Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Trojan: WIN32/Prowessere.Alreg. - some programs still wont run


  • This topic is locked This topic is locked
25 replies to this topic

#1 bbhudd

bbhudd

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 18 December 2014 - 01:46 PM

Had Trojan WIN32/Prowessere.Alreg. Removed with help from Bleeping Computer person. Computer still runs slow and certain programs will not run/get hung up. Please help. I have run DDS have the two logs.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 23 December 2014 - 06:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560286 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bbhudd

bbhudd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 24 December 2014 - 09:40 AM

here is DDS results

DDS (Ver_2012-11-20.01) - NTFS_AMD64

 

Internet Explorer: 11.0.9600.17496

 

Run by mark at 8:22:55 on 2014-12-24

 

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.6634 [GMT -5:00]

 

.

 

AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

 

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

 

SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

 

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

.

 

============== Running Processes ===============

 

.

 

C:\Windows\system32\lsm.exe

 

C:\Windows\system32\svchost.exe -k DcomLaunch

 

C:\Windows\system32\nvvsvc.exe

 

C:\Windows\system32\svchost.exe -k RPCSS

 

c:\Program Files\Microsoft Security Client\MsMpEng.exe

 

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

 

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

 

C:\Windows\system32\svchost.exe -k LocalService

 

C:\Windows\system32\svchost.exe -k netsvcs

 

C:\Windows\system32\svchost.exe -k GPSvcGroup

 

C:\Windows\system32\svchost.exe -k NetworkService

 

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

 

C:\Windows\system32\nvvsvc.exe

 

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

 

C:\Windows\System32\spoolsv.exe

 

C:\Windows\system32\taskhost.exe

 

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

 

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

 

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

 

C:\Windows\system32\taskeng.exe

 

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

C:\Program Files\Bonjour\mDNSResponder.exe

 

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

 

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

 

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

 

C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

 

C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

 

C:\Windows\system32\Dwm.exe

 

C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

 

C:\Windows\Explorer.EXE

 

C:\Program Files\Microsoft Security Client\msseces.exe

 

C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe

 

C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

 

C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe

 

C:\Program Files\AVAST Software\Avast\avastui.exe

 

C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

 

C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe

 

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

 

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

 

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

 

C:\Program Files\Common Files\Motive\McciCMService.exe

 

C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe

 

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

 

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

 

C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

 

C:\Windows\system32\wbem\unsecapp.exe

 

C:\Windows\system32\wbem\wmiprvse.exe

 

c:\Program Files\Microsoft Security Client\NisSrv.exe

 

C:\Windows\system32\SearchIndexer.exe

 

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

 

C:\Program Files\Windows Media Player\wmpnetwk.exe

 

C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

 

C:\Windows\System32\WUDFHost.exe

 

C:\Windows\System32\svchost.exe -k swprv

 

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

 

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

 

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

 

C:\Program Files (x86)\Nero\Update\NASvc.exe

 

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

 

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

C:\Program Files\Internet Explorer\iexplore.exe

 

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

 

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

 

C:\Windows\sysWOW64\wbem\wmiprvse.exe

 

C:\Windows\system32\taskeng.exe

 

C:\Program Files (x86)\Windstream\Service Agent\Windstream Service AgentComHandler.exe

 

C:\Windows\system32\SearchProtocolHost.exe

 

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

 

C:\Windows\system32\vssvc.exe

 

C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe

 

C:\Windows\system32\SearchFilterHost.exe

 

C:\Windows\system32\taskhost.exe

 

C:\Windows\System32\cscript.exe

 

.

 

============== Pseudo HJT Report ===============

 

.

 

uStart Page = hxxps://www.google.com/

 

uSearch Bar = Preserve

 

uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01

 

mSearch Bar = hxxp://www.google.com

 

uProxyOverride = <-loopback>

 

mWinlogon: Userinit = userinit.exe,

 

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

 

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

 

uRun: [WorkForce 630(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Users\mark\AppData\Local\Temp\E_SE8AE.tmp" /EF "HKCU"

 

uRunOnce: [DeleteMarkAny] C:\Windows\SysWOW64\MASetupCleaner.exe C:\Program Files (x86)\MarkAny\ContentSafer

 

mRun: [Windstream Service Agent.exe] "C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe" /AUTORUN

 

mRun: [DiagnosticTools.exe] "C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe" /AUTORUN

 

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

 

mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

 

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

 

mPolicies-Explorer: NoActiveDesktop = dword:1

 

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

 

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

 

mPolicies-System: ConsentPromptBehaviorUser = dword:3

 

mPolicies-System: EnableUIADesktopToggle = dword:0

 

mPolicies-System: SoftwareSASGeneration = dword:1

 

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

 

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

 

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

 

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

 

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_20-windows-i586.cab

 

DPF: {CAFEEFAC-0018-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_20-windows-i586.cab

 

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_20-windows-i586.cab

 

TCP: NameServer = 192.168.254.254

 

TCP: Interfaces\{56D1DBD4-3764-45E6-A132-A297E1DFDF47} : DHCPNameServer = 192.168.254.254

 

TCP: Interfaces\{56D1DBD4-3764-45E6-A132-A297E1DFDF47}\7594E4F526364323 : DHCPNameServer = 192.168.254.254

 

TCP: Interfaces\{56D1DBD4-3764-45E6-A132-A297E1DFDF47}\D62686574646 : DHCPNameServer = 192.168.1.1

 

TCP: Interfaces\{81CA85DE-16AF-4F11-A255-99D9EB771B02} : DHCPNameServer = 192.168.254.254

 

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

 

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

 

SSODL: WebCheck - <orphaned>

 

x64-mStart Page = www.google.com

 

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll

 

x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

 

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

 

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll

 

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

 

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

 

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

 

x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

 

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

 

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

 

x64-SSODL: WebCheck - <orphaned>

 

.

 

============= SERVICES / DRIVERS ===============

 

.

 

R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-12-17 65776]

 

R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-12-17 267632]

 

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]

 

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-7-7 25960]

 

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-12-17 1050432]

 

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-12-17 436624]

 

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

 

R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-12-17 29208]

 

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-12-17 83280]

 

R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-12-17 116728]

 

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-17 50344]

 

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2014-6-28 166400]

 

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2014-6-28 128512]

 

R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]

 

R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]

 

R2 HsdService;HsdService;C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [2013-10-12 1393976]

 

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-8 13336]

 

R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-4-8 244624]

 

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2013-9-4 517632]

 

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

 

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-7-17 125584]

 

R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [2013-10-12 10315064]

 

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-24 378472]

 

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-7 2656280]

 

R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-17 271752]

 

R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-17 4012248]

 

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-4-8 1014624]

 

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]

 

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-7 428136]

 

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

 

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

 

S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-11-19 227904]

 

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-11-14 259664]

 

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]

 

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-7 19456]

 

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-22 56832]

 

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-7 30208]

 

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]

 

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-10 1255736]

 

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

 

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

 

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

 

.

 

=============== Created Last 30 ================

 

.

 

2014-12-23 20:29:33 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEED5357-4D69-4154-AECE-863E740DE4F8}\mpengine.dll

 

2014-12-23 19:36:05 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

 

2014-12-22 17:44:50 -------- d-sh--w- C:\$RECYCLE.BIN

 

2014-12-22 17:16:26 -------- d-----w- C:\Users\mark\New folder

 

2014-12-22 04:48:27 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

 

2014-12-22 04:48:27 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

 

2014-12-21 22:55:43 -------- d-----w- C:\Program Files\Speccy

 

2014-12-21 22:18:50 -------- d-----w- C:\Users\mark\AppData\Roaming\SmartDraw

 

2014-12-21 22:18:50 -------- d-----w- C:\Users\mark\AppData\Local\SmartDraw

 

2014-12-21 22:15:23 -------- d-----w- C:\SmartDraw CI

 

2014-12-21 14:34:08 -------- d-----w- C:\Program Files (x86)\ESET

 

2014-12-21 00:15:38 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

 

2014-12-19 16:24:23 -------- d-----w- C:\Windows\ERUNT

 

2014-12-19 13:08:12 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63440CE5-4388-4898-BDB9-ACB37D41D013}\gapaengine.dll

 

2014-12-19 13:02:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

 

2014-12-19 13:02:18 -------- d-----w- C:\Program Files\Microsoft Security Client

 

2014-12-18 04:20:25 -------- d-----w- C:\Program Files (x86)\VS Revo Group

 

2014-12-18 03:57:54 144384 ----a-w- C:\Windows\System32\ieUnatt.exe

 

2014-12-18 03:57:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

 

2014-12-17 22:40:56 -------- d-----w- C:\Users\mark\AppData\Roaming\AVAST Software

 

2014-12-17 22:38:53 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

 

2014-12-17 22:38:53 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys

 

2014-12-17 22:38:52 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

 

2014-12-17 22:38:51 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

 

2014-12-17 22:38:51 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys

 

2014-12-17 22:38:50 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

 

2014-12-17 22:38:50 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys

 

2014-12-17 22:38:26 43152 ----a-w- C:\Windows\avastSS.scr

 

2014-12-17 22:31:07 -------- d-----w- C:\Program Files\AVAST Software

 

2014-12-17 22:14:31 -------- d-s---w- C:\Windows\SysWow64\Microsoft

 

2014-12-17 20:17:46 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

 

2014-12-16 22:22:29 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C875736-9D39-422E-8B94-53339125D43C}\mpengine.dll

 

2014-12-15 13:22:35 -------- d-----w- C:\Windows\pss

 

2014-12-14 22:01:49 12872 ----a-w- C:\Windows\System32\bootdelete.exe

 

2014-12-14 17:11:16 -------- d-----w- C:\ProgramData\HitmanPro

 

