Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus help


  • This topic is locked This topic is locked
11 replies to this topic

#1 downtown1

downtown1

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 02 February 2015 - 02:51 PM

I have a laptop and something has blocked me from using any browsers and the system will not complete the "restore" function. I have tried several different restore points. I use the "Avast Internet Security". Does anyone have any suggestions on how to bring my wifes laptop back to life?


Mod Edit: Moved to MRT ~~ boopme

Edited by boopme, 02 February 2015 - 07:42 PM.


BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:57 PM

Posted 03 February 2015 - 11:26 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
  • My Help is completely free of charge!
    Just if you like to donate me some money you can do it and I'd appreciate it. :)
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 downtown1

downtown1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 February 2015 - 07:50 PM

Here are the two files first "Additions" next "FRST"

 

Thank you in advance and if we can get this fixed I will gladly contribute to you.

Gary

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Lori at 2015-02-03 18:34:29
Running from E:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
7400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Game Console (x32 Version:  - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barnes & Noble Desktop Reader (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.21 - Barnesandnoble.com)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.01.000.18 - Atheros Communications)
BodyMedia SYNC (HKLM-x32\...\InstallShield_{870BCBB7-1A28-4369-8327-466BD12D7E9D}) (Version: 2.0.5.90 - BodyMedia, Inc.)
BodyMedia SYNC (x32 Version: 2.0.5.90 - BodyMedia, Inc.) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-J4710DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Brother P-touch Editor 5.0 (HKLM-x32\...\{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2101 - Brother Industries, Ltd.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
FontMSI (HKLM-x32\...\{ABB47A07-3209-42CE-9260-7BAC030CC6CA}) (Version: 1.00.0000 - AB)
GasGlance Toolbar (HKLM-x32\...\GasGlance_5ibar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 4.8.0.721 (HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\GoToMeeting) (Version: 4.8.0.721 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Linksys Dual-Band Wireless-N USB Network Adapter (HKLM-x32\...\InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}) (Version: 1.0.0.1 - Linksys)
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter (x32 Version: 1.0.0.1 - Linksys) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MasterCook 11 (HKLM-x32\...\{25CA5771-2536-4D47-A12F-E9AF3B5ADB81}) (Version: 1.00.0000 - Valusoft)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7916 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARDR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.2.10 - Prolific Technology INC)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickBooks Premier: Mfg and Whsle Edition 2007 (HKLM-x32\...\{7E545666-F436-45FD-B3DF-C0B99A1A579F}) (Version:  - )
QuickBooks Product Listing Service (HKLM-x32\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken WillMaker Plus 2013 (HKLM-x32\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1548 - Memeo Inc.)
Serif PagePlus X4 (HKLM-x32\...\{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}) (Version: 14.0.5.027 - Serif (Europe) Ltd)
Serif PagePlus X4 Resources (HKLM-x32\...\{A93EC091-461F-46EE-BAE1-327EB608AA60}) (Version: 14.0.1.010 - Serif (Europe) Ltd)
Serif PagePlus X5 (HKLM-x32\...\{371C9583-5174-4CF8-B10D-D4C3AA7E8CD0}) (Version: 15.0.5.030 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.1.0 - ShopAtHome.com) <==== ATTENTION
Shopping App by Ask (HKLM-x32\...\{4F524A2D-5354-2D53-5045-A758B70C1801}) (Version: 12.24.1.53 - APN, LLC)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.2.14.0 - SpeedyPC Software) <==== ATTENTION
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BF}) (Version: 15.0.9327 - WinZip Computing, S.L. )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\721\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points  =========================
 
