Jump to content

Recommended Posts

In this post are the FRST.txt and Addition.txt logs.

 

Thank you so much!!!  (in advance)

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2015
Ran by Dodie (administrator) on DODIE-PC on 02-01-2015 19:03:29
Running from C:\Users\Dodie\Desktop
Loaded Profile: Dodie (Available profiles: Dodie & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Support.com, Inc.) C:\Program Files (x86)\AOL Computer Checkup\sdcService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe
(Vertro Inc.) C:\Users\Dodie\AppData\LocalLow\alotservice\alotservice.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(ABBYY) C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenshotReader.exe
(Support.com, Inc.) C:\Program Files (x86)\AOL Computer Checkup\sdcCont.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1403890630\ee\aolsoftware.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
() C:\ProgramData\HP Photo Creations\MessageCheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [MakiwaraNotify] => C:\Program Files (x86)\AOL Computer Checkup\sdccont.exe [84056 2014-04-25] (Support.com, Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1403890630\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-28] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\...\Run: [ABBYY Screenshot Reader Retail] => C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenshotReader.exe [959752 2009-10-26] (ABBYY)
HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [72296 2014-09-16] (AOL Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDCDisabled ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
URLSearchHook: HKLM-x32 - (No Name) - {7f0d2b4d-8224-4987-b8c8-311b59909a36} - No File
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {1C725617-C489-43B3-9188-4B3AC0C7823D} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ie
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> {643E0B63-18C8-4655-9AD0-4230DF3BCBDF} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2429397
SearchScopes: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS469US469
SearchScopes: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> {E5840621-D7E0-428D-8B27-C1C56FF602AE} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ie
SearchScopes: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: No Name -> {7f0d2b4d-8224-4987-b8c8-311b59909a36} ->  No File
BHO-x32: No Name -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {7f0d2b4d-8224-4987-b8c8-311b59909a36} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {A531D99C-5A22-449b-83DA-872725C6D0ED} -  No File
Toolbar: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> No Name - {7F0D2B4D-8224-4987-B8C8-311B59909A36} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Dodie\AppData\Roaming\Mozilla\Firefox\Profiles\a3jmxa1j.default
FF DefaultSearchEngine: Google (avast)
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Dodie\AppData\Roaming\Mozilla\Firefox\Profiles\a3jmxa1j.default\searchplugins\aolsearch.xml
FF SearchPlugin: C:\Users\Dodie\AppData\Roaming\Mozilla\Firefox\Profiles\a3jmxa1j.default\searchplugins\google-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\aolsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: AOL Toolbar - C:\Users\Dodie\AppData\Roaming\Mozilla\Firefox\Profiles\a3jmxa1j.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-31]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014-12-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-28]
FF HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.my.aol.com/
CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0Dzyzz0D0D0EyByC0DyCyDtN0D0Tzu0StCtDyBtAtN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StCyB0EtCyC0BtA0CtG0EzytAyEtG0Czy0BtAtG0ByDtCyDtGyEtA0AtAzz0CtA0A0CtD0A0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CzztCtCtDyEyC0DtGyB0EyDyDtGyEyCyDzytGzz0AtAtBtGyE0B0CtCyE0A0F0DyE0E0B0E2Q&cr=1856151474&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-13]
CHR Extension: (Google Drive) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-05]
CHR Extension: (Google Search) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-05]
CHR Extension: (Avast SafePrice) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-02]
CHR Extension: (Avast Online Security) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-28]
CHR Extension: (Google Wallet) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-27]
CHR Extension: (Gmail) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-05]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0; C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AlotService; C:\Users\Dodie\AppData\LocalLow\alotservice\alotservice.exe [252264 2012-05-23] (Vertro Inc.)
R2 AOL Computer Checkup; C:\Program Files (x86)\AOL Computer Checkup\SDCService.exe [586840 2014-04-25] (Support.com, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-28] (AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
S4 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [116224 2009-10-14] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S2 0083101417646986mcinstcleanup; C:\Windows\TEMP\008310~1.EXE -cleanup -nolog [X]
S2 ssrang_supportdotcom; "C:\Program Files (x86)\supportdotcom\rang\ssrangsv.exe" -service "-provider" "supportdotcom" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-08-19] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138872 2011-08-19] (SlySoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-28] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 EtmDevPch; C:\Windows\System32\DRIVERS\EtmDevPch.sys [67392 2012-10-13] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation)
R3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-02 19:03 - 2015-01-02 19:05 - 00026570 _____ () C:\Users\Dodie\Desktop\FRST.txt
2015-01-02 19:01 - 2015-01-02 19:03 - 00000000 ____D () C:\Users\Dodie\Desktop\FRST-OlderVersion
2015-01-02 14:28 - 2015-01-02 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-02 13:22 - 2015-01-02 13:22 - 00093968 _____ () C:\Users\Dodie\Downloads\bookmarks (1).html
2015-01-02 13:13 - 2015-01-02 13:13 - 00141615 _____ () C:\Users\Dodie\Documents\Favorite Places 2.pfc
2015-01-02 13:07 - 2015-01-02 13:07 - 00093968 _____ () C:\Users\Dodie\Downloads\bookmarks.html
2015-01-02 12:58 - 2015-01-02 12:58 - 00000000 __SHD () C:\Users\Dodie\AppData\Local\EmieBrowserModeList
2014-12-29 10:06 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-29 10:06 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-28 15:05 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-28 15:05 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-28 14:36 - 2015-01-02 18:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d022ddf9ff14a0.job
2014-12-28 14:36 - 2015-01-02 14:41 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d022ddf9b7ab58.job
2014-12-28 14:36 - 2014-12-28 14:36 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d022ddf9ff14a0
2014-12-28 14:36 - 2014-12-28 14:36 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d022ddf9b7ab58
2014-12-28 14:08 - 2012-10-13 07:08 - 00165952 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys
2014-12-28 14:08 - 2012-10-13 07:08 - 00067392 _____ (Intel Corporation) C:\Windows\system32\Drivers\EtmDevPch.sys
2014-12-28 13:49 - 2014-12-28 13:49 - 00000000 _____ () C:\Windows\SysWOW64\枈lotserviceruntime.log
2014-12-28 13:44 - 2014-12-28 14:08 - 00011058 _____ () C:\Windows\DPINST.LOG
2014-12-28 13:43 - 2014-12-28 13:43 - 00510496 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2014-12-28 13:43 - 2013-03-11 15:51 - 00384904 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2014-12-28 13:43 - 2013-03-11 15:51 - 00384832 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2014-12-28 13:43 - 2013-03-11 15:51 - 00104792 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2014-12-28 13:43 - 2013-03-11 15:51 - 00104720 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2014-12-28 13:43 - 2013-03-11 15:50 - 00034824 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-12-28 13:43 - 2012-11-27 00:35 - 00017448 _____ () C:\Windows\system32\iglhxs64.vp
2014-12-28 13:43 - 2012-11-27 00:31 - 00418336 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2014-12-28 13:43 - 2012-11-27 00:31 - 00240672 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-12-28 13:43 - 2012-11-27 00:31 - 00168480 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2014-12-28 13:43 - 2012-11-27 00:30 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2858.dll
2014-12-28 13:43 - 2012-11-27 00:00 - 00287232 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00287232 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00287232 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00285696 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00285696 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00285184 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00285184 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00283648 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00283136 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2014-12-28 13:43 - 2012-11-27 00:00 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2014-12-28 13:43 - 2012-11-26 23:59 - 00390144 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2014-12-28 13:43 - 2012-11-26 23:59 - 00378368 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2014-12-28 13:43 - 2012-11-26 23:59 - 00376320 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2014-12-28 13:43 - 2012-11-26 23:59 - 00062464 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2014-12-28 13:43 - 2012-11-26 23:59 - 00004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2014-12-28 13:43 - 2012-11-26 23:58 - 09014784 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2014-12-28 13:43 - 2012-11-26 23:58 - 00285696 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2014-12-28 13:43 - 2012-11-26 23:58 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2014-12-28 13:43 - 2012-11-26 23:56 - 00293888 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2014-12-28 13:43 - 2012-11-26 23:56 - 00024576 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-12-28 13:43 - 2012-11-26 23:54 - 00246784 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-12-28 13:43 - 2012-11-26 23:54 - 00219136 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-12-28 13:42 - 2013-03-11 15:50 - 08369024 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2014-12-28 13:42 - 2013-03-11 15:50 - 04834040 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2014-12-28 13:42 - 2012-11-27 00:31 - 04379680 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2014-12-28 13:42 - 2012-11-27 00:31 - 00393760 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2014-12-28 13:42 - 2012-11-27 00:26 - 12311776 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-12-28 13:42 - 2012-11-27 00:07 - 18664960 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2014-12-28 13:42 - 2012-11-27 00:03 - 13913600 _____ () C:\Windows\SysWOW64\ig4icd32.dll
2014-12-28 13:42 - 2012-11-27 00:00 - 00211303 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00182706 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00153167 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00140216 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00138727 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00136603 _____ () C:\Windows\system32\Gfxres.ro-RO.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00135370 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00134836 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00134412 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00134384 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00133846 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00133709 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00133178 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00132788 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00131839 _____ () C:\Windows\system32\Gfxres.hr-HR.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00128996 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00128831 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00117636 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2014-12-28 13:42 - 2012-11-27 00:00 - 00116348 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2014-12-28 13:42 - 2012-11-26 23:59 - 00146432 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2014-12-28 13:42 - 2012-11-26 23:59 - 00110080 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2014-12-28 13:42 - 2012-11-26 23:54 - 02780160 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-12-28 13:42 - 2012-11-26 23:54 - 02191872 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-12-28 13:41 - 2012-11-27 00:31 - 00185376 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-12-28 13:41 - 2012-11-27 00:00 - 00198139 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2014-12-28 13:41 - 2012-11-27 00:00 - 00156233 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2014-12-28 13:41 - 2012-11-27 00:00 - 00149009 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2014-12-28 13:41 - 2012-11-27 00:00 - 00137846 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2014-12-28 13:41 - 2012-11-27 00:00 - 00137668 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2014-12-28 13:41 - 2012-11-27 00:00 - 00135628 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2014-12-28 13:41 - 2012-11-27 00:00 - 00133404 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2014-12-28 13:41 - 2012-11-27 00:00 - 00132889 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2014-12-28 13:41 - 2012-11-27 00:00 - 00128535 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2014-12-28 13:41 - 2012-11-27 00:00 - 00124052 _____ () C:\Windows\system32\Gfxres.en-US.resources
2014-12-28 13:28 - 2015-01-01 19:41 - 00002578 _____ () C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c
2014-12-28 13:28 - 2015-01-01 19:41 - 00000304 _____ () C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job
2014-12-28 13:28 - 2014-12-28 13:28 - 00001245 _____ () C:\Users\Dodie\Desktop\DriverMax.lnk
2014-12-28 13:28 - 2014-12-28 13:28 - 00000000 ____D () C:\Users\Dodie\AppData\Roaming\RHEng
2014-12-28 13:28 - 2014-12-28 13:28 - 00000000 ____D () C:\Users\Dodie\AppData\Roaming\Innovative Solutions
2014-12-28 13:28 - 2014-12-28 13:28 - 00000000 ____D () C:\Users\Dodie\AppData\Local\Innovative Solutions
2014-12-28 13:28 - 2014-12-28 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2014-12-28 13:28 - 2014-12-28 13:28 - 00000000 ____D () C:\Program Files (x86)\Innovative Solutions
2014-12-28 13:24 - 2014-12-28 13:25 - 05714824 _____ (Innovative Solutions ) C:\Users\Dodie\Downloads\drivermax_7_47_cnet.exe
2014-12-28 13:05 - 2014-12-28 13:05 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-28 13:05 - 2014-12-28 13:05 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-28 11:39 - 2015-01-01 20:14 - 00003278 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1056878267-1787722111-3398097573-1000
2014-12-28 11:35 - 2014-12-28 11:35 - 00000112 _____ () C:\INSTALLHELPER.LOG
2014-12-28 11:29 - 2014-12-28 11:29 - 00000000 ____D () C:\Users\Dodie\AppData\Roaming\Dropbox
2014-12-28 11:18 - 2014-12-28 11:18 - 00000000 ____D () C:\Users\Dodie\AppData\Roaming\AVAST Software
2014-12-28 11:17 - 2014-12-28 11:17 - 00001971 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-28 11:17 - 2014-12-28 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-28 11:16 - 2015-01-02 12:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-28 11:16 - 2014-12-28 11:17 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-28 11:16 - 2014-12-28 11:16 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-28 11:16 - 2014-12-28 11:16 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-28 11:16 - 2014-12-28 11:16 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-28 11:16 - 2014-12-28 11:16 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-28 11:16 - 2014-12-28 11:16 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-28 11:16 - 2014-12-28 11:16 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-28 11:16 - 2014-12-28 11:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-28 11:16 - 2014-12-28 11:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-28 11:16 - 2014-12-28 11:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-28 11:10 - 2014-12-28 11:10 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-28 11:09 - 2014-12-28 11:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-28 11:08 - 2014-12-28 11:09 - 05006864 _____ (AVAST Software) C:\Users\Dodie\Downloads\avast_free_antivirus_setup_online.exe