2014-12-14 15:40:07 -------- d-----w- C:\Users\mark\WPDNSE

 

2014-12-14 03:27:20 -------- d-----w- C:\Users\mark\hsperfdata_mark

 

2014-12-14 01:26:05 758 ----a-w- C:\Users\mark\RpT3A22.tmp

 

2014-12-14 00:12:54 766 ----a-w- C:\Users\mark\RpT3ADD.tmp

 

2014-12-13 19:04:48 766 ----a-w- C:\Users\mark\RpT4191.tmp

 

2014-12-13 18:31:10 766 ----a-w- C:\Users\mark\RpT6279.tmp

 

2014-12-13 17:44:25 766 ----a-w- C:\Users\mark\RpT41DF.tmp

 

2014-12-13 17:36:17 -------- d-----w- C:\Users\mark\msdt

 

2014-12-13 17:31:29 -------- d-----w- C:\Users\mark\Low

 

2014-12-13 17:24:24 766 ----a-w- C:\Users\mark\RpT60E4.tmp

 

2014-12-13 17:23:55 -------- d-----w- C:\Users\mark\Skype

 

2014-12-13 17:23:14 -------- d-----w- C:\Windows\System32\_avast_

 

2014-12-13 17:19:47 -------- d-----w- C:\Users\mark\msdtadmin

 

2014-12-13 03:08:55 -------- dc----w- C:\Users\mark\AppData\Local\MigWiz

 

2014-12-12 05:47:31 -------- d-----w- C:\Users\mark\AppData\Roaming\TuneUp Software

 

2014-12-12 05:37:19 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

 

2014-12-12 05:35:46 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

 

2014-12-12 05:35:46 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys

 

2014-12-12 05:35:45 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

 

2014-12-12 05:35:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

 

2014-12-12 05:16:58 -------- d-----w- C:\ProgramData\BlueStacks

 

2014-12-12 05:16:23 -------- d-----w- C:\Users\mark\AppData\Roaming\WildTangent

 

2014-12-12 03:44:28 -------- d--h--w- C:\ProgramData\Common Files

 

2014-12-12 03:44:28 -------- d-----w- C:\Users\mark\AppData\Local\MFAData

 

2014-12-12 03:44:28 -------- d-----w- C:\ProgramData\MFAData

 

2014-12-10 21:04:06 -------- d-----w- C:\Windows\System32\appraiser

 

2014-12-10 19:53:19 2048 ----a-w- C:\Windows\SysWow64\mferror.dll

 

2014-12-10 19:53:19 2048 ----a-w- C:\Windows\System32\mferror.dll

 

2014-12-10 19:53:18 55808 ----a-w- C:\Windows\System32\rrinstaller.exe

 

2014-12-10 19:53:18 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe

 

2014-12-10 19:53:18 3209728 ----a-w- C:\Windows\SysWow64\mf.dll

 

2014-12-10 19:53:18 24576 ----a-w- C:\Windows\System32\mfpmp.exe

 

2014-12-10 19:53:18 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe

 

2014-12-10 19:53:18 206848 ----a-w- C:\Windows\System32\mfps.dll

 

2014-12-10 19:53:18 103424 ----a-w- C:\Windows\SysWow64\mfps.dll

 

2014-12-10 19:53:17 4121600 ----a-w- C:\Windows\System32\mf.dll

 

2014-12-10 13:48:07 1232040 ----a-w- C:\Windows\System32\aitstatic.exe

 

2014-12-10 13:48:06 830976 ----a-w- C:\Windows\System32\appraiser.dll

 

2014-12-10 13:48:06 741376 ----a-w- C:\Windows\System32\invagent.dll

 

2014-12-10 13:48:06 413184 ----a-w- C:\Windows\System32\generaltel.dll

 

2014-12-10 13:48:06 396800 ----a-w- C:\Windows\System32\devinv.dll

 

2014-12-10 13:48:06 192000 ----a-w- C:\Windows\System32\aepic.dll

 

2014-12-10 13:48:06 1083392 ----a-w- C:\Windows\System32\aeinv.dll

 

2014-12-10 13:48:05 227328 ----a-w- C:\Windows\System32\aepdu.dll

 

2014-12-10 13:44:57 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll

 

2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

 

2014-11-25 18:59:38 18638520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

 

.

 

==================== Find3M  ====================

 

.

 

2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

 

2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

 

2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll

 

2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll

 

2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

 

2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll

 

2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe

 

2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll

 

2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll

 

2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

 

2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

 

2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

 

2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll

 

2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll

 

2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

 

2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll

 

2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

 

2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll

 

2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl

 

2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

 

2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll

 

2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll

 

2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

 

2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll

 

2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll

 

2014-11-19 09:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL

 

2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

 

2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll

 

2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll

 

2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

 

2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll

 

2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll

 

2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys

 

2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll

 

2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

 

2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe

 

2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe

 

2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe

 

2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll

 

2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll

 

2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll

 

2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

 

2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

 

2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll

 

2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll

 

2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll

 

2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll

 

2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll

 

2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

 

2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll

 

2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

 

2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll

 

2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll

 

2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys

 

2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll

 

2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll

 

2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll

 

2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll

 

2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll

 

2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll

 

2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll

 

2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll

 

2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe

 

2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll

 

2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll

 

2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll

 

2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll

 

2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll

 

2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll

 

2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll

 

2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe

 

2014-10-02 18:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

 

2014-10-02 18:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

 

2014-04-29 20:46:38 50063360 ----a-w- C:\Program Files (x86)\GUT3469.tmp

 

.

 

============= FINISH:  8:24:09.26 ===============



#4 bbhudd

bbhudd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 24 December 2014 - 09:41 AM

.

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

 

IF REQUESTED, ZIP IT UP & ATTACH IT

 

.

 

DDS (Ver_2012-11-20.01)

 

.

 

Microsoft Windows 7 Home Premium

 

Boot Device: \Device\HarddiskVolume2

 

Install Date: 10/8/2011 8:54:37 AM

 

System Uptime: 12/23/2014 1:16:01 PM (19 hours ago)

 

.

 

Motherboard: Gateway |  | DX4860

 

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | CPU 1 | 1598/100mhz

 

.

 

==== Disk Partitions =========================

 

.

 

C: is FIXED (NTFS) - 1383 GiB total, 1004.269 GiB free.

 

D: is CDROM ()

 

E: is Removable

 

F: is Removable

 

G: is Removable

 

H: is Removable

 

I: is Removable

 

.

 

==== Disabled Device Manager Items =============

 

.

 

==== System Restore Points ===================

 

.

 

RP341: 10/21/2014 8:13:17 AM - Windows Update

 

RP342: 10/24/2014 8:36:28 AM - Windows Update

 

RP343: 10/28/2014 8:53:04 AM - Windows Update

 

RP344: 10/31/2014 8:30:18 AM - Windows Modules Installer

 

RP345: 10/31/2014 8:38:41 AM - Windows Modules Installer

 

RP346: 10/31/2014 11:13:01 AM - avast! antivirus system restore point

 

RP347: 11/4/2014 7:42:44 AM - Windows Update

 

RP348: 11/5/2014 10:13:48 AM - Windows Backup

 

RP349: 11/7/2014 10:43:52 AM - Windows Update

 

RP350: 11/10/2014 9:28:09 AM - Windows Backup

 

RP351: 11/11/2014 2:19:34 AM - Windows Update

 

RP352: 11/12/2014 3:00:20 AM - Windows Update

 

RP353: 11/17/2014 1:05:22 AM - Windows Backup

 

RP354: 11/18/2014 1:07:56 AM - Windows Update

 

RP355: 11/19/2014 3:00:12 AM - Windows Update

 

RP356: 11/24/2014 2:43:09 AM - Windows Backup

 

RP357: 11/25/2014 12:49:13 AM - Windows Update

 

RP358: 11/27/2014 5:27:37 PM - Removed Apple Mobile Device Support

 

RP359: 11/27/2014 5:28:30 PM - Removed Apple Application Support

 

RP360: 11/27/2014 5:36:50 PM - Removed iTunes

 

RP361: 11/27/2014 5:38:26 PM - Removed iTunes

 

RP362: 11/27/2014 5:39:01 PM - Removed iTunes

 

RP363: 11/29/2014 7:46:54 PM - Windows Update

 

RP364: 12/1/2014 8:14:19 AM - avast! antivirus system restore point

 

RP365: 12/1/2014 8:27:46 AM - Windows Backup

 

RP366: 12/5/2014 5:08:27 AM - Windows Update

 

RP367: 12/9/2014 9:12:47 AM - Windows Update

 

RP368: 12/10/2014 2:51:49 PM - Windows Update

 

RP369: 12/11/2014 6:15:42 PM - Removed Adobe Reader XI (11.0.10).

 

RP370: 12/11/2014 6:30:35 PM - Removed Adobe Reader XI (11.0.10).