09-10-2014 12:58:45 Windows Update
20-10-2014 10:55:24 Installed HP Update.
20-10-2014 11:28:53 Windows Update
09-11-2014 20:47:41 Windows Update
21-11-2014 08:56:02 avast! antivirus system restore point
21-11-2014 09:04:45 Device Driver Package Install: Avast Network Service
21-11-2014 10:01:41 Removed Java 8 Update 25
01-12-2014 22:49:27 Removed High Impact eMail 5
01-12-2014 22:51:37 Removed High Impact eMail 5
01-12-2014 22:57:32 Removed Norton Online Backup
07-12-2014 10:48:04 Windows Update
08-01-2015 20:15:58 SpeedyPC Pro Backup
08-01-2015 21:23:13 SpeedyPC Pro Backup
10-01-2015 08:10:22 SpeedyPC Pro Backup
21-01-2015 19:18:03 SpeedyPC Pro Backup
24-01-2015 09:32:34 SpeedyPC Pro Backup
28-01-2015 08:40:43 SpeedyPC Pro Backup
29-01-2015 10:29:17 Windows Update
31-01-2015 09:21:46 SpeedyPC Pro Backup
31-01-2015 10:26:14 Installed HP Support Solutions Framework
31-01-2015 12:14:50 Windows Update
31-01-2015 13:08:52 Windows Update
31-01-2015 13:21:24 Windows Update
31-01-2015 21:23:06 Restore Operation
31-01-2015 21:43:11 avast! antivirus system restore point
31-01-2015 21:52:48 Restore Operation
31-01-2015 23:29:31 avast! antivirus system restore point
31-01-2015 23:45:02 Device Driver Package Install: Avast Network Service
01-02-2015 00:01:41 SpeedyPC Pro Backup
01-02-2015 00:39:05 SpeedyPC Pro Backup
01-02-2015 15:44:20 Restore Operation
01-02-2015 16:06:30 avast! antivirus system restore point
01-02-2015 16:16:03 Device Driver Package Install: Avast Network Service
01-02-2015 16:26:43 Restore Operation
01-02-2015 16:55:32 avast! antivirus system restore point
03-02-2015 17:43:58 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {030B336F-F634-4721-A25F-7DDFEA81A1B4} - System32\Tasks\{05C7EABF-394C-414B-8D15-B8401FFA398A} => pcalua.exe -a D:\setup.exe -d D:\
Task: {05E4DE3F-AD3E-4743-98A4-C4BE378D42E2} - System32\Tasks\{425B5FBC-6F14-4596-9E9D-E5F18B922F87} => pcalua.exe -a C:\Users\Lori\Downloads\vpsupd.exe -d C:\Users\Lori\Downloads
Task: {1A9CD2E2-3373-41C5-86F2-752AAF3CC3C7} - \{480015DE-B335-4D11-A7A0-F514A544D940} No Task File <==== ATTENTION
Task: {1F2043C7-5947-43D3-A3E9-455CE9218299} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {66C1100D-E70E-4349-AFCE-D28743927836} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {67C198EE-2918-429F-B332-C161A2970B50} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {96A981DB-89AE-4231-AC44-CFBF1817F936} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {CE1D09EA-23C2-49F9-B747-7D2A7EDD82BC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {D8371184-1656-4AC6-BEA7-3BB3F9FC9341} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {DDC73336-0559-4481-B9BD-D2DC41889292} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-24 21:57 - 2005-04-21 22:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-06 09:16 - 2011-04-06 09:16 - 00325344 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2014-07-06 08:35 - 2014-07-06 08:35 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2010-06-28 16:20 - 2010-06-28 16:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 16:12 - 2010-06-28 16:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-07-25 00:10 - 2009-05-20 00:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-07-06 08:35 - 2014-07-06 08:35 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2011-11-03 12:09 - 2011-11-03 12:09 - 00102912 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-11-03 12:10 - 2011-11-03 12:10 - 00025600 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2011-11-03 12:10 - 2011-11-03 12:10 - 00015360 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll
2011-11-03 12:10 - 2011-11-03 12:10 - 00014848 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll
2014-04-24 21:56 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-07-20 02:31 - 2010-04-13 10:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2011-04-06 09:16 - 2011-04-06 09:16 - 02896608 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2011-04-06 09:16 - 2011-04-06 09:16 - 00027360 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 16:59 - 2010-03-22 16:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2010-03-22 16:57 - 2010-03-22 16:57 - 00178176 _____ () C:\Program Files (x86)\Common Files\Memeo\ProfMan.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-04-20 11:22 - 2010-04-20 11:22 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2010-04-20 11:22 - 2010-04-20 11:22 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
2014-10-02 09:38 - 2014-09-05 10:55 - 00132808 _____ () C:\Users\Lori\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\Lori\Documents\31 FR flyer.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31 FR flyer.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\31 FR flyerJD.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31 FR flyerJD.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\31 Holiday OPEN HOUSE1.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31 Holiday OPEN HOUSE1.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\31 juvenile Diabetes ad.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31 juvenile Diabetes ad.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\31 open house holiday test.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31 open house holiday test.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\31 Womens Center ad.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31 Womens Center ad.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\31FR form.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31FR form.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\corvette club.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\corvette club.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\lori's pages.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\lori's pages.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\Open House 0812.1.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\Open House 0812.1.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\Open House 0812.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\Open House 0812.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\sept2013-order-form1.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\sept2013-order-form1.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\sj enter to win.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\sj enter to win.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\SJ Giveaway card.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\SJ Giveaway card.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\sj kids korner.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\sj kids korner.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\sj sterling silver.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\sj sterling silver.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\ThermalToteSale.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\ThermalToteSale.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\ThermalToteSaleFR.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\ThermalToteSaleFR.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\Documents\31 FALL OPEN HOUSE 1.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Public\Documents\31 FALL OPEN HOUSE 1.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\Documents\31 Holiday OPEN HOUSE.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Public\Documents\31 Holiday OPEN HOUSE.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52267103.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52267103.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1565987645-4242153639-3628463870-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1565987645-4242153639-3628463870-1002 - Limited - Enabled)
Gary (S-1-5-21-1565987645-4242153639-3628463870-1027 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-1565987645-4242153639-3628463870-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1565987645-4242153639-3628463870-1004 - Limited - Enabled)
Lori (S-1-5-21-1565987645-4242153639-3628463870-1000 - Administrator - Enabled) => C:\Users\Lori
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VBoxAsw Support Driver
Description: VBoxAsw Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VBoxAswDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet 400 M401n
Description: HP LaserJet 400 M401n
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/03/2015 06:26:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.111, time stamp: 0x5447163b
Faulting module name: chrome.dll, version: 38.0.2125.111, time stamp: 0x54471342
Exception code: 0x80000003
Fault offset: 0x004dc123
Faulting process id: 0x15e0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (02/03/2015 06:25:54 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Alwil Software\Avast5\setup\instup.exe Files\Alwil Software\Avast5\setup\instup.exe" /instop:repair; Description = avast! antivirus system restore point; Error = 0x81000101).
 
