Jump to content

infected? help please!


Recommended Posts

Hello,

For the last month or so my machine has been acting really bad - takes nearly 5 minutes to open "computer". CleanUp pulls GIGS of data daily (when the machine is working so bad that I can't do anything to create that much data).  My internet explorer options keep changing to NOT allow downloads, my "remote sharing" was marked as "shared" when I never marked it.  I have changed that back to NOT shared, but it seems the damage is done.

I have run Malwarebytes and my antivirus numerous times, as well as scan disk, defrag, etc.  with no results.  MWB has not found anything, nor has my anti-virus.

 

I appreciate any help on this! 

Thank you,

 

Here is the log from the FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by Connected User (administrator) on DAVID on 24-12-2014 11:53:45
Running from C:\Users\Connected User\Desktop\Computer Enhancer's\Anti Virus Related
Loaded Profile: Connected User (Available profiles: Connected User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhst3g.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [773256 2014-12-10] (Webroot)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-11-08] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-12] (Google Inc.)
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\MountPoints2: {0cd1126c-d0c1-11e0-afc2-78acc0bf7013} - K:\setup.exe -a
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\MountPoints2: {e228c38f-5198-11e0-87aa-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-326516807-3596904739-1954027703-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.9news.com/default.aspx
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
URLSearchHook: HKLM-x32 - (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
URLSearchHook: HKU\S-1-5-21-326516807-3596904739-1954027703-1001 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-326516807-3596904739-1954027703-1001 - (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\S-1-5-21-326516807-3596904739-1954027703-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-326516807-3596904739-1954027703-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-326516807-3596904739-1954027703-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-326516807-3596904739-1954027703-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-326516807-3596904739-1954027703-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-326516807-3596904739-1954027703-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Connected User\AppData\Roaming\Mozilla\Firefox\Profiles\13gq8pqm.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.9news.com/default.aspx
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Video WithOut Flash - C:\Users\Connected User\AppData\Roaming\Mozilla\Firefox\Profiles\13gq8pqm.default\Extensions\vwof@drev.com.xpi [2014-12-19]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-12-02]