2014-12-28 00:24 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-28 00:24 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-28 00:24 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-28 00:24 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-28 00:24 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-28 00:24 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-28 00:24 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-28 00:24 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-28 00:24 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-28 00:24 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-28 00:24 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-28 00:24 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-28 00:24 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-28 00:24 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-28 00:24 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-28 00:24 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-28 00:24 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-28 00:24 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-28 00:24 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-28 00:24 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-28 00:24 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-28 00:24 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-28 00:24 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-28 00:24 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-28 00:24 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-28 00:24 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-28 00:24 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-28 00:24 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-28 00:24 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-28 00:24 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-28 00:24 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-28 00:24 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-28 00:24 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-28 00:24 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-28 00:24 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-28 00:24 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-28 00:24 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-28 00:24 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-28 00:24 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-28 00:24 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-28 00:24 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-28 00:24 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-28 00:24 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-28 00:24 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-28 00:24 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-28 00:23 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-28 00:23 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-28 00:23 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-28 00:23 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-28 00:23 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-28 00:23 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-28 00:23 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-28 00:23 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-28 00:23 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-28 00:23 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-28 00:23 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-28 00:23 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-28 00:22 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-28 00:22 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-28 00:21 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-28 00:21 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-28 00:21 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-28 00:21 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-28 00:21 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-28 00:21 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-28 00:21 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-28 00:21 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-28 00:21 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-28 00:21 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-28 00:21 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-28 00:21 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-28 00:15 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-28 00:15 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-28 00:15 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-28 00:15 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-28 00:15 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-28 00:15 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-28 00:15 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-28 00:15 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-28 00:15 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-28 00:15 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-28 00:15 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-28 00:15 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-28 00:14 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-28 00:13 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-28 00:13 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-28 00:02 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-28 00:02 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-28 00:02 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-28 00:02 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-28 00:02 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-28 00:02 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-28 00:02 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-28 00:02 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-28 00:02 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-28 00:02 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-28 00:02 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-28 00:01 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-28 00:01 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-28 00:01 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-28 00:01 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-28 00:01 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-28 00:01 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-28 00:01 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-28 00:01 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-28 00:01 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-28 00:01 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-28 00:01 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-28 00:01 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-28 00:01 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-28 00:01 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-28 00:01 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-28 00:01 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-28 00:01 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-28 00:01 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-28 00:01 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-28 00:01 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-27 21:35 - 2014-12-27 21:36 - 18423384 _____ () C:\Users\Dodie\Downloads\RogueKillerX64.exe
2014-12-27 19:43 - 2014-12-27 19:44 - 00037205 _____ () C:\Users\Dodie\Downloads\Addition.txt
2014-12-27 19:43 - 2014-12-27 19:44 - 00034952 _____ () C:\Users\Dodie\Downloads\FRST.txt
2014-12-22 20:02 - 2014-12-22 20:02 - 00041984 _____ () C:\Users\Dodie\Downloads\2014_Meds (1).xls
2014-12-22 20:00 - 2014-12-22 20:00 - 00041984 _____ () C:\Users\Dodie\Downloads\2014_Meds.xls
2014-12-13 17:24 - 2014-12-13 17:24 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-12-13 17:22 - 2014-12-13 17:22 - 00834424 _____ (SlimWare Utilities, Inc.) C:\Users\Dodie\Downloads\DriverUpdate-setup.exe
2014-12-13 16:58 - 2014-12-27 19:43 - 00000000 ____D () C:\Users\Dodie\Downloads\FRST-OlderVersion
2014-12-11 15:50 - 2014-12-11 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-11 15:42 - 2014-12-11 16:06 - 00000000 ____D () C:\Users\Dodie\Downloads\mbar
2014-12-11 15:40 - 2014-12-11 15:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Dodie\Downloads\mbar-1.08.2.1001.exe
2014-12-10 16:37 - 2014-12-10 16:37 - 00823296 _____ ( ) C:\Users\Dodie\Downloads\Free_Download_Setup.exe
2014-12-10 16:30 - 2014-12-10 16:30 - 04707328 _____ () C:\Users\Dodie\Downloads\RogueKiller (1).exe
2014-12-10 16:27 - 2014-12-10 16:27 - 04707328 _____ () C:\Users\Dodie\Downloads\RogueKiller.exe
2014-12-10 16:27 - 2014-12-10 16:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-09 20:08 - 2014-12-11 12:50 - 00000000 ____D () C:\Users\Dodie\AppData\Local\Search Extensions
2014-12-09 20:08 - 2014-12-09 21:47 - 00000000 ____D () C:\Users\Dodie\AppData\Local\ICSharpCode.net
2014-12-09 19:35 - 2014-12-28 11:43 - 00000000 ____D () C:\Users\Dodie\Desktop\ALL DESKTOP FOLDERS
2014-12-09 19:26 - 2014-12-09 19:26 - 00000000 ____D () C:\Users\Dodie\Documents\Optimizer Pro
2014-12-09 19:21 - 2014-12-09 21:47 - 00000000 ____D () C:\Users\Dodie\AppData\Roaming\DigitalSites
2014-12-09 18:56 - 2015-01-02 19:03 - 02123264 _____ (Farbar) C:\Users\Dodie\Desktop\FRST64.exe
2014-12-09 18:56 - 2015-01-02 19:03 - 00000000 ____D () C:\FRST
2014-12-08 22:28 - 2015-01-01 19:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 22:27 - 2014-12-11 15:43 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-08 22:27 - 2014-12-08 22:27 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 22:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-08 22:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-08 22:17 - 2014-12-08 22:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dodie\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-07 17:10 - 2014-12-08 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-07 17:10 - 2014-12-08 22:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-07 17:10 - 2014-12-07 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-03 18:41 - 2014-12-28 17:56 - 00003460 _____ () C:\Windows\System32\Tasks\SpeedFixTool_Popup
2014-12-03 16:21 - 2014-12-03 16:21 - 05160608 _____ (McAfee, Inc.) C:\Users\Dodie\Downloads\McAfeeSetup-Serial (1).exe
2014-12-03 16:15 - 2015-01-02 14:28 - 00001851 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-12-03 16:14 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-12-03 16:13 - 2014-12-03 16:13 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-12-03 16:12 - 2014-12-03 16:15 - 00000000 ____D () C:\Program Files\McAfee
2014-12-03 16:12 - 2014-12-03 16:14 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-03 16:12 - 2014-12-03 16:12 - 00000000 ____D () C:\Program Files\McAfee.com
2014-12-03 16:03 - 2014-12-08 23:36 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-03 16:03 - 2014-12-08 23:36 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-12-03 16:03 - 2014-06-20 10:30 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-12-03 16:02 - 2014-12-03 16:02 - 05160608 _____ (McAfee, Inc.) C:\Users\Dodie\Downloads\McAfeeSetup-Serial.exe
2014-12-03 15:58 - 2014-12-03 15:58 - 00000550 _____ () C:\Windows\Tasks\MainUIModule_AOL_Computer Checkup_{BDA49F87-1626-484F-AB5B-41EA29B28AD7}.job
2014-12-03 15:48 - 2014-12-03 15:48 - 03480040 _____ (McAfee, Inc.) C:\Users\Dodie\Downloads\MCPR.exe
2014-12-03 15:09 - 2014-12-03 15:09 - 00001040 _____ () C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
2014-12-03 15:07 - 2014-12-08 23:36 - 00000000 ____D () C:\Program Files (x86)\AOL Desktop 9.7
2014-12-03 15:07 - 2014-12-03 15:09 - 00031944 _____ () C:\install.log
2014-12-03 15:03 - 2014-12-03 15:06 - 81551824 _____ (AOL Inc.) C:\Users\Dodie\Downloads\setup.exe
2014-12-03 14:40 - 2014-12-03 14:40 - 00000050 _____ () C:\Windows\SysWOW64\⥸N婸Nlotserviceruntime.log
2014-12-03 14:37 - 2014-12-03 14:37 - 00002333 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL Computer Checkup.lnk
2014-12-03 14:37 - 2014-12-03 14:37 - 00002279 _____ () C:\Users\Public\Desktop\AOL Computer Checkup.lnk
2014-12-03 14:37 - 2014-12-03 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL Computer Checkup
2014-12-03 14:37 - 2014-12-03 14:37 - 00000000 ____D () C:\ProgramData\AOL Computer Checkup
2014-12-03 14:35 - 2014-12-08 23:36 - 00000000 ____D () C:\Program Files (x86)\AOL Computer Checkup
2014-12-03 14:35 - 2014-12-03 14:35 - 00768288 _____ (AOL) C:\Users\Dodie\Downloads\AOLComputerCheckupDM.exe
2014-12-03 14:21 - 2014-12-28 11:39 - 00001382 _____ () C:\Users\Dodie\Desktop\Internet Explorer.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-02 18:59 - 2009-07-13 23:13 - 00854542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 18:55 - 2014-09-30 13:53 - 31498959 _____ () C:\alotserviceruntime.log
2015-01-02 18:55 - 2012-04-23 07:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-02 18:55 - 2012-03-31 22:00 - 00000324 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-01-02 18:55 - 2012-01-15 16:26 - 01538088 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 18:55 - 2010-07-23 00:47 - 00000000 ____D () C:\ProgramData\Temp
2015-01-01 22:46 - 2012-05-13 16:28 - 00000000 ____D () C:\Users\Dodie\Deskop
2015-01-01 22:08 - 2012-02-14 08:46 - 00000000 ____D () C:\ProgramData\AOL
2015-01-01 20:14 - 2014-10-09 13:37 - 00000000 ____D () C:\Program Files (x86)\AOL Toolbar
2015-01-01 20:14 - 2014-07-02 11:41 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-01 19:50 - 2009-07-13 22:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 19:50 - 2009-07-13 22:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 19:42 - 2014-10-15 19:26 - 00015694 _____ () C:\Windows\DtcInstall.log
2015-01-01 19:41 - 2014-10-15 19:26 - 00007572 _____ () C:\Windows\setupact.log
2015-01-01 19:41 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 22:51 - 2012-03-10 13:01 - 00002356 _____ () C:\Windows\system32\regHiveData.bin
2014-12-29 18:57 - 2014-05-19 15:58 - 00000000 ____D () C:\Users\DefaultAppPool
2014-12-28 18:31 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-28 18:06 - 2014-10-08 20:36 - 00000000 ____D () C:\Users\Dodie\Documents\SpeedFixTool
2014-12-28 15:19 - 2014-08-13 12:11 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfb722abc7807.job
2014-12-28 15:19 - 2014-08-13 12:11 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfb722a4311d9.job
2014-12-28 15:19 - 2009-07-13 22:45 - 00428264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-28 15:18 - 2014-10-15 19:26 - 00109064 _____ () C:\Windows\PFRO.log
2014-12-28 15:18 - 2010-07-23 00:52 - 00000000 ____D () C:\Program Files\Google
2014-12-28 15:18 - 2010-07-23 00:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-28 15:16 - 2012-03-18 11:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-28 15:16 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-28 15:15 - 2014-08-04 16:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-28 15:10 - 2012-01-15 20:24 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-28 14:39 - 2014-08-13 12:13 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-28 14:36 - 2012-01-15 17:14 - 00000000 ____D () C:\Users\Dodie\AppData\Local\Deployment
2014-12-28 13:56 - 2012-02-03 18:15 - 00000000 ____D () C:\Users\Dodie\AppData\Local\Google
2014-12-28 13:56 - 2010-07-23 00:52 - 00000000 ____D () C:\ProgramData\Google
2014-12-28 13:42 - 2010-07-23 01:31 - 05721376 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2014-12-28 13:05 - 2012-02-08 11:18 - 00000000 ____D () C:\Users\Dodie\AppData\Local\Adobe
2014-12-28 13:05 - 2012-01-15 17:33 - 00000000 ____D () C:\Users\Dodie\AppData\Roaming\Adobe
2014-12-28 13:05 - 2010-07-23 00:57 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-28 11:32 - 2012-02-14 08:41 - 00000569 _____ () C:\Windows\wininit.ini
2014-12-28 11:30 - 2012-04-23 07:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-28 11:30 - 2012-04-23 07:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-28 11:30 - 2012-02-04 14:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-27 20:16 - 2014-11-18 22:42 - 00000000 __HDC () C:\ProgramData\{B867311F-7752-4D43-AD4E-FE953FE49704}
2014-12-14 15:11 - 2010-12-18 15:16 - 00000000 ____D () C:\Users\Dodie\Documents\Family Tree Maker
2014-12-11 15:45 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-11 15:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-10 12:32 - 2007-07-11 19:49 - 00000000 ____D () C:\Windows\Panther
2014-12-09 21:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing
2014-12-08 23:36 - 2014-10-08 20:37 - 00000000 ____D () C:\Users\Dodie\AppData\Local\SpeedFixTool
2014-12-08 23:36 - 2012-04-24 08:26 - 00000000 ____D () C:\Program Files (x86)\ABBYY Screenshot Reader
2014-12-08 23:36 - 2012-01-15 16:31 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2014-12-08 23:36 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-12-08 21:38 - 2012-01-15 17:12 - 00000000 ____D () C:\Users\Dodie
2014-12-07 17:24 - 2012-02-16 11:02 - 00000000 ____D () C:\Windows\Minidump
2014-12-03 18:20 - 2012-03-07 20:37 - 00000000 ____D () C:\Windows\SystemRepair
2014-12-03 15:58 - 2012-02-14 08:47 - 00000000 ____D () C:\Users\Dodie\AppData\Roaming\AOL
2014-12-03 15:10 - 2012-02-14 08:46 - 00000000 ____D () C:\Users\Dodie\AppData\Local\AOL
2014-12-03 15:09 - 2014-06-27 11:38 - 00000974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop 9.7.lnk
2014-12-03 15:09 - 2012-02-14 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2014-12-03 15:08 - 2014-07-02 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 
Files to move or delete:
====================
C:\Users\Dodie\AOLComputerCheckupDM.exe
C:\Users\Dodie\install_flashplayer11x64ax_chra_aih.exe
C:\Users\Dodie\PS_AIO_07_D110_USW_Basic_Win_enu_140_126.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-28 01:50
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites

Addition.txt

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-01-2015

Ran by Dodie at 2015-01-02 19:06:55

Running from C:\Users\Dodie\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

ABBYY Screenshot Reader (HKLM-x32\...\{F9000000-0015-0000-0000-074957833700}) (Version: 9.010.483.59810 - ABBYY)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden

AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.8.8.0 - SlySoft)

AOL Computer Checkup (HKLM-x32\...\AOL Computer Checkup) (Version: 3.3.19.1 - AOL)

AOL Help Me Free PC Performance and Virus Quick Scan (HKLM-x32\...\AOL Help Me Free PC Performance and Virus Quick Scan) (Version: 1.0.1 - Sutherland Global Services, Inc.)

AOL Help Me Free PC Performance and Virus Quick Scan (x32 Version: 1.0.1 - Sutherland Global Services, Inc.) Hidden

AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

Backup Manager Basic (x32 Version: 2.0.0.63 - NewTech Infosystems) Hidden

BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)

Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden

Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)

Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)

BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)

D110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden

Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.47.0.998 - Innovative Solutions)

ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)

Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)

Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden

Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)

Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.63 - NewTech Infosystems)

Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Gateway Incorporated)

Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Gateway Incorporated)

Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3003 - Gateway Incorporated)

Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0121.2010 - Gateway Incorporated)

Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)

Gateway Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden

Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Gateway Incorporated)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden

Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP Photo Creations Powered by RocketLife)

HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)

HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)

HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden

HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Gateway Incorporated)

ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Gateway)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nero 9 Essentials (HKLM-x32\...\{c52c2553-9ad9-428e-a241-fc42cc06b991}) (Version:  - Nero AG)

Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden

Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden

Nexus® (HKLM-x32\...\supportdotcom Nexus) (Version: 65.0.2.0 - Support.com, Inc.)

ParetoLogic Privacy Controls (HKLM-x32\...\{29ACDA07-0CAD-4751-B3A4-3E03C5F74673}) (Version: 3.2.0.0 - ParetoLogic, Inc.)

PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden

QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)

Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden

Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate)

Serif AlbumPlus X4 (HKLM-x32\...\{A6AA9ABB-B7F8-49D6-9B2B-B7F5B6302D6A}) (Version: 7.0.2.014 - Serif (Europe) Ltd)

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden

Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden

The Genealogy Gems Podcast Toolbar (HKLM-x32\...\The_Genealogy_Gems_Podcast Toolbar) (Version: 6.8.5.1 - The Genealogy Gems Podcast)

Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Video Web Camera (HKLM-x32\...\{83299633-1261-47A3-84F3-6F02B4B8CDB1}) (Version: 2.0.5.0 - liteon)

Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )

WD SmartWare (HKLM\...\{B36AB323-9849-4486-AB8F-93E64A06E716}) (Version: 1.1.1.6 - Western Digital)

WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden

Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3002 - Gateway Incorporated)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

02-01-2015 01:38:02 Scheduled Checkpoint

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {05FBC396-430B-45D8-A490-A2452913C272} - \RegCure Pro Startup No Task File <==== ATTENTION

Task: {087F71DE-6577-4309-B4E4-23BF85E9CBAC} - \ParetoLogic Update Version3_triggeronce No Task File <==== ATTENTION

Task: {11F3EB5B-1C33-423D-9906-71F589817B9F} - System32\Tasks\GoogleUpdateTaskMachineCore1d022ddf9b7ab58 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

Task: {168BF0A0-07CF-43E1-91A1-332B9F49F531} - System32\Tasks\GoogleUpdateTaskMachineUA1d022ddf9ff14a0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

Task: {17CA675F-782F-42FF-9FDD-D10DC791A0EC} - System32\Tasks\GoogleUpdateTaskMachineUA1cfb722abc7807 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

Task: {1855966C-FB3B-4379-9C56-A09E3F5D7DE3} - \ParetoLogic Update Version3 Startup Task No Task File <==== ATTENTION

Task: {1ED3A984-3244-400B-A7AC-A41E93D1FED4} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe [2014-12-17] (Innovative Solutions)

Task: {34F2F4A4-4981-45F1-BC84-906A2D7BB0E4} - \Privacy Controls_{A973111A-48D6-11E4-AEAC-00038A000015} No Task File <==== ATTENTION

Task: {3740B5D8-76E1-4557-90FF-D272EF785E3E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-28] (AVAST Software)

Task: {375BC770-CC74-4342-94C3-323841952A2A} - System32\Tasks\{94315B18-D2D7-494C-B52B-5856293A0B50} => pcalua.exe -a "E:\Seagate Dashboard Installer.exe"

Task: {3C5F3FD2-14D4-49E3-B1BF-FABEEF341792} - System32\Tasks\GoogleUpdateTaskMachineCore1cfb722a4311d9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

Task: {4005D248-A764-4DE1-8FF1-AF2DF9AEA743} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-28] (Adobe Systems Incorporated)

Task: {41C45C16-1AE8-4B4C-99AA-28F852C7D96C} - System32\Tasks\Dodie => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)

Task: {4819F9FF-5CDA-4B05-9806-CFA244EA0585} - \ParetoLogic Registration3 No Task File <==== ATTENTION

Task: {4FAD52B8-D755-46E9-AC34-734B27D8F075} - \RegCure Pro_sch_3CDCE6F9-48D1-11E4-AEAC-00038A000015 No Task File <==== ATTENTION

Task: {546202F9-EF29-41D4-8486-71F68CBC7B34} - System32\Tasks\SpeedFixTool_Popup => C:\Program Files (x86)\Speed Fix Tool\Splash.exe [2014-09-17] ()

Task: {6E15C536-3383-49F4-AD9C-C70C432C0C43} - System32\Tasks\Dodie Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)

Task: {7D75BAE9-DE7C-4A53-AF87-4564010064CB} - System32\Tasks\Dodie DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)

Task: {83FD2DC8-A8CB-4249-B29D-72639997553E} - System32\Tasks\avastBCLRestartS-1-5-21-1056878267-1787722111-3398097573-1000 => Chrome.exe 

Task: {B34FEF05-D80A-4B78-9EE6-266FDC657D4A} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)