 

RP371: 12/11/2014 6:56:28 PM - Windows Modules Installer

 

RP372: 12/11/2014 6:57:40 PM - Windows Modules Installer

 

RP373: 12/11/2014 7:20:08 PM - Windows Update

 

RP374: 12/11/2014 11:55:00 PM - Installed AVG 2015

 

RP375: 12/11/2014 11:56:49 PM - Installed AVG 2015

 

RP376: 12/12/2014 9:01:51 PM - Windows Backup

 

RP377: 12/12/2014 10:07:27 PM - Windows Backup

 

RP378: 12/12/2014 10:18:23 PM - Windows Backup

 

RP379: 12/13/2014 9:30:36 AM - Restore Operation

 

RP380: 12/13/2014 11:04:06 AM - Tuneup Pro Sat, Dec 13, 14  11:04

 

RP381: 12/14/2014 12:03:22 PM - avast! antivirus system restore point

 

RP382: 12/14/2014 4:57:15 PM - Checkpoint by HitmanPro

 

RP383: 12/14/2014 4:58:54 PM - Checkpoint by HitmanPro

 

RP384: 12/15/2014 6:22:51 PM - Windows Modules Installer

 

RP385: 12/16/2014 5:21:16 PM - Windows Update

 

RP386: 12/17/2014 8:02:31 AM - Windows Backup

 

RP387: 12/17/2014 8:05:43 AM - Windows Backup

 

RP388: 12/17/2014 10:01:14 AM - Windows Backup

 

RP389: 12/17/2014 10:06:39 AM - Windows Backup

 

RP390: 12/17/2014 5:14:00 PM - avast! antivirus system restore point

 

RP391: 12/17/2014 5:30:39 PM - avast! antivirus system restore point

 

RP392: 12/18/2014 12:04:18 AM - Windows Update

 

RP393: 12/18/2014 2:23:53 PM - Removed Java 8 Update 25

 

RP394: 12/18/2014 2:25:43 PM - Removed Java 7 Update 60

 

RP395: 12/18/2014 2:26:45 PM - Removed Java SE Development Kit 8 Update 5 (64-bit)

 

RP396: 12/18/2014 2:29:50 PM - Removed Java 7 Update 67 (64-bit)

 

RP397: 12/18/2014 2:31:17 PM - Removed Java 7 Update 60

 

RP398: 12/18/2014 11:16:45 PM - Removed AVG 2015

 

RP399: 12/18/2014 11:21:36 PM - Removed AVG 2015

 

RP400: 12/19/2014 6:01:52 PM - Removed Adobe Reader XI (11.0.10).

 

RP401: 12/20/2014 7:06:48 PM - Removed Java 8 Update 25 (64-bit)

 

RP402: 12/20/2014 8:40:13 PM - Installed Java 7 Update 72 (64-bit)

 

RP403: 12/22/2014 2:06:41 PM - Windows Update

 

RP404: 12/23/2014 2:41:29 PM - Removed Samsung Kies

 

.

 

==== Installed Programs ======================

 

.

 

ABBYY FineReader 9.0 Sprint

 

Acrobat.com

 

Adobe AIR

 

Adobe Flash Player 16 ActiveX

 

Adobe Reader XI (11.0.10)

 

Adobe Refresh Manager

 

Agatha Christie - 4:50 from Paddington

 

Apple Software Update

 

Avast Free Antivirus

 

Bejeweled 2 Deluxe

 

Bonjour

 

Build-a-lot 2

 

Chuzzle Deluxe

 

CyberLink PowerDVD 10

 

D3DX10

 

Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition

 

Diner Dash 2 Restaurant Rescue

 

Dora's World Adventure

 

Elevated Installer

 

Epson CreativeZone

 

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

 

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

 

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

 

Epson Event Manager

 

Epson FAX Utility

 

EPSON Scan

 

EPSON WorkForce 630 Series Printer Uninstall

 

EpsonNet Print

 

EpsonNet Setup 3.3

 

Final Drive: Nitro

 

Galerie de photos Windows Live

 

Garmin Express

 

Garmin Express Tray

 

Garmin Update Service

 

Gateway Games

 

Gateway Recovery Management

 

Gateway Registration

 

Gateway ScreenSaver

 

Google Earth

 

Google Update Helper

 

Hotkey Utility

 

Identity Card

 

Intel® Management Engine Components

 

Intel® Rapid Storage Technology

 

Internet Explorer (Enable DEP)

 

Itibiti RTC

 

Java 7 Update 72 (64-bit)

 

Java 8 Update 25 (64-bit)

 

Java Auto Updater

 

Jewel Quest Heritage

 

Junk Mail filter update

 

LTCM Client

 

Malwarebytes Anti-Malware version 2.0.4.1028

 

Mesh Runtime

 

Microsoft .NET Framework 4.5.1

 

Microsoft Application Error Reporting

 

Microsoft Office 2010

 

Microsoft Office Access MUI (English) 2010

 

Microsoft Office Access Setup Metadata MUI (English) 2010

 

Microsoft Office Excel MUI (English) 2010

 

Microsoft Office Office 64-bit Components 2010

 

Microsoft Office OneNote MUI (English) 2010

 

Microsoft Office Outlook MUI (English) 2010

 

Microsoft Office PowerPoint MUI (English) 2010

 

Microsoft Office Professional 2010

 

Microsoft Office Proof (English) 2010

 

Microsoft Office Proof (French) 2010

 

Microsoft Office Proof (Spanish) 2010

 

Microsoft Office Proofing (English) 2010

 

Microsoft Office Publisher MUI (English) 2010

 

Microsoft Office Shared 64-bit MUI (English) 2010

 

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

 

Microsoft Office Shared MUI (English) 2010

 

Microsoft Office Shared Setup Metadata MUI (English) 2010

 

Microsoft Office Single Image 2010

 

Microsoft Office Word MUI (English) 2010

 

Microsoft Security Client

 

Microsoft Security Essentials

 

Microsoft Silverlight

 

Microsoft SQL Server 2005 Compact Edition [ENU]

 

Microsoft VC9 runtime libraries

 

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

 

Microsoft Visual C++ 2005 Redistributable

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

 

MSVCRT

 

MSVCRT_amd64

 

MSXML 4.0 SP2 (KB954430)

 

MSXML 4.0 SP2 (KB973688)

 

MyFreeCodec

 

Mystery P.I. - Stolen in San Francisco

 

Namco All-Stars: PAC-MAN

 

Nero Control Center 10

 

Nero ControlCenter 10 Help (CHM)

 

Nero Core Components 10

 

Nero DiscSpeed 10

 

Nero DiscSpeed 10 Help (CHM)

 

Nero Express 10

 

Nero Express 10 Help (CHM)

 

Nero Multimedia Suite 10 Essentials

 

Nero StartSmart 10

 

Nero StartSmart 10 Help (CHM)

 

Nero Update

 

NOOK for PC

 

NVIDIA Control Panel 267.85

 

NVIDIA Graphics Driver 267.85

 

NVIDIA HD Audio Driver 1.3.18.0

 

NVIDIA Install Application

 

NVIDIA PhysX

 

NVIDIA PhysX System Software 9.10.0514

 

NVIDIA Stereoscopic 3D Driver

 

Octoshape add-in for Adobe Flash Player

 

Penguins!

 

Plants vs. Zombies - Game of the Year

 

Poker Superstars III

 

Polar Bowler

 

Polar Golfer

 

QuickTime 7

 

Radialpoint Security Advisor 2.5.15

 

Realtek Ethernet Controller Driver

 

Realtek High Definition Audio Driver

 

Security Update for CAPICOM (KB931906)

 

Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)

 

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

 

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

 

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

 

Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)

 

Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)

 

Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)

 

Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)

 

Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition

 

Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition

 

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

 

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

 

Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition

 

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

 

Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition

 

Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition

 

Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition

 

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

 

Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)

 

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)

 

Skype™ 6.18

 

Software Updater

 

Speccy

 

ToneSync for Windows

 

Torchlight

 

Unity Web Player

 

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

 

Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition

 

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition

 

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2494150)

 

Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition

 

Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition

 

Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition

 

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition

 

Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition

 

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

 

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition

 

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition

 

Update Installer for WildTangent Games App

 

Virtual Villagers 4 - The Tree of Life

 

Visual Studio 2012 x64 Redistributables

 

Visual Studio 2012 x86 Redistributables

 

Welcome Center

 

WildTangent Games App (Gateway Games)

 

Windows Live

 

Windows Live Communications Platform

 

Windows Live Essentials

 

Windows Live ID Sign-in Assistant

 

Windows Live Installer

 

Windows Live Language Selector

 

Windows Live Mail

 

Windows Live Mesh

 

Windows Live Messenger

 

Windows Live MIME IFilter

 

Windows Live Movie Maker

 

Windows Live Photo Common

 

Windows Live Photo Gallery

 

Windows Live PIMT Platform

 

Windows Live Remote Client

 

Windows Live Remote Client Resources

 

Windows Live Remote Service

 

Windows Live Remote Service Resources

 

Windows Live SOXE

 

Windows Live SOXE Definitions

 

Windows Live UX Platform

 

Windows Live UX Platform Language Pack

 

Windows Live Writer

 

Windows Live Writer Resources

 

Windstream Diagnostic Tools 3.0.21

 

Windstream Service Agent 4.1.15

 

Zuma's Revenge

 

.

 

==== Event Viewer Messages From Past Week ========

 

.

 

12/24/2014 8:21:51 AM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.

 

12/22/2014 9:09:49 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.

 

12/22/2014 2:19:52 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

 

12/22/2014 2:19:52 PM, Error: Service Control Manager [7000]  - The Garmin Core Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

 

12/22/2014 12:45:11 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.

 

12/22/2014 12:45:09 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

 

12/22/2014 12:45:08 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

12/22/2014 12:44:55 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

12/22/2014 12:44:45 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

 

12/22/2014 12:44:42 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswRvrt aswSnx aswSP aswVmm discache MpFilter spldr Wanarpv6

 

12/22/2014 12:44:28 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

 

12/22/2014 12:44:14 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: On Access   Error Code: 0x8007043c   Error description: This service cannot be started in Safe Mode    Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

 

12/22/2014 12:17:52 AM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

 

12/22/2014 12:06:48 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

12/22/2014 1:53:49 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user mark-PC\mark SID (S-1-5-21-683287437-1384959086-100506706-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

 

12/22/2014 1:26:08 PM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.254.6. The computer with the IP address 192.168.254.7 did not allow the name to be claimed by this computer.

 

12/22/2014 1:21:20 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.