Chrome:
=======
CHR Profile: C:\Users\Connected User\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-09] (WildTangent)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [403536 2010-10-26] (Logitech, Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [773256 2014-12-10] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [23936 2010-04-13] (Adaptec) [File not signed]
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-24] (Malwarebytes Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-06-04] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633296 2012-06-04] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [389968 2012-06-04] (Paragon)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-12-10] (Webroot)
S3 cpuz134; \??\C:\Users\CONNEC~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 11:51 - 2014-12-24 11:54 - 00000000 ___DC () C:\FRST
2014-12-23 21:31 - 2014-12-23 21:31 - 00001987 ____C () C:\Users\Public\Desktop\Saved UR Coaster Deluxe Coasters.lnk
2014-12-23 21:31 - 2014-12-23 21:31 - 00000000 ___DC () C:\Program Files (x86)\Disney Imagineering
2014-12-23 20:26 - 2014-12-23 20:26 - 00000000 ___DC () C:\Users\Connected User\AppData\Local\{5FE0B9C0-A4EB-4EAB-8921-A70396271B08}
2014-12-23 18:25 - 2014-12-23 18:25 - 00003886 ____C () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-22 10:13 - 2014-12-22 10:13 - 13078440 ____C () C:\Users\Connected User\Downloads\IncrediMailSetup (8).exe
2014-12-22 10:13 - 2014-12-22 10:13 - 13078440 ____C () C:\Users\Connected User\Downloads\IncrediMailSetup (7).exe
2014-12-21 10:58 - 2014-12-24 07:53 - 00000616 ____C () C:\Windows\setupact.log
2014-12-21 10:58 - 2014-12-24 07:52 - 00107082 ____C () C:\Windows\PFRO.log
2014-12-21 10:58 - 2014-12-21 10:58 - 00000000 ____C () C:\Windows\setuperr.log
2014-12-21 07:49 - 2014-12-24 07:53 - 00000749 ____C () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2014-12-20 10:33 - 2014-12-20 10:35 - 05317104 ____C (Piriform Ltd) C:\Users\Connected User\Downloads\ccsetup501.exe
2014-12-18 07:34 - 2014-12-19 03:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 07:34 - 2014-12-19 03:02 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 14:01 - 2014-12-17 14:01 - 00000000 ___DC () C:\Windows\pss
2014-12-16 06:27 - 2014-12-16 21:51 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-16 06:27 - 2014-12-16 21:51 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-12-16 06:27 - 2014-12-16 21:50 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-16 06:27 - 2014-12-16 21:50 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-15 13:20 - 2014-12-15 13:20 - 00000000 ___DC () C:\Users\Connected User\AppData\Local\Razer
2014-12-15 13:16 - 2014-12-15 13:16 - 00000000 ___DC () C:\Users\Connected User\AppData\Local\Razer_Inc
2014-12-15 13:15 - 2014-11-17 14:37 - 00129600 ____C (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2014-12-15 13:15 - 2014-10-31 16:27 - 00037184 ____C (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2014-12-15 13:14 - 2014-12-15 13:14 - 00000000 ___HC () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-12-15 13:13 - 2014-12-15 13:13 - 00000000 ___HC () C:\Windows\system32\Drivers\Msft_Kernel_RzFilter_01009.Wdf
2014-12-15 13:13 - 2014-04-18 09:02 - 00129472 ____C (Razer, Inc.) C:\Windows\system32\Drivers\RzDxgk.sys
2014-12-15 13:13 - 2014-04-18 09:02 - 00074432 ____C (Razer, Inc.) C:\Windows\system32\Drivers\RzFilter.sys
2014-12-15 13:12 - 2014-12-15 13:12 - 00000000 ___DC () C:\Windows\Razer Core
2014-12-15 13:12 - 2014-12-15 13:12 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-12-15 13:08 - 2014-12-15 13:15 - 00000000 ___DC () C:\ProgramData\Razer
2014-12-15 13:00 - 2014-12-15 13:20 - 00000000 ___DC () C:\Program Files (x86)\Razer
2014-12-15 12:58 - 2014-12-15 12:59 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-15 12:58 - 2014-12-15 12:59 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-15 12:58 - 2014-12-15 12:59 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-15 12:58 - 2014-12-15 12:59 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-15 12:58 - 2014-12-15 12:59 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-15 12:58 - 2014-12-15 12:59 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-15 12:58 - 2014-12-15 12:59 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-15 12:58 - 2014-12-15 12:59 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-15 12:58 - 2014-12-15 12:59 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-15 12:58 - 2014-12-15 12:59 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-15 12:58 - 2014-12-15 12:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-12-15 12:58 - 2014-12-15 12:59 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-15 12:58 - 2014-12-15 12:59 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-15 12:58 - 2014-12-15 12:59 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-12-15 12:58 - 2014-12-15 12:59 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-15 12:58 - 2014-12-15 12:59 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-15 12:57 - 2014-12-15 12:58 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-12-15 12:57 - 2014-12-15 12:58 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-12-15 12:57 - 2014-12-15 12:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-12-15 12:57 - 2014-12-15 12:58 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-12-15 12:50 - 2014-12-15 12:50 - 00000000 ____C () C:\Windows\SysWOW64\SETEA7E.tmp