Error: (02/03/2015 06:19:17 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Device Driver Package Install: Avast Network Service). Additional information: 0x80070005.
 
Error: (02/03/2015 06:16:32 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Fatal error: Can't open and lock privilege tables: Table 'mysql.host' doesn't exist
 
For more information, see Help and Support Center at http://www.mysql.com.
 
Error: (02/03/2015 06:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528.
 
Error: (02/03/2015 06:15:54 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1236) Catalog Database: Error -1811 occurred while opening logfile C:\Windows\system32\CatRoot2\edb005F9.log.
 
Error: (02/03/2015 05:14:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x858
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (02/03/2015 05:12:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0xd7c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (02/03/2015 05:12:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x158c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (02/03/2015 05:11:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x1bb4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
 
System errors:
=============
Error: (02/03/2015 06:17:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MySQL service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/03/2015 06:17:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%2
 
Error: (02/03/2015 06:15:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: 
%%2
 
Error: (02/03/2015 06:15:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%2
 
Error: (02/03/2015 06:15:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
%%2
 
Error: (02/03/2015 06:15:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Coupon Printer Service service failed to start due to the following error: 
%%2
 
Error: (02/03/2015 06:15:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Audio service hung on starting.
 
Error: (02/03/2015 06:13:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMProtector service failed to start due to the following error: 
%%2
 
Error: (02/03/2015 05:17:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (02/03/2015 05:07:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MySQL service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 70%
Total physical RAM: 3766.71 MB
Available physical RAM: 1093.95 MB
Total Pagefile: 7531.6 MB
Available Pagefile: 4810.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:289.64 GB) NTFS
Drive e: () (Removable) (Total:3.76 GB) (Free:3.62 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CA50B540)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)
 