 

12/21/2014 6:38:53 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service AvastVBoxSvc with arguments "" in order to run the server: {F319F1B8-7587-4146-AF9C-0D6D77819BF1}

 

12/21/2014 6:38:51 PM, Error: Service Control Manager [7000]  - The AvastVBox COM Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

 

12/21/2014 6:38:50 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.

 

12/21/2014 11:40:19 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.191.523.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.11302.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode

 

12/21/2014 11:34:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

 

12/21/2014 11:29:36 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: On Access   Error Code: 0x8007043c   Error description: This service cannot be started in Safe Mode    Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

 

12/21/2014 1:26:22 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: On Access   Error Code: 0x8007043c   Error description: This service cannot be started in Safe Mode    Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

 

.

 

==== End Of File ===========================



#5 bbhudd

bbhudd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 24 December 2014 - 09:45 AM

With the help of Quietman Trojan was removed. However, computer runs slows,internet explorer hangs up, and downloading has snags. please help. Oh, yesterday when I powered up computer Avast started in what appeared to be safe mode and performed a scan. After scan and system powered up I removed Kies programs and all programs that Quietman had me run except malware bytes.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:23 PM

Posted 24 December 2014 - 10:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.


Wait for further instructions.

#7 bbhudd

bbhudd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 24 December 2014 - 11:35 AM

here are results
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by mark (administrator) on MARK-PC on 24-12-2014 11:32:09
Running from C:\Users\mark\Desktop\Downloads
Loaded Profile: mark (Available profiles: mark)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Windstream) C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Windstream Service Agent.exe] => C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe [10204472 2011-10-13] (Windstream)
HKLM-x32\...\Run: [DiagnosticTools.exe] => C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe [2037048 2011-04-25] (Windstream)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-17] (AVAST Software)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-683287437-1384959086-100506706-1001\...\Run: [WorkForce 630(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-683287437-1384959086-100506706-1001\...\RunOnce: [DeleteMarkAny] => C:\Windows\SysWOW64\MASetupCleaner.exe [24576 2013-10-30] ((주)마크애니)
HKU\S-1-5-21-683287437-1384959086-100506706-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-683287437-1384959086-100506706-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-683287437-1384959086-100506706-1001\...\MountPoints2: {ca4583f0-84c3-11e4-91c1-e06995b0c55b} - J:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-683287437-1384959086-100506706-1000\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-683287437-1384959086-100506706-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-683287437-1384959086-100506706-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-683287437-1384959086-100506706-1001 -> DefaultScope {8AAE4875-3D07-4C2B-9639-08D25E0C1847} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-683287437-1384959086-100506706-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-683287437-1384959086-100506706-1001 -> {8AAE4875-3D07-4C2B-9639-08D25E0C1847} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @ei.MyFunCards_5m.com/Plugin -> C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-683287437-1384959086-100506706-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-17]