2014-12-15 12:50 - 2014-12-15 12:50 - 00000000 ____C () C:\Windows\system32\SETCC78.tmp
2014-12-15 12:50 - 2014-12-15 12:50 - 00000000 ____C () C:\Windows\system32\SETB1F8.tmp
2014-12-13 22:06 - 2014-12-13 22:06 - 00001235 ____C () C:\Users\Connected User\Desktop\TeamSpeak 3 Client.lnk
2014-12-13 22:06 - 2014-12-13 22:06 - 00000000 ___DC () C:\Users\Connected User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-12-13 22:06 - 2014-12-13 22:06 - 00000000 ___DC () C:\Users\Connected User\AppData\Local\TeamSpeak 3 Client
2014-12-13 22:01 - 2014-12-13 22:01 - 28115400 ____C (TeamSpeak Systems GmbH) C:\Users\Connected User\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-12-13 20:03 - 2014-12-13 20:03 - 00000000 ___DC () C:\Users\Connected User\AppData\Local\Macromedia
2014-12-13 19:42 - 2014-12-13 19:42 - 00001121 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-13 19:42 - 2014-12-13 19:42 - 00001109 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-13 19:42 - 2014-12-13 19:42 - 00000000 ___DC () C:\Users\Connected User\AppData\Roaming\Mozilla
2014-12-13 19:42 - 2014-12-13 19:42 - 00000000 ___DC () C:\ProgramData\Mozilla
2014-12-13 19:42 - 2014-12-13 19:42 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-13 19:42 - 2014-12-13 19:42 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-12-13 19:41 - 2014-12-13 19:41 - 00244104 ____C () C:\Users\Connected User\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-11 17:18 - 2014-12-18 17:55 - 00000000 ___DC () C:\Users\Connected User\AppData\Roaming\TS3Client
2014-12-11 17:18 - 2014-12-12 10:29 - 00000000 ___DC () C:\Program Files (x86)\TeamSpeak 3 Client
2014-12-11 04:23 - 2014-12-11 04:23 - 00000000 ___DC () C:\Windows\system32\appraiser
2014-12-11 04:14 - 2014-12-11 04:14 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 04:14 - 2014-12-11 04:14 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 07:18 - 2014-12-11 04:21 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 07:18 - 2014-12-11 04:21 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 07:18 - 2014-12-11 04:21 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 07:18 - 2014-12-11 04:21 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 07:18 - 2014-12-11 04:21 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 07:18 - 2014-12-11 04:21 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 07:18 - 2014-12-11 04:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 07:18 - 2014-12-11 04:21 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 07:17 - 2014-12-11 04:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 07:17 - 2014-12-11 04:15 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 07:17 - 2014-12-11 04:15 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 07:17 - 2014-12-11 04:15 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 07:17 - 2014-12-11 04:15 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 07:17 - 2014-12-11 04:15 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 07:17 - 2014-12-11 04:15 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 07:17 - 2014-12-11 04:15 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 07:17 - 2014-12-11 04:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 07:17 - 2014-12-11 04:13 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 07:17 - 2014-12-11 04:13 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 07:17 - 2014-12-11 04:13 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 07:17 - 2014-12-11 04:13 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 07:17 - 2014-12-11 04:13 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 07:17 - 2014-12-11 04:13 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 07:17 - 2014-12-11 04:13 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 07:17 - 2014-12-11 04:13 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 07:17 - 2014-12-11 04:13 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 07:17 - 2014-12-11 04:13 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 07:17 - 2014-12-11 04:13 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 07:17 - 2014-12-11 04:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 07:17 - 2014-12-11 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 07:17 - 2014-12-11 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 18:41 - 2014-12-09 18:42 - 05162080 ____C (Piriform Ltd) C:\Users\Connected User\Downloads\ccsetup500.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 11:54 - 2009-07-13 21:45 - 00018736 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-24 11:54 - 2009-07-13 21:45 - 00018736 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-24 11:53 - 2011-12-29 18:08 - 00000000 ___DC () C:\ProgramData\WRData
2014-12-24 11:52 - 2011-05-12 09:51 - 00000898 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 11:36 - 2014-06-30 12:35 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-24 11:12 - 2012-04-02 12:18 - 00000830 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-24 10:50 - 2011-05-12 14:25 - 00000000 ___DC () C:\Users\Connected User\AppData\Local\CrashDumps
2014-12-24 10:39 - 2011-03-18 10:50 - 01153907 ____C () C:\Windows\WindowsUpdate.log
2014-12-24 07:53 - 2011-05-12 09:51 - 00000894 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-24 07:53 - 2009-07-13 22:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-12-23 21:37 - 2011-05-13 18:20 - 00001331 ____C () C:\Windows\disney.ini