==================== End Of Log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Lori (administrator) on LORI-PC on 03-02-2015 18:28:27
Running from E:\
Loaded Profiles: Lori (Available profiles: Lori & Gary)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\Setup\instup.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rstrui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-04-06] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [73728 2011-11-03] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-09-18] (AVAST Software)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-20] (Google Inc.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\MountPoints2: {d7cca0cd-72c5-11e0-b6ba-5cac4c21225b} - E:\VZAccess_Manager.exe /z detect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742&r=27361110l635l04d4z165v4722150n
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
URLSearchHook: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
URLSearchHook: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 - (No Name) - {801120a5-289d-4a31-9d09-3f1794681e02} - C:\Program Files (x86)\GasGlance_5i\bar\1.bin\5iSrcAs.dll No File
URLSearchHook: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> DefaultScope {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=042113&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {1E6024F9-5CFC-482E-8810-FD1EEB9FB68B} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {34B19F01-197B-49ED-B5F6-2C658544FE77} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80502&lng=en
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS407US407
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=042113&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: No Name -> {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} ->  No File
BHO-x32: No Name -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll No File
BHO-x32: No Name -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll No File
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {A531D99C-5A22-449b-83DA-872725C6D0ED} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> No Name - {865FC489-56EB-41FA-BB25-027900188070} -  No File
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-04-17]
FF HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://www.msn.com/?pc=AV01", "https://www.thirtyonetoday.com/Account/Login?source=mto"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Bing) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2015-01-31]
CHR Extension: (Skype Click to Call) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-03]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2012-12-13]
CHR Extension: (Google Wallet) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR HKLM\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [47776 2010-05-25] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
S2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [106488 2014-07-06] (AVAST Software)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [X]
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe" [X]
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S2 MySQL; "C:\Program Files (x86)\TABS AutoBiz\mysql\bin\mysqld-nt" MySQL [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 Dot4; system32\DRIVERS\Dot4.sys [X]
S3 dot4usb; system32\DRIVERS\dot4usb.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 usbscan; system32\DRIVERS\usbscan.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 18:29 - 2014-11-21 09:00 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-03 18:28 - 2015-02-03 18:28 - 00000000 ____D () C:\FRST
2015-02-03 17:11 - 2015-02-03 17:11 - 00000199 _____ () C:\Windows\system32\2015-02-03-23-11-29.070-AvastVBoxSVC.exe-3968.log
2015-02-01 14:28 - 2015-02-01 14:28 - 00000000 ____D () C:\Users\Gary\AppData\Local\Apple
2015-02-01 12:36 - 2015-02-01 13:15 - 00000000 ____D () C:\Users\Gary\AppData\Local\CrashDumps
2015-02-01 12:34 - 2015-02-01 15:58 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\ControlCenter4
2015-02-01 12:34 - 2015-02-01 12:34 - 00196872 _____ () C:\Users\Gary\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Seagate
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Memeo
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Intel Corporation
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\AVAST Software
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Apple Computer
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Local\EgisTec IPS
2015-02-01 12:33 - 2015-02-03 19:01 - 00000000 ____D () C:\Users\Gary
2015-02-01 12:33 - 2015-02-01 15:58 - 00000000 ___RD () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-01 12:33 - 2015-02-01 15:58 - 00000000 ___RD () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-01 12:33 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Local\VirtualStore
2015-02-01 12:33 - 2015-02-01 12:33 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Adobe
2015-02-01 12:33 - 2013-06-25 20:55 - 00000000 ____D () C:\Users\Gary\AppData\LocalGoogle
2015-02-01 12:33 - 2013-06-25 20:54 - 00000000 ____D () C:\Users\Gary\AppData\Local\Google
2015-02-01 12:33 - 2011-11-27 08:40 - 00000000 ____D () C:\Users\Gary\AppData\Local\Microsoft Help
2015-02-01 12:33 - 2010-11-26 07:45 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Macromedia
2015-02-01 12:24 - 2015-02-01 12:25 - 00000985 _____ () C:\ProgramData\hpzinstall.log