Chrome:
=======
CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TooManyTabs for Chrome) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-06-22]
CHR Extension: (Docs) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-12]
CHR Extension: (Google Drive) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (YouTube) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-12]
CHR Extension: (Google Search) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (YTubEAdsRemiover) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppjabhhhmickgahdgbjanebccpfcede [2014-02-05]
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-02-05]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdhpdbpfbhldhmpiieanhcppmjipjpg [2014-01-01]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcfmnapblmdaikmppaoghkjhkncgkagb [2014-04-14]
CHR Extension: (Radialpoint SPD Extension) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj [2014-01-20]
CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommimhojfpakldnehbnpnkjhbegmkmpn [2014-06-02]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjfkgkcnnljaalbnlinlngmabdbfcjp [2014-05-27]
CHR Extension: (Gmail) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-12]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-17]
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Windstream\Service Agent\ChromeExtension.crx [2013-10-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-17] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-17] (Avast Software)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-19] (WildTangent)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2011-07-05] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-07-05] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-17] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-17] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 11:29 - 2014-12-24 11:32 - 00000000 ____D () C:\FRST
2014-12-24 08:24 - 2014-12-24 08:24 - 00025914 _____ () C:\Users\mark\Desktop\dds.txt
2014-12-24 08:24 - 2014-12-24 08:24 - 00018794 _____ () C:\Users\mark\Desktop\attach.txt
2014-12-23 14:28 - 2014-12-23 14:28 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 14:26 - 2014-12-23 14:27 - 00000197 _____ () C:\Windows\system32\2014-12-23-19-26-49.074-AvastVBoxSVC.exe-4688.log
2014-12-22 14:22 - 2014-12-22 14:22 - 00000197 _____ () C:\Windows\system32\2014-12-22-19-22-46.024-AvastVBoxSVC.exe-4416.log
2014-12-22 14:01 - 2014-12-22 14:01 - 00000197 _____ () C:\Windows\system32\2014-12-22-19-01-42.044-AvastVBoxSVC.exe-4744.log
2014-12-22 13:26 - 2014-12-22 13:26 - 00000197 _____ () C:\Windows\system32\2014-12-22-18-26-00.017-AvastVBoxSVC.exe-4488.log
2014-12-22 12:16 - 2014-12-22 12:16 - 00000000 ____D () C:\Users\mark\New folder
2014-12-22 09:25 - 2014-12-22 09:25 - 00000197 _____ () C:\Windows\system32\2014-12-22-14-25-41.010-AvastVBoxSVC.exe-4700.log
2014-12-22 00:19 - 2014-12-22 00:19 - 00000197 _____ () C:\Windows\system32\2014-12-22-05-19-20.093-AvastVBoxSVC.exe-4668.log
2014-12-21 23:48 - 2014-12-21 23:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-21 23:48 - 2014-12-21 23:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-21 18:40 - 2014-12-21 18:41 - 00000197 _____ () C:\Windows\system32\2014-12-21-23-40-53.047-AvastVBoxSVC.exe-6376.log
2014-12-21 17:55 - 2014-12-21 17:55 - 00000763 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-12-21 17:55 - 2014-12-21 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-12-21 17:55 - 2014-12-21 17:55 - 00000000 ____D () C:\Program Files\Speccy
2014-12-21 17:18 - 2014-12-21 17:19 - 00000000 ____D () C:\Users\mark\AppData\Roaming\SmartDraw
2014-12-21 17:18 - 2014-12-21 17:18 - 00003636 _____ () C:\Windows\System32\Tasks\SDMsgUpdate (Local)
2014-12-21 17:18 - 2014-12-21 17:18 - 00003628 _____ () C:\Windows\System32\Tasks\SDMsgUpdate (TE)
2014-12-21 17:18 - 2014-12-21 17:18 - 00000614 _____ () C:\Users\Public\Desktop\SmartDraw CI.lnk
2014-12-21 17:18 - 2014-12-21 17:18 - 00000000 ____D () C:\Users\mark\Documents\SmartDraw
2014-12-21 17:18 - 2014-12-21 17:18 - 00000000 ____D () C:\Users\mark\AppData\System
2014-12-21 17:18 - 2014-12-21 17:18 - 00000000 ____D () C:\Users\mark\AppData\Local\SmartDraw
2014-12-21 17:18 - 2014-12-21 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw CI
2014-12-21 17:15 - 2014-12-21 17:18 - 00000000 ____D () C:\SmartDraw CI
2014-12-21 14:12 - 2014-12-21 14:13 - 00000197 _____ () C:\Windows\system32\2014-12-21-19-12-51.097-AvastVBoxSVC.exe-4480.log
2014-12-21 12:41 - 2014-12-21 12:41 - 00000197 _____ () C:\Windows\system32\2014-12-21-17-41-38.012-AvastVBoxSVC.exe-4536.log
2014-12-21 12:12 - 2014-12-21 12:12 - 00000197 _____ () C:\Windows\system32\2014-12-21-17-12-42.061-AvastVBoxSVC.exe-4608.log
2014-12-21 11:10 - 2014-12-21 11:11 - 00000197 _____ () C:\Windows\system32\2014-12-21-16-10-38.094-AvastVBoxSVC.exe-4952.log
2014-12-21 09:34 - 2014-12-21 09:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-20 20:41 - 2014-12-20 19:15 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-20 19:15 - 2014-12-20 19:15 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-20 19:15 - 2014-12-20 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-20 18:38 - 2014-12-20 18:38 - 00000197 _____ () C:\Windows\system32\2014-12-20-23-38-20.070-AvastVBoxSVC.exe-4760.log
2014-12-20 10:36 - 2014-12-20 10:36 - 00000197 _____ () C:\Windows\system32\2014-12-20-15-36-05.058-AvastVBoxSVC.exe-3832.log
2014-12-19 18:21 - 2014-12-19 18:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-19 18:21 - 2014-12-19 18:21 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-19 14:20 - 2014-12-19 14:20 - 00000197 _____ () C:\Windows\system32\2014-12-19-19-20-20.074-AvastVBoxSVC.exe-4512.log
2014-12-19 11:24 - 2014-12-19 11:24 - 00000000 ____D () C:\Windows\ERUNT
2014-12-19 10:22 - 2014-12-19 10:22 - 00000197 _____ () C:\Windows\system32\2014-12-19-15-22-19.072-AvastVBoxSVC.exe-5424.log
2014-12-19 08:02 - 2014-12-19 08:02 - 00002084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-19 08:02 - 2014-12-19 08:02 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-19 08:02 - 2014-12-19 08:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-19 08:02 - 2014-12-19 08:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-12-18 23:30 - 2014-12-18 23:30 - 00000197 _____ () C:\Windows\system32\2014-12-19-04-30-35.031-AvastVBoxSVC.exe-3884.log
2014-12-18 23:15 - 2014-12-18 23:15 - 00000197 _____ () C:\Windows\system32\2014-12-19-04-15-44.079-AvastVBoxSVC.exe-5732.log
2014-12-18 18:46 - 2014-12-18 18:46 - 00000197 _____ () C:\Windows\system32\2014-12-18-23-46-09.042-AvastVBoxSVC.exe-8160.log
2014-12-18 14:16 - 2014-12-18 14:16 - 00000197 _____ () C:\Windows\system32\2014-12-18-19-16-11.014-AvastVBoxSVC.exe-4488.log
2014-12-17 23:35 - 2014-12-17 23:35 - 00000197 _____ () C:\Windows\system32\2014-12-18-04-35-37.010-AvastVBoxSVC.exe-5532.log
2014-12-17 23:20 - 2014-12-23 14:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-17 22:57 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 22:57 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 22:29 - 2014-12-17 22:29 - 00000247 _____ () C:\Windows\system32\2014-12-18-03-29-38.023-aswFe.exe-1092.log
2014-12-17 22:03 - 2014-12-17 22:29 - 00000247 _____ () C:\Windows\system32\2014-12-18-03-03-55.013-aswFe.exe-8124.log
2014-12-17 22:03 - 2014-12-17 22:03 - 00000197 _____ () C:\Windows\system32\2014-12-18-03-03-47.056-AvastVBoxSVC.exe-5576.log
2014-12-17 17:53 - 2014-12-17 17:53 - 00010772 _____ () C:\Users\mark\Documents\cc_20141217_175318 12-17-14.reg
2014-12-17 17:40 - 2014-12-17 17:40 - 00000000 ____D () C:\Users\mark\AppData\Roaming\AVAST Software
2014-12-17 17:39 - 2014-12-23 14:26 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-17 17:39 - 2014-12-17 17:39 - 00001931 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-17 17:39 - 2014-12-17 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-17 17:38 - 2014-12-17 17:39 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-17 17:38 - 2014-12-17 17:38 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-17 17:38 - 2014-12-17 17:38 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-17 17:38 - 2014-12-17 17:38 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-17 17:38 - 2014-12-17 17:38 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-17 17:38 - 2014-12-17 17:38 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-17 17:38 - 2014-12-17 17:38 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-17 17:38 - 2014-12-17 17:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-17 17:38 - 2014-12-17 17:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-17 17:38 - 2014-12-17 17:38 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-17 17:31 - 2014-12-17 17:31 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-17 15:17 - 2014-12-17 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-17 11:36 - 2014-12-17 11:36 - 00068537 _____ () C:\Users\mark\Documents\contacts 12-17-14 icloud.CSV
2014-12-17 11:35 - 2014-12-17 11:35 - 00044560 _____ () C:\Users\mark\Documents\contacts 12-17-14.CSV
2014-12-17 11:34 - 2014-12-22 13:14 - 00009326 _____ () C:\Users\mark\AppData\Roaming\Comma Separated Values (Windows).EML
2014-12-17 11:34 - 2014-12-17 11:34 - 18284775 _____ () C:\Users\mark\Documents\Emails received.CSV
2014-12-17 11:30 - 2014-12-17 11:30 - 02302976 _____ () C:\Users\mark\Documents\Contacts 12-17-14.pst
2014-12-17 11:28 - 2014-12-17 11:31 - 374596608 _____ () C:\Users\mark\Documents\Emails.pst
2014-12-17 08:35 - 2014-12-17 08:35 - 00000247 _____ () C:\Windows\system32\2014-12-17-13-35-11.080-aswFe.exe-7692.log
2014-12-17 08:27 - 2014-12-17 08:27 - 00000197 _____ () C:\Windows\system32\2014-12-17-13-27-14.097-AvastVBoxSVC.exe-8896.log
2014-12-16 14:55 - 2014-12-16 14:55 - 00000197 _____ () C:\Windows\system32\2014-12-16-19-55-49.096-AvastVBoxSVC.exe-7032.log
2014-12-16 08:23 - 2014-12-16 08:23 - 00000197 _____ () C:\Windows\system32\2014-12-16-13-23-26.072-AvastVBoxSVC.exe-6556.log
2014-12-16 07:00 - 2014-12-16 07:00 - 00000197 _____ () C:\Windows\system32\2014-12-16-12-00-21.078-AvastVBoxSVC.exe-6648.log
2014-12-15 23:38 - 2014-12-15 23:38 - 00000197 _____ () C:\Windows\system32\2014-12-16-04-38-17.025-AvastVBoxSVC.exe-5356.log
2014-12-15 21:46 - 2014-12-15 21:46 - 00000197 _____ () C:\Windows\system32\2014-12-16-02-46-39.031-AvastVBoxSVC.exe-1240.log
2014-12-15 10:13 - 2014-12-15 10:13 - 00000247 _____ () C:\Windows\system32\2014-12-15-15-13-42.003-aswFe.exe-9044.log
2014-12-15 09:33 - 2014-12-15 10:13 - 00000247 _____ () C:\Windows\system32\2014-12-15-14-33-01.009-aswFe.exe-7404.log
2014-12-15 09:32 - 2014-12-15 09:32 - 00000197 _____ () C:\Windows\system32\2014-12-15-14-32-33.090-AvastVBoxSVC.exe-10204.log
2014-12-15 08:22 - 2014-12-15 08:22 - 00000000 ____D () C:\Windows\pss
2014-12-14 17:21 - 2014-12-22 12:43 - 00458874 _____ () C:\Windows\PFRO.log
2014-12-14 17:01 - 2014-12-14 17:01 - 00030614 _____ () C:\Windows\system32\.crusader
2014-12-14 17:01 - 2014-12-14 17:01 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-12-14 16:59 - 2014-12-14 17:01 - 00019020 _____ () C:\Windows\system32\bootdelete.lst
2014-12-14 12:11 - 2014-12-14 17:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-14 10:40 - 2014-12-14 10:40 - 00000000 ____D () C:\Users\mark\WPDNSE
2014-12-13 22:27 - 2014-12-13 22:28 - 00000102 _____ () C:\Users\mark\JavaDeployReg.log
2014-12-13 22:27 - 2014-12-13 22:28 - 00000000 ____D () C:\Users\mark\hsperfdata_mark
2014-12-13 22:27 - 2014-12-13 22:27 - 00000456 _____ () C:\Users\mark\jusched.log
2014-12-13 20:26 - 2014-12-13 20:27 - 00000758 _____ () C:\Users\mark\RpT3A22.tmp
2014-12-13 19:12 - 2014-12-13 19:13 - 00000766 _____ () C:\Users\mark\RpT3ADD.tmp
2014-12-13 15:12 - 2014-12-14 09:23 - 00424746 _____ () C:\Users\mark\spa-vasscript-spd-upgrade-ie9.log
2014-12-13 15:12 - 2014-12-14 09:23 - 00270820 _____ () C:\Users\mark\windstream-vas-spd-patch.log
2014-12-13 15:12 - 2014-12-14 09:23 - 00177189 _____ () C:\Users\mark\windstream-vas-icu.log
2014-12-13 15:12 - 2014-12-14 09:23 - 00172375 _____ () C:\Users\mark\windstream-vas-psd.log
2014-12-13 15:12 - 2014-12-14 09:23 - 00124570 _____ () C:\Users\mark\spa-vas-ie.log
2014-12-13 15:12 - 2014-12-14 09:23 - 00105162 _____ () C:\Users\mark\windstream-vas-ie_toolbar.log
2014-12-13 15:12 - 2014-12-14 09:23 - 00075522 _____ () C:\Users\mark\windstream-vas-kidzui_browser.log
2014-12-13 14:04 - 2014-12-13 14:05 - 00000766 _____ () C:\Users\mark\RpT4191.tmp
2014-12-13 13:31 - 2014-12-13 13:32 - 00000766 _____ () C:\Users\mark\RpT6279.tmp
2014-12-13 12:44 - 2014-12-13 12:45 - 00000766 _____ () C:\Users\mark\RpT41DF.tmp
2014-12-13 12:36 - 2014-12-13 23:39 - 00000000 ____D () C:\Users\mark\msdt
2014-12-13 12:24 - 2014-12-14 09:23 - 00000887 _____ () C:\Users\mark\TWAIN.LOG
2014-12-13 12:24 - 2014-12-14 09:23 - 00000156 _____ () C:\Users\mark\Twunk001.MTX
2014-12-13 12:24 - 2014-12-14 09:23 - 00000003 _____ () C:\Users\mark\Twain001.Mtx
2014-12-13 12:24 - 2014-12-13 23:31 - 00011409 _____ () C:\Users\mark\AdobeARM.log
2014-12-13 12:24 - 2014-12-13 12:25 - 00000766 _____ () C:\Users\mark\RpT60E4.tmp
2014-12-13 12:24 - 2014-12-13 12:24 - 00000000 _____ () C:\Users\mark\Twunk002.MTX
2014-12-13 12:23 - 2014-12-14 09:24 - 00000000 ____D () C:\Windows\system32\_avast_
2014-12-13 12:23 - 2014-12-13 12:23 - 00000000 ____D () C:\Users\mark\Skype
2014-12-13 12:19 - 2014-12-13 12:20 - 00000000 ____D () C:\Users\mark\msdtadmin
2014-12-12 22:08 - 2014-12-12 22:16 - 00000000 ___DC () C:\Users\mark\AppData\Local\MigWiz
2014-12-12 21:45 - 2014-12-12 21:45 - 00000247 _____ () C:\Windows\system32\2014-12-13-02-45-18.037-aswFe.exe-11132.log
2014-12-12 21:44 - 2014-12-12 21:45 - 00000197 _____ () C:\Windows\system32\2014-12-13-02-44-56.044-AvastVBoxSVC.exe-10756.log
2014-12-12 20:58 - 2014-12-12 20:58 - 00000197 _____ () C:\Windows\system32\2014-12-13-01-58-20.062-AvastVBoxSVC.exe-5616.log
2014-12-12 20:53 - 2014-12-23 14:24 - 00003482 _____ () C:\Windows\setupact.log
2014-12-12 20:53 - 2014-12-12 20:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-12 20:02 - 2014-12-12 20:02 - 00000197 _____ () C:\Windows\system32\2014-12-13-01-02-17.096-AvastVBoxSVC.exe-6084.log
2014-12-12 19:23 - 2014-12-12 19:23 - 00004614 _____ () C:\Users\mark\Documents\cc 12-12-14 in safe mode.reg
2014-12-12 18:08 - 2014-12-12 18:09 - 00000197 _____ () C:\Windows\system32\2014-12-12-23-08-56.068-AvastVBoxSVC.exe-7608.log
2014-12-12 17:59 - 2014-12-12 17:59 - 00000197 _____ () C:\Windows\system32\2014-12-12-22-59-06.090-AvastVBoxSVC.exe-8940.log
2014-12-12 08:21 - 2014-12-12 08:21 - 00000197 _____ () C:\Windows\system32\2014-12-12-13-21-25.009-AvastVBoxSVC.exe-7472.log
2014-12-12 00:47 - 2014-12-12 00:47 - 00000000 ____D () C:\Users\mark\AppData\Roaming\TuneUp Software