2014-12-23 21:37 - 2011-03-18 10:50 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-12-23 21:36 - 2011-05-13 18:27 - 00001571 ____C () C:\Windows\EReg515.dat
2014-12-23 21:34 - 2011-05-13 18:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Imagineering
2014-12-23 21:30 - 2011-05-13 18:20 - 00000192 ____C () C:\Windows\disneysy.ini
2014-12-23 20:26 - 2011-05-11 05:55 - 00000000 ___DC () C:\Users\Connected User\AppData\Local\Windows Live
2014-12-23 08:34 - 2011-03-18 11:10 - 00000000 ___DC () C:\ProgramData\PDFC
2014-12-22 22:15 - 2012-10-15 20:08 - 00000982 ____C () C:\Windows\Tasks\Paragon Archive name Backup.job
2014-12-20 18:23 - 2011-05-11 05:57 - 00000000 ___DC () C:\Users\Connected User\Desktop\K
2014-12-20 14:42 - 2011-05-11 05:57 - 00000000 ___DC () C:\Users\Connected User\Desktop\Incredimail
2014-12-20 10:36 - 2011-05-12 09:51 - 00000000 ___DC () C:\Program Files\CCleaner
2014-12-20 07:44 - 2014-08-31 11:50 - 00000000 ___DC () C:\Users\Connected User\AppData\Local\Adobe
2014-12-20 07:44 - 2012-04-02 12:18 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-20 07:44 - 2012-04-02 12:18 - 00003768 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-20 07:44 - 2011-05-14 07:03 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-19 23:21 - 2011-12-01 14:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-19 21:54 - 2009-07-13 22:32 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-19 21:42 - 2011-07-12 14:50 - 00000000 ___DC () C:\Program Files (x86)\Buka
2014-12-19 21:17 - 2013-08-09 20:17 - 00000000 ___DC () C:\Users\Connected User\AppData\Roaming\Rovio Entertainment Ltd
2014-12-19 21:17 - 2011-09-26 08:52 - 00000000 ___DC () C:\Program Files (x86)\Rovio
2014-12-19 21:13 - 2011-09-04 20:23 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playrix Entertainment
2014-12-19 21:13 - 2011-09-04 20:23 - 00000000 ___DC () C:\Program Files (x86)\Playrix Entertainment
2014-12-19 20:58 - 2011-09-26 08:52 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
2014-12-19 15:21 - 2009-07-13 22:13 - 00782470 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-12-19 15:12 - 2012-12-25 19:13 - 00000000 ___DC () C:\ProgramData\CanonIJPLM
2014-12-19 10:30 - 2009-04-26 16:09 - 00119808 ____C () C:\Users\Connected User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-18 22:44 - 2009-07-13 20:20 - 00000000 ___DC () C:\Windows\LiveKernelReports
2014-12-17 11:25 - 2012-11-14 18:52 - 00001226 ____C () C:\Users\Connected User\Desktop\Revo Uninstaller.lnk
2014-12-17 08:10 - 2014-03-29 06:14 - 00002441 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-15 19:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-12-15 13:20 - 2011-05-10 09:56 - 00301768 ____C () C:\Users\Connected User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-15 13:19 - 2009-07-13 21:45 - 01057400 ____C () C:\Windows\system32\FNTCACHE.DAT
2014-12-15 13:08 - 2011-05-11 20:10 - 00020672 ____C () C:\Windows\system32\lvcoinst.log
2014-12-15 13:07 - 2009-07-13 20:20 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-15 13:03 - 2009-07-13 20:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions
2014-12-15 13:00 - 2011-05-11 20:10 - 00000000 ___DC () C:\Program Files\Common Files\logishrd
2014-12-15 12:55 - 2011-03-18 10:58 - 00005821 ____C () C:\Windows\system32\RaCoInst.log
2014-12-13 19:42 - 2011-05-11 05:55 - 00000000 ___DC () C:\Users\Connected User\AppData\Local\Mozilla
2014-12-12 16:29 - 2009-07-13 20:20 - 00000000 ___DC () C:\Windows\system32\NDF
2014-12-12 11:28 - 2013-09-20 14:25 - 00000000 ___DC () C:\ProgramData\Skype
2014-12-12 11:26 - 2013-09-20 14:25 - 00000000 ___DC () C:\Users\Connected User\AppData\Roaming\Skype
2014-12-12 10:29 - 2011-12-29 18:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2014-12-12 10:29 - 2011-12-29 18:08 - 00000000 ___DC () C:\Program Files\Webroot
2014-12-12 10:29 - 2011-03-18 11:10 - 00000000 ___DC () C:\ProgramData\RoxioNow
2014-12-12 10:25 - 2009-07-13 20:20 - 00000000 ___DC () C:\Windows\registration
2014-12-11 04:23 - 2014-05-06 02:01 - 00000000 __SDC () C:\Windows\system32\CompatTel
2014-12-11 04:23 - 2009-07-13 20:20 - 00000000 ___DC () C:\Windows\AppCompat
2014-12-11 04:21 - 2013-08-04 01:23 - 00000000 ___DC () C:\Windows\system32\MRT
2014-12-11 04:16 - 2011-05-10 10:53 - 112710672 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 17:06 - 2011-12-29 18:08 - 00154760 ____C (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-12-10 17:06 - 2011-12-29 18:08 - 00115680 ____C (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-12-10 17:06 - 2011-12-29 18:08 - 00105320 ____C (Webroot) C:\Windows\system32\WRusr.dll
2014-12-09 18:58 - 2014-06-30 12:35 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-09 18:05 - 2011-05-11 05:57 - 00000000 ___DC () C:\Users\Connected User\Desktop\Computer Enhancer's
2014-12-09 18:03 - 2014-06-30 12:35 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-08 20:23 - 2011-05-11 05:57 - 00000000 ___DC () C:\Users\Connected User\AppData\Roaming\SolSuite
2014-11-24 14:04 - 2011-05-10 10:07 - 00275080 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-24 07:17 - 2009-07-13 22:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Connected User\AppData\Local\Temp\SIntf16.dll
C:\Users\Connected User\AppData\Local\Temp\SIntf32.dll
C:\Users\Connected User\AppData\Local\Temp\SIntfNT.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 00:59