2015-02-01 00:57 - 2015-02-01 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-01 00:56 - 2015-02-01 16:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-01 00:56 - 2015-02-01 00:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 00:54 - 2015-02-01 00:54 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Zeon
2015-01-31 13:20 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-31 13:20 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-31 13:20 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-31 13:20 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-31 13:20 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-31 13:20 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-31 13:20 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-31 13:20 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-31 13:19 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-31 13:19 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-31 13:19 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-31 13:19 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-31 13:19 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-31 13:19 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-31 13:19 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-31 13:19 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-31 13:19 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-31 13:19 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-31 13:17 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-31 13:17 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-31 12:57 - 2015-01-31 12:57 - 00302011 _____ () C:\Users\Lori\Downloads\WindowsUpdateDiagnostic (2).diagcab
2015-01-31 12:52 - 2015-01-31 12:52 - 00302011 _____ () C:\Users\Lori\Downloads\WindowsUpdateDiagnostic (1).diagcab
2015-01-31 12:45 - 2015-01-31 12:45 - 00302011 _____ () C:\Users\Lori\Downloads\WindowsUpdateDiagnostic.diagcab
2015-01-31 10:29 - 2015-01-31 10:29 - 00000000 ____D () C:\Users\Lori\AppData\Local\Hewlett-Packard
2015-01-08 19:36 - 2015-01-08 19:36 - 00001244 _____ () C:\Users\Lori\Desktop\SpeedyPC Pro.lnk
2015-01-08 19:36 - 2015-01-08 19:36 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\SpeedyPC Software
2015-01-08 19:35 - 2015-01-08 19:36 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2015-01-08 19:35 - 2015-01-08 19:35 - 00000000 ____D () C:\Program Files (x86)\SpeedyPC Software
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 18:31 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 18:31 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 18:29 - 2010-09-23 07:53 - 02043658 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 18:26 - 2011-01-04 09:12 - 00000000 ____D () C:\Users\Lori\AppData\Local\CrashDumps
2015-02-03 18:19 - 2010-09-23 08:27 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-02-03 18:16 - 2010-11-26 09:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 18:15 - 2010-11-26 20:43 - 00000000 ____D () C:\Users\Lori
2015-02-03 18:15 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 18:14 - 2009-07-13 22:45 - 00632848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-03 18:13 - 2009-07-13 22:51 - 00054416 _____ () C:\Windows\setupact.log
2015-02-03 18:09 - 2014-06-25 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-02-03 18:09 - 2014-05-21 08:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-03 18:09 - 2014-04-28 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TABS AutoBiz
2015-02-03 18:09 - 2014-04-28 09:09 - 00000000 ____D () C:\Program Files (x86)\TABS AutoBiz
2015-02-03 18:09 - 2014-04-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
2015-02-03 18:09 - 2013-12-25 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-03 18:09 - 2013-11-19 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2015-02-03 18:09 - 2013-07-05 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-02-03 18:09 - 2013-07-05 13:56 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-03 18:09 - 2013-07-05 13:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-03 18:09 - 2013-06-07 20:25 - 00000000 ____D () C:\Program Files\Java
2015-02-03 18:09 - 2013-05-21 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-03 18:09 - 2013-04-20 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-03 18:09 - 2013-03-14 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-03 18:09 - 2013-02-24 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-03 18:09 - 2013-02-24 18:03 - 00000000 ____D () C:\ProgramData\HP
2015-02-03 18:09 - 2012-12-13 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0
2015-02-03 18:09 - 2012-11-18 19:20 - 00000000 ____D () C:\Windows\Minidump
2015-02-03 18:09 - 2012-05-16 08:01 - 00000000 ____D () C:\Users\Lori\AppData\Local\GasGlance_5i
2015-02-03 18:09 - 2012-04-21 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
2015-02-03 18:09 - 2012-03-23 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
2015-02-03 18:09 - 2012-01-12 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-02-03 18:09 - 2012-01-01 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMA! Pro VPN
2015-02-03 18:09 - 2011-12-11 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012
2015-02-03 18:09 - 2011-10-21 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
2015-02-03 18:09 - 2011-09-03 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-03 18:09 - 2011-05-26 14:52 - 00000000 ____D () C:\Windows\SysWOW64\Reg
