-08-28 01:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-23 17:32 - 2014-08-28 01:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-23 17:32 - 2014-08-28 01:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-23 17:32 - 2014-08-28 01:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-10-23 17:32 - 2014-08-28 01:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-23 17:32 - 2014-08-28 01:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-23 17:32 - 2014-08-28 01:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-10-23 17:32 - 2014-06-30 17:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-10-23 17:32 - 2014-06-30 17:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-10-23 17:32 - 2014-05-29 18:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-10-23 17:32 - 2014-05-29 18:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-10-23 17:32 - 2014-05-29 18:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-23 17:32 - 2014-05-29 18:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-10-23 17:31 - 2014-09-02 21:48 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-23 17:31 - 2014-09-02 21:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-23 17:31 - 2014-08-28 01:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-23 17:30 - 2014-07-24 08:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-10-23 17:30 - 2014-07-16 18:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-10-23 17:30 - 2014-07-16 17:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-10-23 17:30 - 2014-07-16 17:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-10-23 17:30 - 2014-07-12 01:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-10-23 17:30 - 2014-07-11 23:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-10-23 17:30 - 2014-07-11 23:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-23 17:30 - 2014-07-11 23:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-23 17:30 - 2014-07-11 23:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-10-23 17:30 - 2014-06-28 01:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-10-23 17:30 - 2014-06-27 21:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-10-23 17:30 - 2014-06-19 18:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-23 17:30 - 2014-06-19 17:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-23 17:30 - 2014-05-03 01:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-23 17:30 - 2014-05-03 01:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-23 17:30 - 2014-05-02 23:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-23 17:30 - 2014-05-01 17:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-23 17:30 - 2014-04-29 17:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-10-23 17:30 - 2014-04-29 17:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-10-23 17:29 - 2014-09-27 23:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-23 17:29 - 2014-06-06 09:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-23 17:29 - 2014-06-06 05:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-10-23 17:29 - 2014-05-29 17:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-23 17:28 - 2014-09-17 18:24 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-23 17:28 - 2014-09-17 17:56 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-23 17:28 - 2014-08-30 00:48 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-23 17:28 - 2014-08-30 00:46 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-23 17:28 - 2014-08-29 23:05 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-23 17:28 - 2014-08-29 23:03 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-23 17:28 - 2014-08-09 03:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-23 17:28 - 2014-08-09 03:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-10-23 17:28 - 2014-07-15 18:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-23 17:28 - 2014-07-11 21:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-23 17:28 - 2014-06-12 18:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-10-23 17:28 - 2014-06-12 18:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-10-23 17:28 - 2014-06-05 12:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-23 17:28 - 2014-06-05 12:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-23 17:28 - 2014-06-05 08:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-23 17:19 - 2014-05-28 23:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 12:56 - 2013-12-15 18:58 - 00000398 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-775045778-2574787548-2418169733-1001.job
2014-10-27 12:48 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 12:46 - 2014-03-03 17:36 - 00001086 _____ () C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-27 12:46 - 2014-03-03 17:36 - 00001056 _____ () C:\Users\Tyler\Desktop\Search.lnk
2014-10-27 12:46 - 2013-05-19 20:32 - 00000996 _____ () C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-27 12:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-27 11:06 - 2013-05-20 19:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 11:04 - 2013-05-19 20:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-24 15:44 - 2014-05-09 23:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-24 15:06 - 2013-06-06 21:36 - 00000000 ____D () C:\Users\Tyler\AppData\Local\CrashDumps
2014-10-24 14:02 - 2013-05-19 20:38 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-775045778-2574787548-2418169733-1001
2014-10-24 13:40 - 2012-12-27 04:06 - 00000000 ____D () C:\Windows\oem
2014-10-24 13:40 - 2012-12-27 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
2014-10-24 13:40 - 2012-12-27 04:06 - 00000000 ____D () C:\Program Files (x86)\Gateway
2014-10-24 13:37 - 2014-03-03 17:19 - 00000000 ____D () C:\Fraps
2014-10-24 13:18 - 2014-03-03 17:29 - 00023552 ___SH () C:\Users\Tyler\Downloads\Thumbs.db
2014-10-24 12:29 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-10-24 11:51 - 2014-05-26 17:05 - 00000398 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-10-24 11:51 - 2014-05-26 17:04 - 00000400 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-10-24 11:51 - 2013-05-19 20:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-24 10:55 - 2013-07-23 15:53 - 00285696 ___SH () C:\Users\Tyler\Desktop\Thumbs.db
2014-10-24 10:55 - 2013-05-19 20:37 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-24 10:48 - 2014-05-26 17:05 - 00002676 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rel
2014-10-24 10:48 - 2014-05-26 17:04 - 00002678 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rmv
2014-10-24 10:09 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-24 10:00 - 2013-11-27 18:53 - 00000000 ____D () C:\Users\Tyler\Downloads\Steam
2014-10-24 09:34 - 2013-11-26 16:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-24 09:30 - 2013-06-16 21:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-23 20:55 - 2012-07-26 02:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-23 20:47 - 2012-12-27 04:09 - 00000000 ____D () C:\ProgramData\Norton
2014-10-23 20:45 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-23 20:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-23 20:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-23 20:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-23 20:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-10-23 20:43 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-23 20:42 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-10-23 20:21 - 2013-08-15 09:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-23 20:18 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-23 19:28 - 2013-05-19 20:30 - 00000000 ____D () C:\Users\Tyler
2014-10-23 19:25 - 2014-03-10 20:11 - 00001381 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-10-23 19:25 - 2014-03-10 20:11 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-10-23 19:23 - 2014-03-03 17:10 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Skype
2014-10-23 18:42 - 2013-11-26 15:54 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Malwarebytes
2014-10-23 18:42 - 2013-11-26 15:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-23 18:42 - 2013-11-26 15:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-23 17:23 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-23 17:21 - 2012-12-27 04:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-23 17:07 - 2013-05-20 19:37 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-23 16:52 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-10-03 10:02 - 2013-05-24 12:48 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-01 11:11 - 2013-11-26 15:53 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Tyler\AppData\Local\Temp\LDFNYMTHX.exe
C:\Users\Tyler\AppData\Local\Temp\Quarantine.exe
C:\Users\Tyler\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-23 21:06