2014-12-12 00:37 - 2014-12-23 14:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-12 00:35 - 2014-12-17 16:24 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-12 00:35 - 2014-12-12 00:47 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-12 00:35 - 2014-12-12 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-12 00:35 - 2014-12-12 00:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-12 00:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-12 00:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-12 00:16 - 2014-12-14 14:38 - 00000000 ____D () C:\Users\mark\AppData\Roaming\WildTangent
2014-12-12 00:16 - 2014-12-12 00:16 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-12-11 22:44 - 2014-12-18 23:24 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-11 22:44 - 2014-12-11 22:44 - 00000000 ____D () C:\Users\mark\AppData\Local\MFAData
2014-12-11 22:20 - 2014-12-11 22:20 - 00000197 _____ () C:\Windows\system32\2014-12-12-03-20-50.038-AvastVBoxSVC.exe-5572.log
2014-12-11 22:07 - 2014-12-11 22:07 - 00000197 _____ () C:\Windows\system32\2014-12-12-03-07-37.016-AvastVBoxSVC.exe-5408.log
2014-12-11 21:57 - 2014-12-11 21:57 - 00000632 __RSH () C:\Users\mark\ntuser.pol
2014-12-11 19:03 - 2014-12-11 19:03 - 00000197 _____ () C:\Windows\system32\2014-12-12-00-03-36.061-AvastVBoxSVC.exe-3444.log
2014-12-11 18:51 - 2014-12-11 18:51 - 00000197 _____ () C:\Windows\system32\2014-12-11-23-51-21.058-AvastVBoxSVC.exe-3240.log
2014-12-11 18:25 - 2014-12-11 18:25 - 00000197 _____ () C:\Windows\system32\2014-12-11-23-25-38.064-AvastVBoxSVC.exe-6364.log
2014-12-11 17:41 - 2014-12-11 17:41 - 00000197 _____ () C:\Windows\system32\2014-12-11-22-41-40.030-AvastVBoxSVC.exe-4316.log
2014-12-10 16:08 - 2014-12-10 16:08 - 00000197 _____ () C:\Windows\system32\2014-12-10-21-08-23.094-AvastVBoxSVC.exe-3364.log
2014-12-10 16:04 - 2014-12-10 16:04 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 14:53 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 14:53 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 14:53 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 14:53 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 14:53 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 14:53 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 14:53 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 14:53 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 14:53 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 14:53 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 08:48 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 08:48 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 08:48 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 08:48 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 08:48 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 08:48 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 08:48 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 08:48 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 08:47 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 08:47 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 08:47 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 08:47 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 08:47 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 08:47 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 08:47 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 08:47 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 08:47 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 08:47 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 08:47 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 08:47 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 08:47 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 08:47 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 08:47 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 08:47 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 08:47 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 08:47 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 08:47 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 08:47 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 08:47 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 08:47 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 08:47 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 08:47 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 08:47 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 08:47 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 08:47 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 08:47 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 08:47 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 08:47 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 08:47 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 08:47 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 08:47 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 08:47 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 08:47 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 08:47 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 08:47 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 08:47 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 08:47 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 08:47 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 08:47 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 08:47 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 08:47 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 08:47 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 08:47 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 08:47 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 08:47 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 08:47 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 08:47 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 08:47 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 08:47 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 08:47 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 08:47 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 08:47 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 08:47 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 08:47 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 08:47 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 08:44 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 08:44 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 08:44 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 08:44 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 08:44 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 08:44 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 08:44 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 08:44 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 08:44 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 08:44 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 08:44 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 08:44 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 08:44 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 08:44 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 09:23 - 2014-12-09 09:23 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-23-24.049-AvastVBoxSVC.exe-3108.log
2014-12-08 08:57 - 2014-12-08 08:57 - 00123210 _____ () C:\Users\mark\Documents\cc backup 12-8-14.reg
2014-12-08 07:35 - 2014-12-08 07:36 - 00000197 _____ () C:\Windows\system32\2014-12-08-12-35-58.070-AvastVBoxSVC.exe-4716.log
2014-12-01 08:50 - 2014-12-01 08:50 - 00000247 _____ () C:\Windows\system32\2014-12-01-13-50-04.042-aswFe.exe-5300.log
2014-12-01 08:38 - 2014-12-01 08:49 - 00000247 _____ () C:\Windows\system32\2014-12-01-13-38-29.050-aswFe.exe-8380.log
2014-12-01 08:38 - 2014-12-01 08:38 - 00000197 _____ () C:\Windows\system32\2014-12-01-13-38-17.073-AvastVBoxSVC.exe-1072.log
2014-11-27 17:52 - 2014-11-27 17:52 - 00014188 _____ () C:\Users\mark\Documents\cc back up 11-27-14.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 11:27 - 2011-10-09 18:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 11:27 - 2011-07-07 00:06 - 01912681 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 10:10 - 2012-03-21 21:34 - 00000000 ____D () C:\Users\mark\Documents\contacts 3-21-12
2014-12-24 10:10 - 2011-10-08 10:30 - 00000000 ____D () C:\Users\mark\Documents\Outlook Files
2014-12-24 10:08 - 2013-09-03 16:38 - 00000000 ____D () C:\ProgramData\Radialpoint
2014-12-24 09:48 - 2011-10-09 18:27 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 14:45 - 2013-11-09 11:42 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Samsung
2014-12-23 14:45 - 2013-11-09 11:42 - 00000000 ____D () C:\Users\mark\AppData\Local\Samsung
2014-12-23 14:45 - 2013-11-09 11:38 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-23 14:44 - 2013-11-09 11:38 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-23 14:44 - 2011-04-08 04:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-23 14:33 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 14:33 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 14:25 - 2011-07-07 00:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-23 14:25 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 13:33 - 2014-01-30 16:21 - 00000000 ____D () C:\ProgramData\dppjabhhhmickgahdgbjanebccpfcede
2014-12-22 19:16 - 2013-09-03 16:38 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Radialpoint
2014-12-22 17:48 - 2011-10-08 11:25 - 00000000 ____D () C:\Users\mark\AppData\Local\CrashDumps
2014-12-22 15:06 - 2014-10-31 07:49 - 00001380 _____ () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-22 13:10 - 2013-07-12 12:39 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Compete
2014-12-22 12:45 - 2014-09-10 07:04 - 00069120 ___SH () C:\Users\mark\Desktop\Thumbs.db
2014-12-22 12:43 - 2011-10-09 18:28 - 00000000 ____D () C:\Program Files\Google
2014-12-22 12:43 - 2011-10-09 18:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-22 12:16 - 2011-10-08 07:54 - 00000000 ____D () C:\Users\mark
2014-12-22 10:58 - 2011-10-09 18:28 - 00000000 ____D () C:\ProgramData\Google
2014-12-22 10:58 - 2011-10-09 11:21 - 00000000 ____D () C:\Users\mark\AppData\Local\Google
2014-12-22 09:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-21 23:47 - 2014-08-18 07:38 - 00000000 ____D () C:\Users\mark\AppData\Local\Adobe
2014-12-21 10:45 - 2014-04-15 15:29 - 00000000 ____D () C:\Users\mark\AppData\Roaming\IDM2
2014-12-20 20:54 - 2014-09-20 12:14 - 00148992 ___SH () C:\Users\mark\Documents\Thumbs.db
2014-12-20 20:51 - 2013-05-12 19:36 - 00000000 ____D () C:\Users\mark\Documents\Google mother's day_files
2014-12-20 20:40 - 2014-05-07 18:36 - 00000000 ____D () C:\Program Files\Java
2014-12-20 19:15 - 2014-05-07 18:38 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-20 19:15 - 2014-05-07 18:38 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-20 12:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-19 18:21 - 2011-04-08 04:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-18 14:32 - 2012-06-27 21:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-17 17:31 - 2011-10-09 18:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-17 11:36 - 2012-03-22 09:16 - 00038445 _____ () C:\Users\mark\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-12-17 09:55 - 2009-07-14 00:13 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-15 23:11 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-15 23:11 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-12-15 23:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-15 08:39 - 2014-07-01 19:36 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Skype
2014-12-14 14:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-14 14:38 - 2013-11-29 13:26 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zedge Europe AS
2014-12-14 14:38 - 2013-07-19 13:31 - 00000000 ____D () C:\Users\mark\AppData\Local\Unity
2014-12-14 14:38 - 2012-04-17 21:22 - 00000000 ____D () C:\Users\Public\CyberLink
2014-12-14 14:38 - 2011-12-16 16:05 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Garmin
2014-12-14 14:38 - 2011-10-20 08:16 - 00000000 ____D () C:\Users\mark\AppData\Roaming\FLEXnet
2014-12-14 14:38 - 2011-10-08 11:14 - 00000000 ____D () C:\Users\mark\Documents\Fax
2014-12-14 14:38 - 2011-10-08 11:06 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Epson
2014-12-14 14:38 - 2011-10-08 07:55 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Macromedia
2014-12-14 14:38 - 2011-10-08 07:55 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Adobe
2014-12-14 14:38 - 2011-10-08 07:54 - 00000000 ___RD () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-14 14:38 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-14 14:38 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-12-14 14:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME
2014-12-14 14:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-12-14 14:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization
2014-12-14 14:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-12-14 14:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-14 12:02 - 2011-10-08 07:55 - 00109296 _____ () C:\Users\mark\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-12 19:53 - 2013-12-03 12:17 - 00799604 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-12 08:16 - 2009-07-14 00:08 - 00032570 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-12 00:16 - 2011-04-08 04:43 - 00000000 ____D () C:\ProgramData\WildTangent
2014-12-12 00:16 - 2011-04-08 04:43 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-12-12 00:14 - 2011-04-08 04:43 - 00002654 ____N () C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
2014-12-11 22:30 - 2012-04-01 15:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 16:04 - 2014-05-02 10:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 16:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 14:59 - 2011-10-08 10:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 14:57 - 2013-07-16 10:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-02 17:08 - 2013-09-22 18:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-27 17:46 - 2014-09-22 07:08 - 00000000 ___RD () C:\Users\mark\iCloudDrive
2014-11-27 17:45 - 2011-10-08 09:49 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Apple Computer
2014-11-27 17:43 - 2014-10-20 06:50 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-27 17:29 - 2013-01-21 16:34 - 00000000 ____D () C:\ProgramData\Apple
2014-11-27 17:26 - 2014-09-22 07:09 - 00000000 ____D () C:\Users\mark\AppData\Local\EDC33C45-CEA5-4A6E-9ADF-E0D28B3F454B.aplzod
2014-11-27 16:40 - 2011-11-13 14:31 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\mark\AppData\Local\Temp\HitmanPro.exe
C:\Users\mark\AppData\Local\Temp\Quarantine.exe
C:\Users\mark\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-20 11:53