2015-02-03 18:09 - 2011-05-26 14:52 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\High Impact eMail 5
2015-02-03 18:09 - 2011-05-26 14:51 - 00000000 ____D () C:\Windows\SysWOW64\MSI
2015-02-03 18:09 - 2011-05-26 14:49 - 00000000 ____D () C:\Users\Lori\Documents\High Impact eMail 5
2015-02-03 18:09 - 2011-05-04 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GolfLogix
2015-02-03 18:09 - 2011-04-15 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BodyMedia
2015-02-03 18:09 - 2010-12-26 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MasterCook 11
2015-02-03 18:09 - 2010-12-26 20:32 - 00000000 ____D () C:\Users\Public\Documents\MasterCook
2015-02-03 18:09 - 2010-12-15 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-02-03 18:09 - 2010-11-26 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2015-02-03 18:09 - 2010-11-26 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-03 18:09 - 2010-11-26 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-02-03 18:09 - 2010-11-26 07:44 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Macromedia
2015-02-03 18:09 - 2010-11-26 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
2015-02-03 18:09 - 2010-09-23 08:46 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2015-02-03 18:09 - 2010-09-23 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager
2015-02-03 18:09 - 2010-09-23 08:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-02-03 18:09 - 2010-09-23 08:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2015-02-03 18:09 - 2010-09-23 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Suite
2015-02-03 18:09 - 2010-09-23 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2015-02-03 18:09 - 2010-07-20 02:54 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-03 18:09 - 2010-07-20 02:53 - 00000000 ____D () C:\ProgramData\Symantec
2015-02-03 18:09 - 2010-07-20 02:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9
2015-02-03 18:09 - 2010-07-20 02:53 - 00000000 ____D () C:\Program Files (x86)\Symantec
2015-02-03 18:09 - 2010-07-20 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec
2015-02-03 18:09 - 2010-07-20 02:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-02-03 18:09 - 2010-07-20 02:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSobi v2
2015-02-03 18:09 - 2010-07-20 02:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-02-03 18:09 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\servicing
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-03 18:08 - 2013-02-20 08:39 - 00000000 ____D () C:\Program Files (x86)\Coupons.com CouponBar
2015-02-03 18:08 - 2012-05-16 08:00 - 00000000 ____D () C:\Program Files (x86)\GasGlance_5i
2015-02-03 18:08 - 2012-01-01 11:42 - 00000000 ____D () C:\Program Files (x86)\HMA! Pro VPN
2015-02-03 18:08 - 2011-05-26 14:52 - 00000000 ____D () C:\Program Files (x86)\ACT
2015-02-03 18:08 - 2011-05-26 14:49 - 00000000 ____D () C:\Program Files (x86)\High Impact eMail 5
2015-02-03 18:08 - 2011-05-04 15:13 - 00000000 ____D () C:\Program Files (x86)\GolfLogix
2015-02-03 18:08 - 2011-01-13 11:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-03 18:08 - 2010-12-15 09:19 - 00000000 ____D () C:\Program Files (x86)\Coupons
2015-02-03 18:08 - 2010-07-20 02:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-03 18:07 - 2014-11-21 09:35 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-03 18:07 - 2014-11-21 09:35 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-03 18:07 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-02-03 17:59 - 2012-12-13 23:10 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Nuance
2015-02-03 17:54 - 2014-04-24 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-02-03 17:54 - 2013-01-13 22:25 - 00000000 ____D () C:\ProgramData\Intel
2015-02-03 17:54 - 2011-04-14 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
2015-02-03 17:54 - 2010-07-20 02:53 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-03 17:51 - 2013-02-24 17:46 - 00000000 ____D () C:\Program Files (x86)\HP
2015-02-03 17:51 - 2013-02-24 17:46 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-02-03 17:50 - 2010-11-26 13:10 - 00000000 __RHD () C:\MSOCache
2015-02-03 17:50 - 2010-07-20 03:12 - 00000000 ___HD () C:\OEM
2015-02-03 17:50 - 2010-07-20 02:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-03 02:22 - 2010-11-26 14:10 - 00000000 ____D () C:\Users\Lori\Documents\Outlook Files
2015-02-01 16:47 - 2014-11-21 09:37 - 00000000 ____D () C:\Users\Lori\AppData\Local\AskPartnerNetwork
2015-02-01 16:35 - 2013-12-25 20:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-01 07:54 - 2014-06-25 08:43 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-02-01 00:15 - 2010-11-26 07:44 - 00196872 _____ () C:\Users\Lori\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 22:31 - 2012-03-23 10:10 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Brother
2015-01-31 13:33 - 2013-08-02 07:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-31 09:51 - 2013-03-18 18:16 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\HpUpdate
2015-01-08 20:39 - 2010-11-26 07:45 - 00000000 ____D () C:\Users\Lori\AppData\Local\VirtualStore
2015-01-08 20:22 - 2010-07-20 02:49 - 00000000 ____D () C:\ProgramData\Partner
2015-01-08 20:22 - 2007-07-11 19:49 - 00000000 ____D () C:\Windows\Panther
 