Task: {D8A8AE17-4F1B-498F-B150-76EBAA35AAA5} - \Privacy Controls Startup No Task File <==== ATTENTION

Task: {DDB1BD5A-1DF8-49BE-9D5F-79593654590F} - \ParetoLogic Update Version3 No Task File <==== ATTENTION

Task: {E2337408-E541-483A-87C1-3B07B779D25F} - \Recovery Management\Burn Notification No Task File <==== ATTENTION

Task: {EA9A35C5-8E0F-4275-A398-E0450331184A} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2012-03-31] ()

Task: {F697669C-0FF5-4C07-A34C-9BD58AA91A37} - System32\Tasks\{37F7337B-9B36-4E08-BDD9-9F0470CE4B45} => pcalua.exe -a C:\Users\Dodie\Desktop\ScreenshotReader.exe -d C:\Users\Dodie\Desktop

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfb722a4311d9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d022ddf9b7ab58.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfb722abc7807.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d022ddf9ff14a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

Task: C:\Windows\Tasks\MainUIModule_AOL_Computer Checkup_{BDA49F87-1626-484F-AB5B-41EA29B28AD7}.job => C:\program files (x86)\aol computer checkup\sdcConta.exe

 

==================== Loaded Modules (whitelisted) =============

 

2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-03-31 22:00 - 2012-03-31 22:00 - 00170152 _____ () C:\ProgramData\HP Photo Creations\MessageCheck.exe

2014-04-25 02:54 - 2014-04-25 02:54 - 00087640 _____ () C:\Program Files (x86)\AOL Computer Checkup\taskPlugins\makBatteryLevelMonitorTask.dll

2014-04-25 02:54 - 2014-04-25 02:54 - 00440920 _____ () C:\Program Files (x86)\AOL Computer Checkup\taskPlugins\makiwaraDynamicContentDownloadTask.dll

2014-04-25 02:54 - 2014-04-25 02:54 - 00349272 _____ () C:\Program Files (x86)\AOL Computer Checkup\taskPlugins\makiwaraSubscriptionInfoFetcher.dll

2014-04-25 02:54 - 2014-04-25 02:54 - 00438872 _____ () C:\Program Files (x86)\AOL Computer Checkup\taskPlugins\makStartupManagerWatcherTask.dll

2015-01-01 11:48 - 2015-01-01 11:48 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\15010100\algo.dll

2015-01-01 19:43 - 2015-01-01 19:43 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010101\algo.dll

2015-01-02 18:57 - 2015-01-02 18:57 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010201\algo.dll

2010-05-24 18:16 - 2010-05-24 18:16 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll

2010-05-24 18:09 - 2010-05-24 18:09 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll

2014-12-28 11:16 - 2014-12-28 11:16 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-09-10 16:25 - 2014-09-10 16:25 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\dd49b882285401662f1addb58b7d0ce6\IsdiInterop.ni.dll

2010-07-23 00:40 - 2010-04-13 10:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2014-09-16 12:17 - 2014-09-16 12:17 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll

2014-09-16 12:17 - 2014-09-16 12:17 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libcef.dll

2014-09-16 12:17 - 2014-09-16 12:17 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libglesv2.dll

2014-09-16 12:17 - 2014-09-16 12:17 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libegl.dll

2014-12-28 14:39 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-28 14:39 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-28 14:39 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-28 14:39 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2014-12-28 14:39 - 2014-12-05 19:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Windows\SysWOW64\펨8뒈:lotserviceruntime.log

AlternateDataStreams: C:\ProgramData\Temp:612B5BD9

AlternateDataStreams: C:\ProgramData\Temp:EE9B88C9

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ssrang_supportdotcom => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: Seagate Dashboard Services => 2

MSCONFIG\Services: Seagate MobileBackup Service => 2

MSCONFIG\startupreg: DriverMax => "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent

MSCONFIG\startupreg: DriverMax_RESTART => "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART

MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-1056878267-1787722111-3398097573-500 - Administrator - Disabled)

Dodie (S-1-5-21-1056878267-1787722111-3398097573-1000 - Administrator - Enabled) => C:\Users\Dodie

Guest (S-1-5-21-1056878267-1787722111-3398097573-501 - Limited - Enabled)

HomeGroupUser$ (S-1-5-21-1056878267-1787722111-3398097573-1002 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

Name: Photosmart D110 series

Description: Photosmart D110 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Photosmart D110 series

Description: Photosmart D110 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Intel® Turbo Boost Technology Driver with Dynamic Power Performance Management PCH Filter Driver

Description: Intel® Turbo Boost Technology Driver with Dynamic Power Performance Management PCH Filter Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel

Service: Impcd

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/01/2015 11:16:23 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (01/01/2015 11:14:28 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/30/2014 08:22:01 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/30/2014 08:20:13 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/30/2014 04:32:12 PM) (Source: IAStorDataMgrSvc) (EventID: 0) (User: )

Description: Service cannot be started. The service process could not connect to the service controller

 

Error: (12/29/2014 11:16:00 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/29/2014 11:13:27 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/28/2014 06:00:03 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {11cc6946-fc02-41b1-a3ae-9ee38b2646ea}

 

Error: (12/28/2014 02:10:21 AM) (Source: System Restore) (EventID: 8211) (User: )

Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

 

Error: (12/28/2014 02:10:19 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

 

 

System errors:

=============

Error: (01/02/2015 06:54:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AOL Computer Checkup service.

 

Error: (01/02/2015 06:54:50 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {C332C124-340D-4430-AA0D-C75602876FCC}

 

Error: (01/02/2015 02:25:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee Platform Services service failed to start due to the following error: 

%%1053

 

Error: (01/02/2015 02:25:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

 

Error: (01/02/2015 02:25:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee Platform Services service failed to start due to the following error: 

%%1053

 

Error: (01/02/2015 02:25:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

 

Error: (01/02/2015 02:25:39 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7}

 

Error: (01/02/2015 01:21:00 PM) (Source: DCOM) (EventID: 10016) (User: Dodie-PC)

Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Dodie-PCDodieS-1-5-21-1056878267-1787722111-3398097573-1000LocalHost (Using LRPC)

 

Error: (01/02/2015 01:21:00 PM) (Source: DCOM) (EventID: 10016) (User: Dodie-PC)

Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Dodie-PCDodieS-1-5-21-1056878267-1787722111-3398097573-1000LocalHost (Using LRPC)

 

Error: (01/02/2015 01:36:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2014-10-16 18:59:51.253

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz

Percentage of memory in use: 86%

Total physical RAM: 2806.71 MB

Available physical RAM: 368.85 MB

Total Pagefile: 5611.6 MB

Available Pagefile: 1890.12 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: (Gateway) (Fixed) (Total:284.99 GB) (Free:175.51 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 540759D9)

Partition 1: (Not Active) - (Size=13 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 


 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)

 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 

Link 1
Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.


  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

 

STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

 

fixlist.txt

Link to post
Share on other sites

RE: The MBAM scan, MBAM is working fine, I can even view the log, but I cannot export it for some bizarre reason.  I can view the log fine but I cannot manipulate the window the show me the export button.  I don't believe it is the program at all, but rather the operator, ME.

 

The results of the log indicate no problems whatsoever.

 

I am going to go ahead to the next step.

Link to post
Share on other sites

The following is the fixlog.txt

As it says at the bottom, it needed to reboot.  Just for your information, there were no problems with the reboot.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03

Ran by Dodie at 2015-01-03 13:00:35 Run:1

Running from C:\Users\Dodie\Desktop

Loaded Profile: Dodie (Available profiles: Dodie & DefaultAppPool)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.aol.co..._it=clireset-ie

SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACGW

SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://search.condui...&ctid=CT2429397

SearchScopes: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...GW_enUS469US469

SearchScopes: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.c...n=1.2.1000.1(B)

SearchScopes: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> {B272CED0-C6A4-4BB1-99D7-A0A9942E08CB} URL = http://groovorio.com...=1856151474&ir=

SearchScopes: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> {E5840621-D7E0-428D-8B27-C1C56FF602AE} URL = http://search.aol.co..._it=clireset-ie

SearchScopes: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File

BHO-x32: No Name -> {7f0d2b4d-8224-4987-b8c8-311b59909a36} ->  No File

BHO-x32: No Name -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} ->  No File

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File

Toolbar: HKLM-x32 - No Name - {7f0d2b4d-8224-4987-b8c8-311b59909a36} -  No File

Toolbar: HKLM-x32 - No Name - {A531D99C-5A22-449b-83DA-872725C6D0ED} -  No File

Toolbar: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKU\S-1-5-21-1056878267-1787722111-3398097573-1000 -> No Name - {7F0D2B4D-8224-4987-B8C8-311B59909A36} -  No File

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

CHR StartupUrls: Default -> "hxxp://groovorio.com/?f=7&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0Dzyzz0D0D0EyByC0DyCyDtN0D0Tzu0StCtDyBtAtN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StCyB0EtCyC0BtA0CtG0EzytAyEtG0Czy0BtAtG0ByDtCyDtGyEtA0AtAzz0CtA0A0CtD0A0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CzztCtCtDyEyC0DtGyB0EyDyDtGyEyCyDzytGzz0AtAtBtGyE0B0CtCyE0A0F0DyE0E0B0E2Q&cr=1856151474&ir="

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path

C:\Users\Dodie\AOLComputerCheckupDM.exe

C:\Users\Dodie\install_flashplayer11x64ax_chra_aih.exe

C:\Users\Dodie\PS_AIO_07_D110_USW_Basic_Win_enu_140_126.exe

Task: {05FBC396-430B-45D8-A490-A2452913C272} - \RegCure Pro Startup No Task File <==== ATTENTION

Task: {087F71DE-6577-4309-B4E4-23BF85E9CBAC} - \ParetoLogic Update Version3_triggeronce No Task File <==== ATTENTION

Task: {11F3EB5B-1C33-423D-9906-71F589817B9F} - System32\Tasks\GoogleUpdateTaskMachineCore1d022ddf9b7ab58 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

Task: {168BF0A0-07CF-43E1-91A1-332B9F49F531} - System32\Tasks\GoogleUpdateTaskMachineUA1d022ddf9ff14a0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

Task: {17CA675F-782F-42FF-9FDD-D10DC791A0EC} - System32\Tasks\GoogleUpdateTaskMachineUA1cfb722abc7807 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

Task: {1855966C-FB3B-4379-9C56-A09E3F5D7DE3} - \ParetoLogic Update Version3 Startup Task No Task File <==== ATTENTION

Task: {1ED3A984-3244-400B-A7AC-A41E93D1FED4} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe [2014-12-17] (Innovative Solutions)

Task: {34F2F4A4-4981-45F1-BC84-906A2D7BB0E4} - \Privacy Controls_{A973111A-48D6-11E4-AEAC-00038A000015} No Task File <==== ATTENTION

Task: {3C5F3FD2-14D4-49E3-B1BF-FABEEF341792} - System32\Tasks\GoogleUpdateTaskMachineCore1cfb722a4311d9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

Task: {4819F9FF-5CDA-4B05-9806-CFA244EA0585} - \ParetoLogic Registration3 No Task File <==== ATTENTION

Task: {4FAD52B8-D755-46E9-AC34-734B27D8F075} - \RegCure Pro_sch_3CDCE6F9-48D1-11E4-AEAC-00038A000015 No Task File <==== ATTENTION

Task: {546202F9-EF29-41D4-8486-71F68CBC7B34} - System32\Tasks\SpeedFixTool_Popup => C:\Program Files (x86)\Speed Fix Tool\Splash.exe [2014-09-17] ()

Task: {83FD2DC8-A8CB-4249-B29D-72639997553E} - System32\Tasks\avastBCLRestartS-1-5-21-1056878267-1787722111-3398097573-1000 => Chrome.exe 

Task: {D8A8AE17-4F1B-498F-B150-76EBAA35AAA5} - \Privacy Controls Startup No Task File <==== ATTENTION

Task: {DDB1BD5A-1DF8-49BE-9D5F-79593654590F} - \ParetoLogic Update Version3 No Task File <==== ATTENTION

Task: {E2337408-E541-483A-87C1-3B07B779D25F} - \Recovery Management\Burn Notification No Task File <==== ATTENTION

Task: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfb722a4311d9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d022ddf9b7ab58.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfb722abc7807.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d022ddf9ff14a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Windows\SysWOW64\?8?:lotserviceruntime.log

AlternateDataStreams: C:\ProgramData\Temp:612B5BD9

AlternateDataStreams: C:\ProgramData\Temp:EE9B88C9

EmptyTemp:

Reboot:

 

*****************

 

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.