==================== End Of Log ============================

 

 

 

Here is the log named "Addition" from the FRST program:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2014
Ran by Connected User at 2014-12-24 11:57:01
Running from C:\Users\Connected User\Desktop\Computer Enhancer's\Anti Virus Related
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
Canon MX430 series On-screen Manual (HKLM-x32\...\Canon MX430 series On-screen Manual) (Version:  - )
Canon MX430 series User Registration (HKLM-x32\...\Canon MX430 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )
Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
IncrediBackup (HKLM-x32\...\IncrediBackup) (Version: 1.0.0.1087 - IncrediMail Ltd.)
IncrediBackup (x32 Version: 1.0.0.1087 - IncrediMail) Hidden
IncrediMail (x32 Version: 6.6.0.5288 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5288 - IncrediMail Ltd.)
IncrediMail Data Manager 2.02 (HKLM-x32\...\{8E45B56B-F2BB-44D5-B728-7EAE92B6969D}_is1) (Version:  - Silent Wings Software)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Solar App 1.0 (HKLM\...\SolarApp) (Version: 1.00.46 - Logitech)
MahJong Suite 2014 v11.0 (HKLM-x32\...\MahJong Suite_is1) (Version: 11.0 - TreeCardGames)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 -  NewspaperDirect Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version:  - Ralink)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
SolSuite 2014 v14.7 (HKLM-x32\...\SolSuite_is1) (Version: 14.7 - TreeCardGames)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-326516807-3596904739-1954027703-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
Ultimate Ride Coaster Deluxe (HKLM-x32\...\{D59D6513-2076-11D6-AA2E-0008C760B784}) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.6.28 - Webroot)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.11.2 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.14 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-326516807-3596904739-1954027703-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?

==================== Restore Points  =========================

23-12-2014 08:34:42 Windows Update
23-12-2014 21:36:37 Installed InstallShield Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2011-12-22 09:11 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01141600-0DCB-4622-B712-4036677C1A91} - System32\Tasks\Paragon Archive name Backup => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2012 Free\program\scripts.exe
Task: {06C93337-44BD-49C7-A3FD-1D03481FCC44} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-20] (Adobe Systems Incorporated)
Task: {1268E989-B6D4-4588-ABA5-9B517D974FC9} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {397ED75C-53E4-461A-B93F-A8E8F40519D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {41285842-36A6-4E33-A7A3-E1EDDCD56BF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {5241A854-667E-49D0-BF51-A0814A7177DE} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {76EE88D8-B0CE-45C0-A384-38DB911303EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {77E7BA9A-6C5B-43F9-8A72-2017B3997058} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AAE62802-C46A-44A5-88BC-6962AB0975C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {C8984B69-01FC-4BB5-A7B7-8C6EF0E17F7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D4713AFE-53BB-492A-B98C-2F732F09B0B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Paragon Archive name Backup.job => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2012 Free\program\scripts.exe