==================== Files in the root of some directories =======
 
2010-11-28 13:35 - 2011-07-19 18:28 - 0024466 _____ () C:\Users\Lori\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-04-09 21:00 - 2013-04-09 21:26 - 0023967 _____ () C:\Users\Lori\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-01-08 19:36 - 2015-02-03 17:10 - 0000053 _____ () C:\Users\Lori\AppData\Roaming\LogFile.txt
2012-12-15 13:36 - 2012-12-16 12:50 - 0002439 _____ () C:\Users\Lori\AppData\Roaming\SAS7_000.DAT
2012-11-11 19:25 - 2012-11-11 19:25 - 0000092 _____ () C:\Users\Lori\AppData\Local\fusioncache.dat
2015-02-01 12:24 - 2015-02-01 12:25 - 0000985 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Lori\AppData\Local\Temp\9C33.exe
C:\Users\Lori\AppData\Local\Temp\ApnStub.exe
C:\Users\Lori\AppData\Local\Temp\COMAP.EXE
C:\Users\Lori\AppData\Local\Temp\Couponscom.exe
C:\Users\Lori\AppData\Local\Temp\d4lv4hly.dll
C:\Users\Lori\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Lori\AppData\Local\Temp\PAGEPLUS-X5-EN_15.0.4.027_Patch-Setup.exe
C:\Users\Lori\AppData\Local\Temp\PAGEPLUS-X5-EN_15.0.5.030_Patch-Setup.exe
C:\Users\Lori\AppData\Local\Temp\PAGEPLUS1033_14.0.5.027_Patch-Setup.exe
C:\Users\Lori\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lori\AppData\Local\Temp\_isB9F1.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-26 11:25
 
==================== End Of Log ============================


#4 downtown1

downtown1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 February 2015 - 08:27 PM

In the first set of reports I had forgotten to turn off all the antivirus and malware software.

 

Here are the new ones and in the same order.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Lori at 2015-02-03 19:00:49
Running from E:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
7400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Game Console (x32 Version:  - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barnes & Noble Desktop Reader (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.21 - Barnesandnoble.com)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.01.000.18 - Atheros Communications)
BodyMedia SYNC (HKLM-x32\...\InstallShield_{870BCBB7-1A28-4369-8327-466BD12D7E9D}) (Version: 2.0.5.90 - BodyMedia, Inc.)
BodyMedia SYNC (x32 Version: 2.0.5.90 - BodyMedia, Inc.) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-J4710DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Brother P-touch Editor 5.0 (HKLM-x32\...\{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2101 - Brother Industries, Ltd.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
FontMSI (HKLM-x32\...\{ABB47A07-3209-42CE-9260-7BAC030CC6CA}) (Version: 1.00.0000 - AB)
GasGlance Toolbar (HKLM-x32\...\GasGlance_5ibar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 4.8.0.721 (HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\GoToMeeting) (Version: 4.8.0.721 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Linksys Dual-Band Wireless-N USB Network Adapter (HKLM-x32\...\InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}) (Version: 1.0.0.1 - Linksys)
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter (x32 Version: 1.0.0.1 - Linksys) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MasterCook 11 (HKLM-x32\...\{25CA5771-2536-4D47-A12F-E9AF3B5ADB81}) (Version: 1.00.0000 - Valusoft)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7916 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARDR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.2.10 - Prolific Technology INC)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickBooks Premier: Mfg and Whsle Edition 2007 (HKLM-x32\...\{7E545666-F436-45FD-B3DF-C0B99A1A579F}) (Version:  - )
QuickBooks Product Listing Service (HKLM-x32\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken WillMaker Plus 2013 (HKLM-x32\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1548 - Memeo Inc.)
Serif PagePlus X4 (HKLM-x32\...\{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}) (Version: 14.0.5.027 - Serif (Europe) Ltd)
Serif PagePlus X4 Resources (HKLM-x32\...\{A93EC091-461F-46EE-BAE1-327EB608AA60}) (Version: 14.0.1.010 - Serif (Europe) Ltd)
Serif PagePlus X5 (HKLM-x32\...\{371C9583-5174-4CF8-B10D-D4C3AA7E8CD0}) (Version: 15.0.5.030 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.1.0 - ShopAtHome.com) <==== ATTENTION
Shopping App by Ask (HKLM-x32\...\{4F524A2D-5354-2D53-5045-A758B70C1801}) (Version: 12.24.1.53 - APN, LLC)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.2.14.0 - SpeedyPC Software) <==== ATTENTION
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BF}) (Version: 15.0.9327 - WinZip Computing, S.L. )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\721\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points  =========================
 