C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.

HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7f0d2b4d-8224-4987-b8c8-311b59909a36} => value deleted successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.

HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found. 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1C725617-C489-43B3-9188-4B3AC0C7823D}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{1C725617-C489-43B3-9188-4B3AC0C7823D} => Key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found. 

HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{643E0B63-18C8-4655-9AD0-4230DF3BCBDF}" => Key deleted successfully.

HKCR\CLSID\{643E0B63-18C8-4655-9AD0-4230DF3BCBDF} => Key not found. 

"HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.

HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found. 

"HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}" => Key deleted successfully.

HKCR\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED} => Key not found. 

"HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B272CED0-C6A4-4BB1-99D7-A0A9942E08CB}" => Key deleted successfully.

HKCR\CLSID\{B272CED0-C6A4-4BB1-99D7-A0A9942E08CB} => Key not found. 

"HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5840621-D7E0-428D-8B27-C1C56FF602AE}" => Key deleted successfully.

HKCR\CLSID\{E5840621-D7E0-428D-8B27-C1C56FF602AE} => Key not found. 

"HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully.

HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f0d2b4d-8224-4987-b8c8-311b59909a36}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{7f0d2b4d-8224-4987-b8c8-311b59909a36} => Key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} => Key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key not found. 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7f0d2b4d-8224-4987-b8c8-311b59909a36} => value deleted successfully.

HKCR\Wow6432Node\CLSID\{7f0d2b4d-8224-4987-b8c8-311b59909a36} => Key not found. 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} => value deleted successfully.

HKCR\Wow6432Node\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED} => Key not found. 

HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 

HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7F0D2B4D-8224-4987-B8C8-311B59909A36} => value deleted successfully.

HKCR\CLSID\{7F0D2B4D-8224-4987-B8C8-311B59909A36} => Key not found. 

"HKCR\PROTOCOLS\Handler\dssrequest" => Key deleted successfully.

HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found. 

"HKCR\Wow6432Node\PROTOCOLS\Handler\msnim" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{828030A1-22C1-4009-854F-8E305202313F}" => Key deleted successfully.

Chrome StartupUrls deleted successfully.

Chrome DefaultSuggestURL deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.

C:\Users\Dodie\AOLComputerCheckupDM.exe => Moved successfully.

C:\Users\Dodie\install_flashplayer11x64ax_chra_aih.exe => Moved successfully.

C:\Users\Dodie\PS_AIO_07_D110_USW_Basic_Win_enu_140_126.exe => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05FBC396-430B-45D8-A490-A2452913C272}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05FBC396-430B-45D8-A490-A2452913C272}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegCure Pro Startup" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{087F71DE-6577-4309-B4E4-23BF85E9CBAC}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{087F71DE-6577-4309-B4E4-23BF85E9CBAC}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version3_triggeronce" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11F3EB5B-1C33-423D-9906-71F589817B9F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11F3EB5B-1C33-423D-9906-71F589817B9F}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d022ddf9b7ab58 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1d022ddf9b7ab58" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{168BF0A0-07CF-43E1-91A1-332B9F49F531}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{168BF0A0-07CF-43E1-91A1-332B9F49F531}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d022ddf9ff14a0 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d022ddf9ff14a0" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17CA675F-782F-42FF-9FDD-D10DC791A0EC}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17CA675F-782F-42FF-9FDD-D10DC791A0EC}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfb722abc7807 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1cfb722abc7807" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1855966C-FB3B-4379-9C56-A09E3F5D7DE3}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1855966C-FB3B-4379-9C56-A09E3F5D7DE3}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version3 Startup Task" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1ED3A984-3244-400B-A7AC-A41E93D1FED4}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ED3A984-3244-400B-A7AC-A41E93D1FED4}" => Key deleted successfully.

C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Application Starter - f1375f225883e83d52e8db9690775c3c" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34F2F4A4-4981-45F1-BC84-906A2D7BB0E4}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34F2F4A4-4981-45F1-BC84-906A2D7BB0E4}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Privacy Controls_{A973111A-48D6-11E4-AEAC-00038A000015}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C5F3FD2-14D4-49E3-B1BF-FABEEF341792}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C5F3FD2-14D4-49E3-B1BF-FABEEF341792}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cfb722a4311d9 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1cfb722a4311d9" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4819F9FF-5CDA-4B05-9806-CFA244EA0585}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4819F9FF-5CDA-4B05-9806-CFA244EA0585}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Registration3" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FAD52B8-D755-46E9-AC34-734B27D8F075}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FAD52B8-D755-46E9-AC34-734B27D8F075}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegCure Pro_sch_3CDCE6F9-48D1-11E4-AEAC-00038A000015" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{546202F9-EF29-41D4-8486-71F68CBC7B34}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{546202F9-EF29-41D4-8486-71F68CBC7B34}" => Key deleted successfully.

C:\Windows\System32\Tasks\SpeedFixTool_Popup => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedFixTool_Popup" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83FD2DC8-A8CB-4249-B29D-72639997553E}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83FD2DC8-A8CB-4249-B29D-72639997553E}" => Key deleted successfully.

C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1056878267-1787722111-3398097573-1000 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-1056878267-1787722111-3398097573-1000" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8A8AE17-4F1B-498F-B150-76EBAA35AAA5}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8A8AE17-4F1B-498F-B150-76EBAA35AAA5}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Privacy Controls Startup" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDB1BD5A-1DF8-49BE-9D5F-79593654590F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDB1BD5A-1DF8-49BE-9D5F-79593654590F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version3" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2337408-E541-483A-87C1-3B07B779D25F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2337408-E541-483A-87C1-3B07B779D25F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Recovery Management\Burn Notification" => Key deleted successfully.

C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfb722a4311d9.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d022ddf9b7ab58.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfb722abc7807.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d022ddf9ff14a0.job => Moved successfully.

"C:\Windows\SysWOW64\?8?" => ":lotserviceruntime.log" ADS not found.

C:\ProgramData\Temp => ":612B5BD9" ADS removed successfully.

C:\ProgramData\Temp => ":EE9B88C9" ADS removed successfully.

EmptyTemp: => Removed 347 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 13:01:10 ====

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

Here's the log.  Going on to the next step.

I hope you are not being overwhelmed, if so, let me know, and I can wait.

 

Thanks again!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 7 Home Premium x64

Ran by Dodie on Sun 01/04/2015 at 20:54:05.99

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [service] alotservice 

Successfully deleted: [service] alotservice 

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2429397

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2429397

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Windows\wininit.ini"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"

Successfully deleted: [Folder] "C:\ProgramData\partner"

Successfully deleted: [Folder] "C:\ProgramData\viewpoint"

Successfully deleted: [Folder] "C:\Users\Dodie\AppData\Roaming\drivercure"

Successfully deleted: [Folder] "C:\Users\Dodie\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Dodie\appdata\local\search extensions"

Successfully deleted: [Folder] "C:\Users\Dodie\appdata\locallow\alotappbar"

Successfully deleted: [Folder] "C:\Users\Dodie\appdata\locallow\alotservice"

Successfully deleted: [Folder] "C:\Users\Dodie\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\alotappbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

Successfully deleted: [Folder] "C:\Program Files (x86)\viewpoint"

Successfully deleted: [Folder] "C:\Users\Dodie\documents\optimizer pro"

 

 