==================== End Of Log ============================

#8 bbhudd

bbhudd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 24 December 2014 - 11:38 AM

here is other
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2014
Ran by mark at 2014-12-24 11:32:27
Running from C:\Users\mark\Desktop\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elevated Installer (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version: - )
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version: - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}) (Version: 2.1.13 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3003 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-683287437-1384959086-100506706-1001\...\MyFreeCodec) (Version: - )
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
NVIDIA Graphics Driver 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.85 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6785 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-683287437-1384959086-100506706-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
ToneSync for Windows (HKU\S-1-5-21-683287437-1384959086-100506706-1001\...\c2c9648a374f64d1) (Version: 1.2.3.309 - Zedge Europe AS)
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-683287437-1384959086-100506706-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3102 - Gateway Incorporated)
WildTangent Games App (Gateway Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windstream Diagnostic Tools 3.0.21 (x32 Version: 3.0.21 - Windstream) Hidden
Windstream Service Agent 4.1.15 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.15 - Windstream)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

21-10-2014 07:13:17 Windows Update
24-10-2014 07:36:28 Windows Update
28-10-2014 07:53:04 Windows Update
31-10-2014 07:30:18 Windows Modules Installer
31-10-2014 07:38:41 Windows Modules Installer
31-10-2014 10:13:01 avast! antivirus system restore point
04-11-2014 07:42:44 Windows Update
05-11-2014 10:13:48 Windows Backup
07-11-2014 10:43:52 Windows Update
10-11-2014 09:28:09 Windows Backup
11-11-2014 02:19:34 Windows Update
12-11-2014 03:00:20 Windows Update
17-11-2014 01:05:22 Windows Backup
18-11-2014 01:07:56 Windows Update
19-11-2014 03:00:12 Windows Update
24-11-2014 02:43:09 Windows Backup
25-11-2014 00:49:13 Windows Update
27-11-2014 17:27:37 Removed Apple Mobile Device Support
27-11-2014 17:28:30 Removed Apple Application Support
27-11-2014 17:36:50 Removed iTunes
27-11-2014 17:38:26 Removed iTunes
27-11-2014 17:39:01 Removed iTunes
29-11-2014 19:46:54 Windows Update
01-12-2014 08:14:19 avast! antivirus system restore point
01-12-2014 08:27:46 Windows Backup
05-12-2014 05:08:27 Windows Update
09-12-2014 09:12:47 Windows Update
10-12-2014 14:51:49 Windows Update
11-12-2014 18:15:42 Removed Adobe Reader XI (11.0.10).
11-12-2014 18:30:35 Removed Adobe Reader XI (11.0.10).
11-12-2014 18:56:28 Windows Modules Installer
11-12-2014 18:57:40 Windows Modules Installer
11-12-2014 19:20:08 Windows Update
11-12-2014 23:55:00 Installed AVG 2015
11-12-2014 23:56:49 Installed AVG 2015
12-12-2014 21:01:51 Windows Backup
12-12-2014 22:07:27 Windows Backup
12-12-2014 22:18:23 Windows Backup
13-12-2014 09:30:36 Restore Operation
13-12-2014 11:04:06 Tuneup Pro Sat, Dec 13, 14 11:04
14-12-2014 12:03:22 avast! antivirus system restore point
14-12-2014 16:57:15 Checkpoint by HitmanPro
14-12-2014 16:58:54 Checkpoint by HitmanPro
15-12-2014 18:22:51 Windows Modules Installer
16-12-2014 17:21:16 Windows Update
17-12-2014 08:02:31 Windows Backup
17-12-2014 08:05:43 Windows Backup
17-12-2014 10:01:14 Windows Backup
17-12-2014 10:06:39 Windows Backup
17-12-2014 17:14:00 avast! antivirus system restore point
17-12-2014 17:30:39 avast! antivirus system restore point
18-12-2014 00:04:18 Windows Update
18-12-2014 14:23:53 Removed Java 8 Update 25
18-12-2014 14:25:43 Removed Java 7 Update 60
18-12-2014 14:26:45 Removed Java SE Development Kit 8 Update 5 (64-bit)
18-12-2014 14:29:50 Removed Java 7 Update 67 (64-bit)
18-12-2014 14:31:17 Removed Java 7 Update 60
18-12-2014 23:16:45 Removed AVG 2015
18-12-2014 23:21:36 Removed AVG 2015
19-12-2014 18:01:52 Removed Adobe Reader XI (11.0.10).
20-12-2014 19:06:48 Removed Java 8 Update 25 (64-bit)
20-12-2014 20:40:13 Installed Java 7 Update 72 (64-bit)
22-12-2014 14:06:41 Windows Update
23-12-2014 14:41:29 Removed Samsung Kies

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C225615-B968-497D-8BEE-00BC2B5B05B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-21] (Adobe Systems Incorporated)
Task: {16787542-8ED8-46D1-B53C-B4F942A5477F} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {1FBCF778-3DA6-467C-93B5-9C250E4940B9} - System32\Tasks\{EFAD2A1A-E4ED-4FBA-9891-04563B9C9164} => pcalua.exe -a "C:\Users\mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVPL8UON\epson13793.exe" -d C:\Users\mark\Desktop
Task: {28B0B92C-F401-492C-8312-2DCB2FF3FFD6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2D94A95A-0244-4317-8A51-53A314FAAB9A} - \Tuneup Pro_UPDATES No Task File <==== ATTENTION
Task: {4CAA4709-70DB-495B-A336-F85C6A1E6B63} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {71F7D0EF-B3B8-44E0-AD36-6F68AF603A33} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {72296E40-04A3-4272-BEF5-6479E420B09F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-09] (Google Inc.)
Task: {A49BDC30-68D4-414E-A4C5-9F8CA229C94C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-09] (Google Inc.)
Task: {C4D57080-ABDD-4053-B362-52259B1C6083} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C4F91C73-C664-4952-A73E-157E3283AC95} - \Advanced-System Protector_startup No Task File <==== ATTENTION
Task: {CBD54441-994C-4B45-B1B5-68C2AEEF0876} - \Tuneup Pro_DEFAULT No Task File <==== ATTENTION
Task: {EDE45681-6701-4B32-957A-A1F0565A8954} - \Tuneup Pro No Task File <==== ATTENTION
Task: {EE389F3A-3323-4BFD-986E-F1A3CBB399D3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-17] (AVAST Software)
Task: {F422FE66-717D-4E5C-BAA3-CDE604416A0E} - System32\Tasks\{670C4038-B907-4C1C-9F10-63A3E5F0389D} => Firefox.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-01-18 20:08 - 2011-01-18 20:08 - 00620136 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
2014-12-17 17:38 - 2014-12-17 17:38 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-17 17:38 - 2014-12-17 17:38 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-22 13:25 - 2014-12-22 13:25 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122201\algo.dll
2014-12-17 17:38 - 2014-12-17 17:38 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-24 08:18 - 2014-12-24 08:18 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122400\algo.dll
2014-12-17 17:38 - 2014-12-17 17:38 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-01-18 20:08 - 2011-01-18 20:08 - 00151656 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
2014-10-17 05:35 - 2014-10-17 05:35 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-04-08 04:33 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\mark\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\qengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG-Secure-Search-Update_1014av => C:\Users\mark\AppData\Roaming\Avg_Update_1014av\AVG-Secure-Search-Update_1014av.exe /PROMPT /mid=78af3f4eb7b347cda6e33120d3542ca8-65a27e3eec4152847791d0b88578c678936f63f4 /CMPID=1014av
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LTCM Client => C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-683287437-1384959086-100506706-500 - Administrator - Disabled)
Guest (S-1-5-21-683287437-1384959086-100506706-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-683287437-1384959086-100506706-1003 - Limited - Enabled)
mark (S-1-5-21-683287437-1384959086-100506706-1001 - Administrator - Enabled) => C:\Users\mark
UpdatusUser (S-1-5-21-683287437-1384959086-100506706-1000 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2014 09:59:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 688

Start Time: 01d01f8a20259571

Termination Time: 94

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/24/2014 09:58:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a9c

Start Time: 01d01f7c24861230

Termination Time: 94

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/22/2014 07:35:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/22/2014 05:48:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x3a3f13c0
Faulting process id: 0x2de8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/22/2014 05:48:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x3a3f13c0
Faulting process id: 0x2de8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/22/2014 05:38:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1240

Start Time: 01d01e2ec5342553

Termination Time: 65

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/22/2014 00:05:20 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Files (x86)\Windows Live\Installer\wlarp.exe" ; Description = Windows Live Essentials; Error = 0x8007043c).