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014
Ran by Tyler at 2014-10-27 12:56:40
Running from E:\Malware Tools
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4031 - AVG Technologies) Hidden
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Consumer Input Update Helper (x32 Version: 1.3.25.131 - Compete Inc.) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
EPSON XP-300 Series Printer Uninstall (HKLM\...\EPSON XP-300 Series) (Version:  - SEIKO EPSON Corporation)
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Gateway Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Gateway)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Gateway Incorporated)
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero ControlCenter (x32 Version: 11.0.14500.0.45 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.16900.1.27 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.16001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Skype™ 6.14 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.14.104 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{254006BC-97DE-4C82-A1A1-A2BAD2520083}) (Version: 10.239.1.14117 - ReSoft Ltd.) <==== ATTENTION
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Movie Maker 6.1 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2winmovie}}_is1) (Version:  - win-movie-maker-free)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-07-2014 01:03:57 Windows Update
24-10-2014 00:17:09 Removed Norton Online Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D79966B-BC70-4A1F-8B35-871857CECE0E} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {23BC5176-BFE0-4066-AB3C-099F8681BD45} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
Task: {2996F48B-0E01-49B5-AAC3-2FBEFD3C0173} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-03] (Microsoft Corporation)
Task: {5096E75B-F3D0-4AD2-8FB7-415950371080} - System32\Tasks\CIMT_S-1-5-21-775045778-2574787548-2418169733-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {5756846E-7E3A-40AC-B4C7-4D5CB941B7F9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {5F641409-9BC8-4B2B-AE9C-06E790D7B2D8} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
Task: {6BCAE4D0-2D03-4ACB-9863-17181BBBD8C2} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\Windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {7BB7BFEF-BB27-43F3-B2DA-E8E6B85B0E2E} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Gateway\Gateway Recovery Management\Notification\Notification.exe [2012-10-08] (Acer Incorporated)
Task: {97327E4E-08E6-4E57-87FF-2785A73948E8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AA0F398C-788E-4CBC-AA5D-01D1267C630F} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-11-06] ()
Task: {B88CDEA8-449C-42C2-B01F-0717D63DF0B9} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-05-26] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CB3C31F0-AED9-44D9-9437-8C64CF1A1AA3} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {DCCA35B3-917F-4531-B1D6-E51054505615} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {DD4B47BD-F363-46D6-B1AF-FC296BF6E701} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {EA7F96D6-3BED-4699-9536-8E8C817B2111} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F787454E-7D40-46A8-9DEE-A5DAFA488949} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-05-26] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-775045778-2574787548-2418169733-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe

==================== Loaded Modules (whitelisted) =============

2012-12-27 03:19 - 2012-10-23 13:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-02 19:38 - 2012-11-02 19:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2012-11-02 19:38 - 2012-11-02 19:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\VolumeSnapshot.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\Online.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OsSettingPort.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OutlookShadow.dll
2014-10-23 20:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-23 20:00 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-23 20:00 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-23 20:00 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-23 20:00 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-03-25 23:02 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKCU\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKCU\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0414c"

========================= Accounts: ==========================

Administrator (S-1-5-21-775045778-2574787548-2418169733-500 - Administrator - Disabled)
Guest (S-1-5-21-775045778-2574787548-2418169733-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-775045778-2574787548-2418169733-1003 - Limited - Enabled)
Todd (S-1-5-21-775045778-2574787548-2418169733-1004 - Limited - Enabled) => C:\Users\Todd
Tyler (S-1-5-21-775045778-2574787548-2418169733-1001 - Administrator - Enabled) => C:\Users\Tyler

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 37%
Total physical RAM: 3909.27 MB
Available physical RAM: 2431.4 MB
Total Pagefile: 7493.27 MB
Available Pagefile: 5838.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:449.19 GB) (Free:378.9 GB) NTFS
Drive e: (USBSYSDIAGS) (Removable) (Total:0.48 GB) (Free:0.15 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7FAC6B22)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 490 MB) (Disk ID: 1F40FDEC)
Partition 1: (Active) - (Size=490 MB) - (Type=06)

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those two logs in your next reply, also give an update on any remaining issues or concerns..

 

One other point, Snap.do shows as installed in the installed programs list, UNinstall at your earliest convenience...

 

Kevin..

 

 

 

Fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.