 

~~~ FireFox

 

Successfully deleted: [Folder] C:\Users\Dodie\AppData\Roaming\mozilla\firefox\profiles\a3jmxa1j.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

Successfully deleted the following from C:\Users\Dodie\AppData\Roaming\mozilla\firefox\profiles\a3jmxa1j.default\prefs.js

 

user_pref("aol_toolbar.curtain.congrats", "none");

user_pref("aol_toolbar.firsttime.showwindow", false);

user_pref("aol_toolbar.guid", "{928D292C-2B54-CDE9-801D-69995F1EC271}");

user_pref("aol_toolbar.historybutton.enabled", true);

user_pref("aol_toolbar.homepageprotection.enabled", false);

user_pref("aol_toolbar.install.distroid", "aol");

user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.10054");

user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000015");

user_pref("aol_toolbar.install.sethomepage", "0");

user_pref("aol_toolbar.install.setnewtab", "0");

user_pref("aol_toolbar.install.setsearch", "0");

user_pref("aol_toolbar.install.type", "new");

user_pref("aol_toolbar.metrics.originalDate", "28");

user_pref("aol_toolbar.metrics.originalHours", "6");

user_pref("aol_toolbar.metrics.originalMinutes", "0");

user_pref("aol_toolbar.metrics.originalMonth", "12");

user_pref("aol_toolbar.metrics.originalSeconds", "0");

user_pref("aol_toolbar.metrics.originalYear", "2014");

user_pref("aol_toolbar.presethomepage", "abouthome");

user_pref("aol_toolbar.presetnewtab", "about:newtab");

user_pref("aol_toolbar.presetsearch", "Secure Search");

user_pref("aol_toolbar.search.cid", "28-12-2014");

user_pref("aol_toolbar.search.instd", "20120306160125556");

user_pref("aol_toolbar.search.oid", "28-12-2014");

user_pref("aol_toolbar.search.savehistory", false);

user_pref("aol_toolbar.search.searchtype", "web");

user_pref("aol_toolbar.search.source", "tb50-aol.rTB50CL-ff");

user_pref("aol_toolbar.searchprotection.enabled", false);

user_pref("aol_toolbar.skin.custom", false);

user_pref("aol_toolbar.upgrade.showwindow", false);

user_pref("aol_toolbar.welcome.new.display", "");

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 01/04/2015 at 21:01:03.07

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

 AdwCleaner v4.106 - Report created 05/01/2015 at 08:26:19

# Updated 21/12/2014 by Xplode

# Database : 2015-01-03.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Dodie - DODIE-PC

# Running from : C:\Users\Dodie\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\ParetoLogic

Folder Deleted : C:\Users\Dodie\AppData\Local\PackageAware

Folder Deleted : C:\Users\Dodie\AppData\Roaming\DigitalSites

Folder Deleted : C:\Users\Dodie\AppData\Roaming\ParetoLogic

Folder Deleted : C:\Users\Dodie\AppData\Roaming\RHEng

Folder Deleted : C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

File Deleted : C:\alotserviceruntime.log

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4CC9-B2B4-C546BCCF8706}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA021789-C8CD-4676-BC40-90077A19D5CD}

Key Deleted : HKCU\Software\alotservice

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\Tbccint_HKLM

Key Deleted : HKCU\Software\StormWatch

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\alotAppbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\MetaStream

Key Deleted : HKLM\SOFTWARE\ParetoLogic

Key Deleted : HKLM\SOFTWARE\Viewpoint

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Mozilla Firefox v30.0 (en-US)

 

 

-\\ Google Chrome v39.0.2171.95

 

 

*************************

 

AdwCleaner[R0].txt - [5386 octets] - [05/01/2015 08:17:51]

AdwCleaner[s0].txt - [5087 octets] - [05/01/2015 08:26:19]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5147 octets] ##########
Link to post
Share on other sites

This is the first scan I ran.

 

C:\AdwCleaner\Quarantine\C\Users\Dodie\AppData\Roaming\RHEng\C78BF83A25B7484DB12A2F7880D1708A\speedupmypc-US-p2v5.exe.vir Win32/SpeedUpMyPC.A potentially unwanted application No action

C:\C\Users\Dodie\Desktop\The_Genealogy_Gems_Podcast.exe Win32/Toolbar.Conduit potentially unwanted application No action

C:\Program Files (x86)\The_Genealogy_Gems_Podcast\ldrtbThe_.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application No action

C:\Program Files (x86)\The_Genealogy_Gems_Podcast\prxtbThe_.dll Win32/Toolbar.Conduit.O potentially unwanted application No action

C:\Program Files (x86)\The_Genealogy_Gems_Podcast\tbThe_.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application No action

C:\Program Files (x86)\The_Genealogy_Gems_Podcast\The_Genealogy_Gems_PodcastToolbarHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted application No action

C:\Users\Dodie\AppData\LocalLow\The_Genealogy_Gems_Podcast\hk64tbThe0.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application No action

C:\Users\Dodie\AppData\LocalLow\The_Genealogy_Gems_Podcast\hktbThe0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application No action

C:\Users\Dodie\AppData\LocalLow\The_Genealogy_Gems_Podcast\ldrtbThe_.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application No action

C:\Users\Dodie\AppData\LocalLow\The_Genealogy_Gems_Podcast\tbThe0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application No action

C:\Users\Dodie\AppData\LocalLow\The_Genealogy_Gems_Podcast\tbThe1.dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application No action

C:\Users\Dodie\AppData\LocalLow\The_Genealogy_Gems_Podcast\tbThe_.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application No action

C:\Users\Dodie\Downloads\Free_Download_Setup.exe a variant of Win32/InstallCore.QV potentially unwanted application No action

 

 

This is the second scan I ran.

 


C:\Program Files (x86)\AOL Computer Checkup\downloads\PCPowerCare.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\Dodie\AppData\LocalLow\The_Genealogy_Gems_Podcast\ldrtbThe_.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\Users\Dodie\Downloads\drivermax_7_47_cnet.exe a variant of Win32/OpenCandy.C potentially unsafe application

 

Link to post
Share on other sites

  • Root Admin

Please delete or remove all items found by the ESET scan except the one from here:  C:\AdwCleaner\Quarantine\.....

 

 

How is the computer running now?

Are there still any signs of an infection?

 

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

Addition.txtOk, will do.

 

The following is the FIRST.txt from the most recent scan.  Attached is the Addition.txt.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03

Ran by Dodie (administrator) on DODIE-PC on 06-01-2015 00:32:45

Running from C:\Users\Dodie\Desktop

Loaded Profile: Dodie (Available profiles: Dodie & DefaultAppPool)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Support.com, Inc.) C:\Program Files (x86)\AOL Computer Checkup\sdcService.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(ABBYY) C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(ABBYY) C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenshotReader.exe

(Support.com, Inc.) C:\Program Files (x86)\AOL Computer Checkup\sdcCont.exe

(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1403890630\ee\aolsoftware.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe

(Microsoft Corporation) C:\Windows\System32\CISVC.EXE

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE

(Microsoft Corporation) C:\Windows\System32\snmp.exe

(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)

HKLM-x32\...\Run: [MakiwaraNotify] => C:\Program Files (x86)\AOL Computer Checkup\sdccont.exe [84056 2014-04-25] (Support.com, Inc.)

HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1403890630\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-28] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\...\Run: [ABBYY Screenshot Reader Retail] => C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenshotReader.exe [959752 2009-10-26] (ABBYY)

HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [72296 2014-09-16] (AOL Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDCDisabled ()

Startup: C:\Users\Dodie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File

Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Dodie\AppData\Roaming\Mozilla\Firefox\Profiles\a3jmxa1j.default

FF DefaultSearchEngine: Google (avast)

FF SearchEngineOrder.1: Google (avast)

FF SelectedSearchEngine: Google (avast)




FF NewTab: about:newtab

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Dodie\AppData\Roaming\Mozilla\Firefox\Profiles\a3jmxa1j.default\searchplugins\aolsearch.xml

FF SearchPlugin: C:\Users\Dodie\AppData\Roaming\Mozilla\Firefox\Profiles\a3jmxa1j.default\searchplugins\google-avast.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\aolsearch.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-31]

FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore

FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014-12-03]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-28]

FF HKU\S-1-5-21-1056878267-1787722111-3398097573-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: No Name - C:\Users\Dodie\AppData\Roaming\Mozilla\Firefox\Profiles\a3jmxa1j.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [Not Found]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.my.aol.com/

CHR Profile: C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-13]

CHR Extension: (Google Drive) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-13]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]

CHR Extension: (YouTube) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-05]

CHR Extension: (Google Search) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-05]

CHR Extension: (Avast Online Security) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-28]

CHR Extension: (Google Wallet) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-27]

CHR Extension: (Gmail) - C:\Users\Dodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-05]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-28]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0; C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)

R2 AOL Computer Checkup; C:\Program Files (x86)\AOL Computer Checkup\SDCService.exe [586840 2014-04-25] (Support.com, Inc.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-28] (AVAST Software)

S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]

U2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)

R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S4 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)

S4 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)

R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)

R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)

R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)

S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [116224 2009-10-14] (WDC) [File not signed]

R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]

S2 0083101417646986mcinstcleanup; C:\Windows\TEMP\008310~1.EXE -cleanup -nolog [X]

S2 ssrang_supportdotcom; "C:\Program Files (x86)\supportdotcom\rang\ssrangsv.exe" -service "-provider" "supportdotcom" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-08-19] (SlySoft, Inc.)

R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138872 2011-08-19] (SlySoft, Inc.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-28] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-28] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-28] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-28] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-28] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-28] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-28] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-28] ()

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)

R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)

R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-09-18] (ESET)

S3 EtmDevPch; C:\Windows\System32\DRIVERS\EtmDevPch.sys [67392 2012-10-13] (Intel Corporation)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-05] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)

R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation)

R3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-06 00:25 - 2015-01-06 00:25 - 00000397 _____ () C:\Users\Dodie\Desktop\ESET.txt

2015-01-05 21:42 - 2015-01-05 21:42 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-05 21:27 - 2015-01-05 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-01-05 21:25 - 2015-01-05 21:27 - 00001929 _____ () C:\Users\Dodie\Desktop\Nod32.txt

2015-01-05 21:25 - 2015-01-05 21:25 - 00000000 ____D () C:\Users\Dodie\AppData\Local\ESET

2015-01-05 12:11 - 2015-01-05 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET

2015-01-05 12:11 - 2015-01-05 12:11 - 00000000 ____D () C:\ProgramData\ESET

2015-01-05 12:11 - 2015-01-05 12:11 - 00000000 ____D () C:\Program Files\ESET

2015-01-05 11:58 - 2015-01-05 12:02 - 73412608 _____ () C:\Users\Dodie\Downloads\eav_nt64_enu.msi

2015-01-05 11:56 - 2015-01-05 11:56 - 02347384 _____ (ESET) C:\Users\Dodie\Downloads\esetsmartinstaller_enu.exe

2015-01-05 08:17 - 2015-01-05 08:26 - 00000000 ____D () C:\AdwCleaner

2015-01-05 08:13 - 2015-01-05 08:13 - 02173952 _____ () C:\Users\Dodie\Desktop\AdwCleaner.exe

2015-01-04 21:01 - 2015-01-04 21:01 - 00004447 _____ () C:\Users\Dodie\Desktop\JRT.txt

2015-01-04 20:54 - 2015-01-04 20:54 - 00000000 ____D () C:\Windows\ERUNT

2015-01-04 20:49 - 2015-01-04 20:50 - 01707939 _____ (Thisisu) C:\Users\Dodie\Desktop\JRT.exe

2015-01-03 13:48 - 2015-01-03 13:48 - 00008200 _____ () C:\Users\Dodie\Downloads\fixlist (1).txt

2015-01-03 12:59 - 2015-01-03 12:59 - 00008200 _____ () C:\Users\Dodie\Downloads\fixlist.txt

2015-01-02 23:03 - 2015-01-03 13:30 - 00000000 ____D () C:\Windows\ERDNT

2015-01-02 23:01 - 2015-01-02 23:02 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2015-01-02 23:01 - 2015-01-02 23:01 - 00000935 _____ () C:\Users\Dodie\Desktop\NTREGOPT.lnk

2015-01-02 23:01 - 2015-01-02 23:01 - 00000916 _____ () C:\Users\Dodie\Desktop\ERUNT.lnk

2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2015-01-02 22:59 - 2015-01-02 22:59 - 00791393 _____ (Lars Hederer ) C:\Users\Dodie\Desktop\erunt-setup.exe

2015-01-02 22:55 - 2015-01-02 22:57 - 00002294 _____ () C:\Users\Dodie\Desktop\Rkill.txt

2015-01-02 22:54 - 2015-01-02 22:54 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Dodie\Desktop\rkill.exe

2015-01-02 19:06 - 2015-01-02 19:11 - 00033984 _____ () C:\Users\Dodie\Desktop\Addition.txt

2015-01-02 19:03 - 2015-01-06 00:33 - 00020549 _____ () C:\Users\Dodie\Desktop\FRST.txt

2015-01-02 19:01 - 2015-01-03 13:00 - 00000000 ____D () C:\Users\Dodie\Desktop\FRST-OlderVersion

2015-01-02 13:22 - 2015-01-02 13:22 - 00093968 _____ () C:\Users\Dodie\Downloads\bookmarks (1).html

2015-01-02 13:13 - 2015-01-02 13:13 - 00141615 _____ () C:\Users\Dodie\Documents\Favorite Places 2.pfc

2015-01-02 13:07 - 2015-01-02 13:07 - 00093968 _____ () C:\Users\Dodie\Downloads\bookmarks.html

2015-01-02 12:58 - 2015-01-02 12:58 - 00000000 __SHD () C:\Users\Dodie\AppData\Local\EmieBrowserModeList

2014-12-29 10:06 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-29 10:06 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-28 15:05 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-28 15:05 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-28 14:08 - 2012-10-13 07:08 - 00165952 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys

2014-12-28 14:08 - 2012-10-13 07:08 - 00067392 _____ (Intel Corporation) C:\Windows\system32\Drivers\EtmDevPch.sys

2014-12-28 13:49 - 2014-12-28 13:49 - 00000000 _____ () C:\Windows\SysWOW64\枈lotserviceruntime.log

2014-12-28 13:44 - 2014-12-28 14:08 - 00011058 _____ () C:\Windows\DPINST.LOG

2014-12-28 13:43 - 2014-12-28 13:43 - 00510496 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe

2014-12-28 13:43 - 2013-03-11 15:51 - 00384904 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll

2014-12-28 13:43 - 2013-03-11 15:51 - 00384832 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll

2014-12-28 13:43 - 2013-03-11 15:51 - 00104792 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll

2014-12-28 13:43 - 2013-03-11 15:51 - 00104720 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll

2014-12-28 13:43 - 2013-03-11 15:50 - 00034824 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll

2014-12-28 13:43 - 2012-11-27 00:35 - 00017448 _____ () C:\Windows\system32\iglhxs64.vp

2014-12-28 13:43 - 2012-11-27 00:31 - 00418336 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe

2014-12-28 13:43 - 2012-11-27 00:31 - 00240672 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe

2014-12-28 13:43 - 2012-11-27 00:31 - 00168480 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe

2014-12-28 13:43 - 2012-11-27 00:30 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2858.dll

2014-12-28 13:43 - 2012-11-27 00:00 - 00287232 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00287232 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00287232 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00285696 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00285696 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00285184 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00285184 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00283648 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00283136 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc

2014-12-28 13:43 - 2012-11-27 00:00 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl

2014-12-28 13:43 - 2012-11-26 23:59 - 00390144 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll

2014-12-28 13:43 - 2012-11-26 23:59 - 00378368 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll

2014-12-28 13:43 - 2012-11-26 23:59 - 00376320 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll

2014-12-28 13:43 - 2012-11-26 23:59 - 00062464 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll

2014-12-28 13:43 - 2012-11-26 23:59 - 00004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll

2014-12-28 13:43 - 2012-11-26 23:58 - 09014784 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll

2014-12-28 13:43 - 2012-11-26 23:58 - 00285696 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc

2014-12-28 13:43 - 2012-11-26 23:58 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll

2014-12-28 13:43 - 2012-11-26 23:56 - 00293888 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll

2014-12-28 13:43 - 2012-11-26 23:56 - 00024576 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll

2014-12-28 13:43 - 2012-11-26 23:54 - 00246784 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll

2014-12-28 13:43 - 2012-11-26 23:54 - 00219136 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll

2014-12-28 13:42 - 2013-03-11 15:50 - 08369024 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll

2014-12-28 13:42 - 2013-03-11 15:50 - 04834040 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll

2014-12-28 13:42 - 2012-11-27 00:31 - 04379680 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe

2014-12-28 13:42 - 2012-11-27 00:31 - 00393760 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe

2014-12-28 13:42 - 2012-11-27 00:26 - 12311776 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys

2014-12-28 13:42 - 2012-11-27 00:07 - 18664960 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll

2014-12-28 13:42 - 2012-11-27 00:03 - 13913600 _____ () C:\Windows\SysWOW64\ig4icd32.dll

2014-12-28 13:42 - 2012-11-27 00:00 - 00211303 _____ () C:\Windows\system32\Gfxres.th-TH.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00182706 _____ () C:\Windows\system32\Gfxres.ru-RU.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00153167 _____ () C:\Windows\system32\Gfxres.ja-JP.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00140216 _____ () C:\Windows\system32\Gfxres.it-IT.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00138727 _____ () C:\Windows\system32\Gfxres.ko-KR.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00136603 _____ () C:\Windows\system32\Gfxres.ro-RO.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00135370 _____ () C:\Windows\system32\Gfxres.tr-TR.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00134836 _____ () C:\Windows\system32\Gfxres.pt-BR.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00134412 _____ () C:\Windows\system32\Gfxres.nl-NL.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00134384 _____ () C:\Windows\system32\Gfxres.hu-HU.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00133846 _____ () C:\Windows\system32\Gfxres.sv-SE.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00133709 _____ () C:\Windows\system32\Gfxres.pt-PT.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00133178 _____ () C:\Windows\system32\Gfxres.pl-PL.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00132788 _____ () C:\Windows\system32\Gfxres.sk-SK.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00131839 _____ () C:\Windows\system32\Gfxres.hr-HR.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00128996 _____ () C:\Windows\system32\Gfxres.sl-SI.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00128831 _____ () C:\Windows\system32\Gfxres.nb-NO.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00117636 _____ () C:\Windows\system32\Gfxres.zh-TW.resources