Error: (12/22/2014 00:05:08 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Files (x86)\Windows Live\Installer\wlarp.exe" ; Description = Windows Live Essentials; Error = 0x8007043c).

Error: (12/21/2014 11:27:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x546fdf97
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x0000000000002853
Faulting process id: 0x11c4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/21/2014 03:26:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (12/24/2014 11:29:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/24/2014 11:27:31 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/24/2014 11:27:31 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/24/2014 11:27:28 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/24/2014 11:27:28 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/24/2014 11:27:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/24/2014 11:27:26 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/24/2014 11:27:15 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/24/2014 10:13:11 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/24/2014 10:06:30 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (12/24/2014 09:59:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1749668801d01f8a2025957194C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (12/24/2014 09:58:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174961a9c01d01f7c2486123094C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (12/22/2014 07:35:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (12/22/2014 05:48:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c000041d3a3f13c02de801d01e380a18bad3C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknowna0f582d2-8a2c-11e4-aa0e-e06995b0c55b

Error: (12/22/2014 05:48:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c00000053a3f13c02de801d01e380a18bad3C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown9d767d6b-8a2c-11e4-aa0e-e06995b0c55b

Error: (12/22/2014 05:38:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17496124001d01e2ec534255365C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (12/22/2014 00:05:20 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Files (x86)\Windows Live\Installer\wlarp.exe" Windows Live Essentials0x8007043c

Error: (12/22/2014 00:05:08 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Files (x86)\Windows Live\Installer\wlarp.exe" Windows Live Essentials0x8007043c

Error: (12/21/2014 11:27:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17496546fdf97msvcrt.dll7.0.7601.177444eeb033fc0000005000000000000285311c401d01d9f287a2b8dC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\msvcrt.dllca090689-8992-11e4-bb50-e06995b0c55b

Error: (12/21/2014 03:26:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8174.5 MB
Available physical RAM: 6139.28 MB
Total Pagefile: 16347.17 MB
Available Pagefile: 13233.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:1383.17 GB) (Free:1003.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: F73529AB)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1383.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:23 PM

Posted 24 December 2014 - 01:46 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-683287437-1384959086-100506706-1000\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-683287437-1384959086-100506706-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-683287437-1384959086-100506706-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @ei.MyFunCards_5m.com/Plugin -> C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (YTubEAdsRemiover) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppjabhhhmickgahdgbjanebccpfcede [2014-02-05]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdhpdbpfbhldhmpiieanhcppmjipjpg [2014-01-01]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcfmnapblmdaikmppaoghkjhkncgkagb [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommimhojfpakldnehbnpnkjhbegmkmpn [2014-06-02]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjfkgkcnnljaalbnlinlngmabdbfcjp [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-17]
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Task: {2D94A95A-0244-4317-8A51-53A314FAAB9A} - \Tuneup Pro_UPDATES No Task File <==== ATTENTION
Task: {C4F91C73-C664-4952-A73E-157E3283AC95} - \Advanced-System Protector_startup No Task File <==== ATTENTION
Task: {CBD54441-994C-4B45-B1B5-68C2AEEF0876} - \Tuneup Pro_DEFAULT No Task File <==== ATTENTION
Task: {EDE45681-6701-4B32-957A-A1F0565A8954} - \Tuneup Pro No Task File <==== ATTENTION
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppjabhhhmickgahdgbjanebccpfcede [2014-02-05]
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdhpdbpfbhldhmpiieanhcppmjipjpg [2014-01-01]
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcfmnapblmdaikmppaoghkjhkncgkagb [2014-04-14]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommimhojfpakldnehbnpnkjhbegmkmpn [2014-06-02]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjfkgkcnnljaalbnlinlngmabdbfcjp [2014-05-27]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#10 bbhudd

bbhudd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 24 December 2014 - 03:36 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-12-2014
Ran by mark at 2014-12-24 15:27:56 Run:1
Running from C:\Users\mark\Desktop
Loaded Profile: mark (Available profiles: mark)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-683287437-1384959086-100506706-1000\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-683287437-1384959086-100506706-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-683287437-1384959086-100506706-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @ei.MyFunCards_5m.com/Plugin -> C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (YTubEAdsRemiover) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppjabhhhmickgahdgbjanebccpfcede [2014-02-05]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdhpdbpfbhldhmpiieanhcppmjipjpg [2014-01-01]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcfmnapblmdaikmppaoghkjhkncgkagb [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommimhojfpakldnehbnpnkjhbegmkmpn [2014-06-02]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjfkgkcnnljaalbnlinlngmabdbfcjp [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-17]
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Task: {2D94A95A-0244-4317-8A51-53A314FAAB9A} - \Tuneup Pro_UPDATES No Task File <==== ATTENTION
Task: {C4F91C73-C664-4952-A73E-157E3283AC95} - \Advanced-System Protector_startup No Task File <==== ATTENTION
Task: {CBD54441-994C-4B45-B1B5-68C2AEEF0876} - \Tuneup Pro_DEFAULT No Task File <==== ATTENTION
Task: {EDE45681-6701-4B32-957A-A1F0565A8954} - \Tuneup Pro No Task File <==== ATTENTION
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppjabhhhmickgahdgbjanebccpfcede [2014-02-05]
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdhpdbpfbhldhmpiieanhcppmjipjpg [2014-01-01]
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcfmnapblmdaikmppaoghkjhkncgkagb [2014-04-14]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommimhojfpakldnehbnpnkjhbegmkmpn [2014-06-02]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjfkgkcnnljaalbnlinlngmabdbfcjp [2014-05-27]

End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-683287437-1384959086-100506706-1000\User => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-683287437-1384959086-100506706-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-683287437-1384959086-100506706-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@ei.MyFunCards_5m.com/Plugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppjabhhhmickgahdgbjanebccpfcede => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdhpdbpfbhldhmpiieanhcppmjipjpg => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcfmnapblmdaikmppaoghkjhkncgkagb => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommimhojfpakldnehbnpnkjhbegmkmpn => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjfkgkcnnljaalbnlinlngmabdbfcjp => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D94A95A-0244-4317-8A51-53A314FAAB9A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D94A95A-0244-4317-8A51-53A314FAAB9A}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tuneup Pro_UPDATES => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4F91C73-C664-4952-A73E-157E3283AC95}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4F91C73-C664-4952-A73E-157E3283AC95}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced-System Protector_startup => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBD54441-994C-4B45-B1B5-68C2AEEF0876}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBD54441-994C-4B45-B1B5-68C2AEEF0876}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tuneup Pro_DEFAULT => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EDE45681-6701-4B32-957A-A1F0565A8954}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDE45681-6701-4B32-957A-A1F0565A8954}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tuneup Pro => Key not found.
"C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppjabhhhmickgahdgbjanebccpfcede [2014-02-05]" => File/Directory not found.
"C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdhpdbpfbhldhmpiieanhcppmjipjpg [2014-01-01]" => File/Directory not found.
"C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcfmnapblmdaikmppaoghkjhkncgkagb [2014-04-14]" => File/Directory not found.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommimhojfpakldnehbnpnkjhbegmkmpn directory not found.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjfkgkcnnljaalbnlinlngmabdbfcjp directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-24 15:31:31)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => File could not move.

==== End of Fixlog 15:31:31 ====

#11 bbhudd

bbhudd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 24 December 2014 - 05:20 PM

here is the second program log

Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Adobe Reader XI
Google Chrome 17.0.963.56 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:23 PM

Posted 25 December 2014 - 09:03 AM

Looking good.

If JAVA is not installed you will see the error.
Nothing to worry about. If you do not need it do not install it.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 bbhudd

bbhudd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 26 December 2014 - 03:49 PM

this popped up while checking an online
Internet Explorer has stopped working.
Problem Event Name: APPCRASH
Application Name: IEXPLORE.EXE
Application Version: 11.0.9600.17496
Application Timestamp: 546fddcc
Fault Module Name: StackHash_07b5
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Code: c000041d
Exception Offset: 08870d20
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Additional Information 1: 07b5
Additional Information 2: 07b56dcd02bd28c43b279c4a2844a3ea
Additional Information 3: 1a77
Additional Information 4: 1a77c0b385c85642f4c5fb04083f5b8e

Is it just a juno email thing?

#14 bbhudd

bbhudd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 26 December 2014 - 03:50 PM

So I didn't respond yesterday, was not aware anyone would be working on Christmas Day. I hope you had a good Christmas.

So do I need to do anything else to my system?

#15 bbhudd

bbhudd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:23 PM

Posted 26 December 2014 - 06:42 PM

it seems to take longer to boot up or restart the computer. Is that normal after all this mess?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users