==================== Loaded Modules (whitelisted) =============

2014-10-31 16:27 - 2014-10-31 16:27 - 00183488 ____C () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2010-05-20 08:22 - 2010-05-20 08:22 - 02352128 _____ () C:\Program Files\USDV Backup Pro\Bin\VBShellExt.dll
2010-04-13 13:04 - 2010-04-13 13:04 - 01405952 _____ () C:\Program Files\USDV Backup Pro\Bin\libxml2.dll
2010-09-15 10:31 - 2010-09-15 10:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-06-08 16:45 - 2009-06-08 16:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-18 10:57 - 2011-03-18 10:57 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-05-12 09:35 - 2012-05-25 03:25 - 00921600 ____C () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-10-27 09:10 - 2014-10-27 09:10 - 00033128 ____C () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
2014-10-27 09:10 - 2014-10-27 09:10 - 00072104 ____C () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
2014-10-27 09:10 - 2014-10-27 09:10 - 00272808 ____C () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
2014-06-04 16:18 - 2014-06-04 16:18 - 00080296 ____C () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll
2014-10-27 09:10 - 2014-10-27 09:10 - 00133544 ____C () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
2014-12-13 19:42 - 2014-11-26 09:40 - 03758192 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-01 14:02 - 2013-10-01 14:02 - 00108888 ____C () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0D797314
AlternateDataStreams: C:\ProgramData\Temp:13019F4B
AlternateDataStreams: C:\ProgramData\Temp:197DD5C6
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08
AlternateDataStreams: C:\ProgramData\Temp:5C92988B
AlternateDataStreams: C:\ProgramData\Temp:895C5142
AlternateDataStreams: C:\ProgramData\Temp:A082A539
AlternateDataStreams: C:\ProgramData\Temp:C0BCE04B
AlternateDataStreams: C:\ProgramData\Temp:CA7E8F16
AlternateDataStreams: C:\ProgramData\Temp:E3E08656
AlternateDataStreams: C:\ProgramData\Temp:F2E92DCD
AlternateDataStreams: C:\ProgramData\Temp:F54781BF
AlternateDataStreams: C:\ProgramData\Temp:FB97DB91

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-326516807-3596904739-1954027703-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: Hiyo => "C:\Program Files (x86)\HiYo\bin\HiYo.exe" /RunFromStartup
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-326516807-3596904739-1954027703-500 - Administrator - Disabled)
Connected User (S-1-5-21-326516807-3596904739-1954027703-1001 - Administrator - Enabled) => C:\Users\Connected User
Guest (S-1-5-21-326516807-3596904739-1954027703-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-326516807-3596904739-1954027703-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2014 11:30:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 5.1.0.5075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 34d4

Start Time: 01d01fa52c52ed40

Termination Time: 314

Application Path: C:\Program Files\CCleaner\CCleaner64.exe

Report Id: e356cfa5-8b9a-11e4-8e57-78acc0bf7013

Error: (12/24/2014 11:28:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 5.1.0.5075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e1c

Start Time: 01d01fa54c7bf8dd

Termination Time: 468

Application Path: C:\Program Files\CCleaner\CCleaner64.exe

Report Id: ae393b4b-8b9a-11e4-8e57-78acc0bf7013

Error: (12/24/2014 10:48:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc8bf
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0016927b
Faulting process id: 0x1bc8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/24/2014 09:00:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1c74
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/24/2014 08:22:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bce11
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0011fb5c
Faulting process id: 0x3560
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/23/2014 05:49:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcbb9
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0007ce49
Faulting process id: 0x3168
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/23/2014 05:48:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bca28
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x00119b6f
Faulting process id: 0x372c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/23/2014 05:41:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcd6e
Faulting module name: jscript9.dll, version: 11.0.9600.17496, time stamp: 0x546fe6d5
Exception code: 0xc0000005
Fault offset: 0x001083ba
Faulting process id: 0x3964
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/23/2014 04:09:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc96f
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x000a3849
Faulting process id: 0x3c6c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/23/2014 03:31:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc100
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x002cd1fc
Faulting process id: 0x2188
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (12/24/2014 11:00:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (12/24/2014 10:57:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (12/24/2014 10:48:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (12/24/2014 10:40:56 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (12/24/2014 10:23:45 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (12/24/2014 09:49:55 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume My Book.

Error: (12/24/2014 09:49:55 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume My Book.

Error: (12/24/2014 09:49:55 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume My Book.

Error: (12/24/2014 09:49:55 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume My Book.

Error: (12/24/2014 09:49:40 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume My Book.