2014-12-28 13:42 - 2012-11-27 00:00 - 00116348 _____ () C:\Windows\system32\Gfxres.zh-CN.resources

2014-12-28 13:42 - 2012-11-26 23:59 - 00146432 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll

2014-12-28 13:42 - 2012-11-26 23:59 - 00110080 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll

2014-12-28 13:42 - 2012-11-26 23:54 - 02780160 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll

2014-12-28 13:42 - 2012-11-26 23:54 - 02191872 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll

2014-12-28 13:41 - 2012-11-27 00:31 - 00185376 _____ (Intel Corporation) C:\Windows\system32\difx64.exe

2014-12-28 13:41 - 2012-11-27 00:00 - 00198139 _____ () C:\Windows\system32\Gfxres.el-GR.resources

2014-12-28 13:41 - 2012-11-27 00:00 - 00156233 _____ () C:\Windows\system32\Gfxres.ar-SA.resources

2014-12-28 13:41 - 2012-11-27 00:00 - 00149009 _____ () C:\Windows\system32\Gfxres.he-IL.resources

2014-12-28 13:41 - 2012-11-27 00:00 - 00137846 _____ () C:\Windows\system32\Gfxres.de-DE.resources

2014-12-28 13:41 - 2012-11-27 00:00 - 00137668 _____ () C:\Windows\system32\Gfxres.es-ES.resources

2014-12-28 13:41 - 2012-11-27 00:00 - 00135628 _____ () C:\Windows\system32\Gfxres.fr-FR.resources

2014-12-28 13:41 - 2012-11-27 00:00 - 00133404 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources

2014-12-28 13:41 - 2012-11-27 00:00 - 00132889 _____ () C:\Windows\system32\Gfxres.fi-FI.resources

2014-12-28 13:41 - 2012-11-27 00:00 - 00128535 _____ () C:\Windows\system32\Gfxres.da-DK.resources

2014-12-28 13:41 - 2012-11-27 00:00 - 00124052 _____ () C:\Windows\system32\Gfxres.en-US.resources

2014-12-28 13:28 - 2014-12-28 13:28 - 00001245 _____ () C:\Users\Dodie\Desktop\DriverMax.lnk

2014-12-28 13:28 - 2014-12-28 13:28 - 00000000 ____D () C:\Users\Dodie\AppData\Roaming\Innovative Solutions

2014-12-28 13:28 - 2014-12-28 13:28 - 00000000 ____D () C:\Users\Dodie\AppData\Local\Innovative Solutions

2014-12-28 13:28 - 2014-12-28 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax

2014-12-28 13:28 - 2014-12-28 13:28 - 00000000 ____D () C:\Program Files (x86)\Innovative Solutions

2014-12-28 13:24 - 2014-12-28 13:25 - 05714824 _____ (Innovative Solutions ) C:\Users\Dodie\Downloads\drivermax_7_47_cnet.exe

2014-12-28 13:05 - 2014-12-28 13:05 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2014-12-28 13:05 - 2014-12-28 13:05 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2014-12-28 11:35 - 2014-12-28 11:35 - 00000112 _____ () C:\INSTALLHELPER.LOG

2014-12-28 11:29 - 2014-12-28 11:29 - 00000000 ____D () C:\Users\Dodie\AppData\Roaming\Dropbox

2014-12-28 11:18 - 2014-12-28 11:18 - 00000000 ____D () C:\Users\Dodie\AppData\Roaming\AVAST Software

2014-12-28 11:17 - 2014-12-28 11:17 - 00001971 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2014-12-28 11:17 - 2014-12-28 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2014-12-28 11:16 - 2015-01-05 08:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-12-28 11:16 - 2014-12-28 11:17 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2014-12-28 11:16 - 2014-12-28 11:16 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-12-28 11:16 - 2014-12-28 11:16 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-12-28 11:16 - 2014-12-28 11:16 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-12-28 11:16 - 2014-12-28 11:16 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-12-28 11:16 - 2014-12-28 11:16 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-12-28 11:16 - 2014-12-28 11:16 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-12-28 11:16 - 2014-12-28 11:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-12-28 11:16 - 2014-12-28 11:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-12-28 11:16 - 2014-12-28 11:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-12-28 11:10 - 2014-12-28 11:10 - 00000000 ____D () C:\Program Files\AVAST Software

2014-12-28 11:09 - 2014-12-28 11:10 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-12-28 11:08 - 2014-12-28 11:09 - 05006864 _____ (AVAST Software) C:\Users\Dodie\Downloads\avast_free_antivirus_setup_online.exe

2014-12-28 00:24 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-28 00:24 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-28 00:24 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-28 00:24 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-28 00:24 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-28 00:24 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-28 00:24 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-28 00:24 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-28 00:24 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-28 00:24 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-28 00:24 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-28 00:24 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-28 00:24 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-28 00:24 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-28 00:24 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-28 00:24 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-28 00:24 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-28 00:24 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-28 00:24 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-28 00:24 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-28 00:24 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-28 00:24 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-28 00:24 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-28 00:24 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-28 00:24 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-28 00:24 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-28 00:24 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-28 00:24 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-28 00:24 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-28 00:24 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-28 00:24 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-28 00:24 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-28 00:24 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-28 00:24 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-28 00:24 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-28 00:24 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-28 00:24 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-28 00:24 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-28 00:24 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-28 00:24 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-28 00:24 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-28 00:24 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-28 00:24 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-28 00:24 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-28 00:24 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-28 00:23 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-28 00:23 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-28 00:23 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-28 00:23 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-28 00:23 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-28 00:23 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-28 00:23 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-28 00:23 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-28 00:23 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-28 00:23 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-28 00:23 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-28 00:23 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-28 00:22 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-28 00:22 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-28 00:21 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-28 00:21 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-28 00:21 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-28 00:21 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-28 00:21 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-28 00:21 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-28 00:21 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-28 00:21 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-28 00:21 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-28 00:21 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-28 00:21 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-28 00:21 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-28 00:15 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-12-28 00:15 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-12-28 00:15 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-12-28 00:15 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-12-28 00:15 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-12-28 00:15 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-12-28 00:15 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-12-28 00:15 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-12-28 00:15 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-12-28 00:15 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-12-28 00:15 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-12-28 00:15 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-12-28 00:14 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-12-28 00:13 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-12-28 00:13 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-12-28 00:02 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-12-28 00:02 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2014-12-28 00:02 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-12-28 00:02 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2014-12-28 00:02 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2014-12-28 00:02 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-12-28 00:02 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-12-28 00:02 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-12-28 00:02 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-12-28 00:02 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

2014-12-28 00:02 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

2014-12-28 00:01 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-12-28 00:01 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-12-28 00:01 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-12-28 00:01 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-12-28 00:01 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-12-28 00:01 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-12-28 00:01 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2014-12-28 00:01 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2014-12-28 00:01 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-12-28 00:01 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-12-28 00:01 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-12-28 00:01 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-12-28 00:01 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-12-28 00:01 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-12-28 00:01 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-12-28 00:01 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-12-28 00:01 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-12-28 00:01 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-12-28 00:01 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-12-28 00:01 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-12-27 21:35 - 2014-12-27 21:36 - 18423384 _____ () C:\Users\Dodie\Downloads\RogueKillerX64.exe

2014-12-27 19:43 - 2014-12-27 19:44 - 00037205 _____ () C:\Users\Dodie\Downloads\Addition.txt

2014-12-27 19:43 - 2014-12-27 19:44 - 00034952 _____ () C:\Users\Dodie\Downloads\FRST.txt

2014-12-22 20:02 - 2014-12-22 20:02 - 00041984 _____ () C:\Users\Dodie\Downloads\2014_Meds (1).xls

2014-12-22 20:00 - 2014-12-22 20:00 - 00041984 _____ () C:\Users\Dodie\Downloads\2014_Meds.xls

2014-12-13 17:24 - 2014-12-13 17:24 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers

2014-12-13 17:22 - 2014-12-13 17:22 - 00834424 _____ (SlimWare Utilities, Inc.) C:\Users\Dodie\Downloads\DriverUpdate-setup.exe

2014-12-13 16:58 - 2014-12-27 19:43 - 00000000 ____D () C:\Users\Dodie\Downloads\FRST-OlderVersion

2014-12-11 15:50 - 2014-12-11 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-12-11 15:42 - 2014-12-11 16:06 - 00000000 ____D () C:\Users\Dodie\Downloads\mbar

2014-12-11 15:40 - 2014-12-11 15:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Dodie\Downloads\mbar-1.08.2.1001.exe

2014-12-10 16:30 - 2014-12-10 16:30 - 04707328 _____ () C:\Users\Dodie\Downloads\RogueKiller (1).exe

2014-12-10 16:27 - 2014-12-10 16:27 - 04707328 _____ () C:\Users\Dodie\Downloads\RogueKiller.exe

2014-12-10 16:27 - 2014-12-10 16:27 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-12-09 20:08 - 2014-12-09 21:47 - 00000000 ____D () C:\Users\Dodie\AppData\Local\ICSharpCode.net

2014-12-09 19:35 - 2014-12-28 11:43 - 00000000 ____D () C:\Users\Dodie\Desktop\ALL DESKTOP FOLDERS

2014-12-09 18:56 - 2015-01-06 00:32 - 00000000 ____D () C:\FRST

2014-12-09 18:56 - 2015-01-03 13:00 - 02123776 _____ (Farbar) C:\Users\Dodie\Desktop\FRST64.exe

2014-12-08 22:28 - 2015-01-05 08:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-08 22:27 - 2014-12-11 15:43 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-08 22:27 - 2014-12-08 22:27 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-08 22:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-08 22:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-08 22:17 - 2014-12-08 22:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dodie\Downloads\mbam-setup-2.0.4.1028.exe

2014-12-07 17:10 - 2014-12-08 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-07 17:10 - 2014-12-08 22:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-07 17:10 - 2014-12-07 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-06 00:32 - 2012-04-23 07:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-06 00:22 - 2010-07-23 00:47 - 00000000 ____D () C:\ProgramData\Temp

2015-01-06 00:07 - 2012-03-31 22:00 - 00000324 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job

2015-01-05 22:52 - 2009-07-13 23:13 - 00854542 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-05 22:48 - 2012-01-15 16:26 - 01653045 _____ () C:\Windows\WindowsUpdate.log

2015-01-05 21:27 - 2014-12-03 16:15 - 00001851 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk

2015-01-05 21:25 - 2012-03-03 15:20 - 00000000 ____D () C:\Program Files (x86)\The_Genealogy_Gems_Podcast

2015-01-05 08:42 - 2009-07-13 22:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-05 08:42 - 2009-07-13 22:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-05 08:33 - 2014-10-15 19:26 - 00015960 _____ () C:\Windows\DtcInstall.log

2015-01-05 08:32 - 2014-10-15 19:26 - 00109940 _____ () C:\Windows\PFRO.log

2015-01-05 08:32 - 2014-10-15 19:26 - 00007684 _____ () C:\Windows\setupact.log

2015-01-05 08:32 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-03 13:00 - 2012-01-15 17:12 - 00000000 ____D () C:\Users\Dodie

2015-01-01 22:46 - 2012-05-13 16:28 - 00000000 ____D () C:\Users\Dodie\Deskop

2015-01-01 22:08 - 2012-02-14 08:46 - 00000000 ____D () C:\ProgramData\AOL

2015-01-01 20:14 - 2014-07-02 11:41 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-12-30 22:51 - 2012-03-10 13:01 - 00002356 _____ () C:\Windows\system32\regHiveData.bin

2014-12-29 18:57 - 2014-05-19 15:58 - 00000000 ____D () C:\Users\DefaultAppPool

2014-12-28 18:31 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache

2014-12-28 18:06 - 2014-10-08 20:36 - 00000000 ____D () C:\Users\Dodie\Documents\SpeedFixTool

2014-12-28 15:19 - 2009-07-13 22:45 - 00428264 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-12-28 15:18 - 2010-07-23 00:52 - 00000000 ____D () C:\Program Files\Google

2014-12-28 15:18 - 2010-07-23 00:52 - 00000000 ____D () C:\Program Files (x86)\Google

2014-12-28 15:16 - 2012-03-18 11:28 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-28 15:16 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-28 15:15 - 2014-08-04 16:01 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-28 15:10 - 2012-01-15 20:24 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-28 14:39 - 2014-08-13 12:13 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-28 14:36 - 2012-01-15 17:14 - 00000000 ____D () C:\Users\Dodie\AppData\Local\Deployment

2014-12-28 13:56 - 2012-02-03 18:15 - 00000000 ____D () C:\Users\Dodie\AppData\Local\Google

2014-12-28 13:56 - 2010-07-23 00:52 - 00000000 ____D () C:\ProgramData\Google

2014-12-28 13:42 - 2010-07-23 01:31 - 05721376 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll

2014-12-28 13:05 - 2012-02-08 11:18 - 00000000 ____D () C:\Users\Dodie\AppData\Local\Adobe

2014-12-28 13:05 - 2012-01-15 17:33 - 00000000 ____D () C:\Users\Dodie\AppData\Roaming\Adobe

2014-12-28 13:05 - 2010-07-23 00:57 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-12-28 11:39 - 2014-12-03 14:21 - 00001382 _____ () C:\Users\Dodie\Desktop\Internet Explorer.lnk

2014-12-28 11:30 - 2012-04-23 07:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-28 11:30 - 2012-04-23 07:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-28 11:30 - 2012-02-04 14:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-27 20:16 - 2014-11-18 22:42 - 00000000 __HDC () C:\ProgramData\{B867311F-7752-4D43-AD4E-FE953FE49704}

2014-12-14 15:11 - 2010-12-18 15:16 - 00000000 ____D () C:\Users\Dodie\Documents\Family Tree Maker

2014-12-11 15:45 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-12-11 15:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism

2014-12-10 12:32 - 2007-07-11 19:49 - 00000000 ____D () C:\Windows\Panther

2014-12-09 21:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing

2014-12-08 23:36 - 2014-12-03 16:03 - 00000000 ____D () C:\ProgramData\McAfee

2014-12-08 23:36 - 2014-12-03 16:03 - 00000000 ____D () C:\Program Files\Common Files\McAfee

2014-12-08 23:36 - 2014-12-03 15:07 - 00000000 ____D () C:\Program Files (x86)\AOL Desktop 9.7

2014-12-08 23:36 - 2014-12-03 14:35 - 00000000 ____D () C:\Program Files (x86)\AOL Computer Checkup

2014-12-08 23:36 - 2014-10-08 20:37 - 00000000 ____D () C:\Users\Dodie\AppData\Local\SpeedFixTool

2014-12-08 23:36 - 2012-04-24 08:26 - 00000000 ____D () C:\Program Files (x86)\ABBYY Screenshot Reader

2014-12-08 23:36 - 2012-01-15 16:31 - 00000000 ____D () C:\Program Files (x86)\Launch Manager

2014-12-08 23:36 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration

2014-12-07 17:24 - 2012-02-16 11:02 - 00000000 ____D () C:\Windows\Minidump

 

Some content of TEMP:

====================

C:\Users\Dodie\AppData\Local\Temp\InstHelper.exe

C:\Users\Dodie\AppData\Local\Temp\Quarantine.exe

C:\Users\Dodie\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-04 20:32

 

==================== End Of Log ============================

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.93  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

McAfee Anti-Virus and Anti-Spyware   

ESET NOD32 Antivirus 8.0             

avast! Antivirus                     

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 16.0.0.235  

 Adobe Reader 9 Adobe Reader out of Date! 

 Mozilla Firefox 30.0 Firefox out of Date!  

 Google Chrome (39.0.2171.95) 

````````Process Check: objlist.exe by Laurent````````  

 ESET NOD32 Antivirus egui.exe  

 ESET NOD32 Antivirus ekrn.exe  

 Malwarebytes Anti-Malware mbam.exe  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast avastui.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

I cannot find the Java Control Panel or the application on Drive C.  However, there are 2 files that might be remnants of the program, they are of course, javascripts folder, then java.amd.  I can remove these manually if I need to.

 

I'm going to go ahead and suggest the MBAM premium to her.

 

One question, is there a way that I can look over the logs from the tool to find out what kind of infections I might be dealing with or to be sure they are clean?  I'm asking because my father's computer is infected I know, and I'd like to at least be able to pinpoint what might be going on.

 

Thanks so much for your help!!  Definitely upgrading I know 3 pcs with MBAM Premium perhaps more.

 

Like I said, you are an angel!!

Link to post
Share on other sites

  • Root Admin

I would not worry about the left over Java - it's like a tick on a dog and hard to remove 100% of it but the main portion should be gone by now.

 

The FRST tool is currently the go to tool as it can normally find and list "most" items. Deciphering what the logs are really telling you though is where time, experience, and training come in and why we suggest that you allow one of the trained Experts help you as they've been through this training. You can run MBAM and do a Threat Scan and it should find and remove the most critical items. But as you've seen there can be things we don't remove as well. Often there are some elements that we cannot remove due to potential legal issues that other tools made by private individuals are not worried about and do remove.

 

So if in doubt simply run the FRST tool as you did here and post back both logs in a new topic and someone will assist you with the other computer as well.

 

Thank you again and take care

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.