Microsoft Office Sessions:
=========================
Error: (12/24/2014 11:30:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CCleaner64.exe5.1.0.507534d401d01fa52c52ed40314C:\Program Files\CCleaner\CCleaner64.exee356cfa5-8b9a-11e4-8e57-78acc0bf7013

Error: (12/24/2014 11:28:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CCleaner64.exe5.1.0.50752e1c01d01fa54c7bf8dd468C:\Program Files\CCleaner\CCleaner64.exeae393b4b-8b9a-11e4-8e57-78acc0bf7013

Error: (12/24/2014 10:48:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc8bfMSHTML.dll11.0.9600.17496546ff2f9c00000fd0016927b1bc801d01fa19242ba22C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll1a6935c7-8b95-11e4-8e57-78acc0bf7013

Error: (12/24/2014 09:00:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014251c7401d01f8a2ee23db8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf64a13c9-8b85-11e4-8e57-78acc0bf7013

Error: (12/24/2014 08:22:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bce11MSHTML.dll11.0.9600.17496546ff2f9c00000fd0011fb5c356001d01f8d41749e74C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllae7ba68d-8b80-11e4-8e57-78acc0bf7013

Error: (12/23/2014 05:49:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bcbb9MSHTML.dll11.0.9600.17496546ff2f9c00000fd0007ce49316801d01f125adf264cC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlladf17d34-8b06-11e4-8d45-78acc0bf7013

Error: (12/23/2014 05:48:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bca28MSHTML.dll11.0.9600.17496546ff2f9c00000fd00119b6f372c01d01f12641ab7f8C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll83ec57d1-8b06-11e4-8d45-78acc0bf7013

Error: (12/23/2014 05:41:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bcd6ejscript9.dll11.0.9600.17496546fe6d5c0000005001083ba396401d01f11aa3c7fb0C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\jscript9.dll8dd82fa8-8b05-11e4-8d45-78acc0bf7013

Error: (12/23/2014 04:09:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc96fMSHTML.dll11.0.9600.17496546ff2f9c00000fd000a38493c6c01d01f0528091e8aC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllb6d13d5a-8af8-11e4-8d45-78acc0bf7013

Error: (12/23/2014 03:31:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc100MSHTML.dll11.0.9600.17496546ff2f9c00000fd002cd1fc218801d01eff96a7d835C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll66c1327c-8af3-11e4-8d45-78acc0bf7013


==================== Memory info ===========================

Processor: AMD Phenom II X4 840T Processor
Percentage of memory in use: 91%
Total physical RAM: 5887.29 MB
Available physical RAM: 499.83 MB
Total Pagefile: 11772.75 MB
Available Pagefile: 5712.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.5 GB) (Free:792.62 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.92 GB) (Free:1.58 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (URideDx) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS
Drive j: (My Book) (Fixed) (Total:2794.49 GB) (Free:1869.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E4203EA5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End Of Log ============================

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
Link to post
Share on other sites

Good. Now let's scan with FRST again:
 
 
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

I haven't done anything on the computer - waiting for your reply.

 

However, I received an email from my service provider saying that I have a "bot" and giving me a way to get rid of it.  I have not clicked on anything.  I have attached a text version of the email, I tried to copy the content into here and it won't let me.  As far as I can tell, it is really from my internet provider (though it could be fake and I wouldn't know it!)

 

Constant Guard Service Alert.txt

Link to post
Share on other sites

I'm not touching anything until I hear back from you!  Will I need to change all my passwords again (I've done that twice in the last month)?

 

Can you tell me what kind of virus the first one was?  Was it one that steals info?  Is it one that someone made just for "fun"?  Or was there a purpose behind it?

Link to post
Share on other sites

This virus is called Poweliks, it doesn't collect your passwords, but it is a good precaution to change them from time to time.
 
Email from Comcast seems legit, but you should contact them to verify it.
 
 
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

Thank you for all of your help.  So, once I run the Delfix - the machine is clean? 

 

The initial post from you said not to surf, so I haven't done anything since we started this.

 

I will call comcast and make sure the email is legit - if it is, I'm guessing I should run their fix tool?  I'm not 100% sure what a bot does, so I'm not sure what to do about it.

Link to post
Share on other sites

 
  1. Close all Internet Explorer windows.
     
  2. Press the Windows key windows_key_icon.jpg + R
     
  3. Type inetcpl.cpl into the Open field and click OK. This will open Internet Properties (otherwise known as Internet Options).

    SOLN3587Fig1-1.png

    Figure 1-1

  4. Click the Security tab icon-rarr_10x9.png Reset all zones to default level.

    SOLN3587Fig1-2.png

    Figure 1-2

  5. When you are finished, click OK to save your changes.
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.