09-10-2014 12:58:45 Windows Update
20-10-2014 10:55:24 Installed HP Update.
20-10-2014 11:28:53 Windows Update
09-11-2014 20:47:41 Windows Update
21-11-2014 08:56:02 avast! antivirus system restore point
21-11-2014 09:04:45 Device Driver Package Install: Avast Network Service
21-11-2014 10:01:41 Removed Java 8 Update 25
01-12-2014 22:49:27 Removed High Impact eMail 5
01-12-2014 22:51:37 Removed High Impact eMail 5
01-12-2014 22:57:32 Removed Norton Online Backup
07-12-2014 10:48:04 Windows Update
08-01-2015 20:15:58 SpeedyPC Pro Backup
08-01-2015 21:23:13 SpeedyPC Pro Backup
10-01-2015 08:10:22 SpeedyPC Pro Backup
21-01-2015 19:18:03 SpeedyPC Pro Backup
24-01-2015 09:32:34 SpeedyPC Pro Backup
28-01-2015 08:40:43 SpeedyPC Pro Backup
29-01-2015 10:29:17 Windows Update
31-01-2015 09:21:46 SpeedyPC Pro Backup
31-01-2015 10:26:14 Installed HP Support Solutions Framework
31-01-2015 12:14:50 Windows Update
31-01-2015 13:08:52 Windows Update
31-01-2015 13:21:24 Windows Update
31-01-2015 21:23:06 Restore Operation
31-01-2015 21:43:11 avast! antivirus system restore point
31-01-2015 21:52:48 Restore Operation
31-01-2015 23:29:31 avast! antivirus system restore point
31-01-2015 23:45:02 Device Driver Package Install: Avast Network Service
01-02-2015 00:01:41 SpeedyPC Pro Backup
01-02-2015 00:39:05 SpeedyPC Pro Backup
01-02-2015 15:44:20 Restore Operation
01-02-2015 16:06:30 avast! antivirus system restore point
01-02-2015 16:16:03 Device Driver Package Install: Avast Network Service
01-02-2015 16:26:43 Restore Operation
01-02-2015 16:55:32 avast! antivirus system restore point
03-02-2015 17:43:58 Restore Operation
03-02-2015 18:38:44 Device Driver Package Install: Avast Network Service
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {030B336F-F634-4721-A25F-7DDFEA81A1B4} - System32\Tasks\{05C7EABF-394C-414B-8D15-B8401FFA398A} => pcalua.exe -a D:\setup.exe -d D:\
Task: {05E4DE3F-AD3E-4743-98A4-C4BE378D42E2} - System32\Tasks\{425B5FBC-6F14-4596-9E9D-E5F18B922F87} => pcalua.exe -a C:\Users\Lori\Downloads\vpsupd.exe -d C:\Users\Lori\Downloads
Task: {1A9CD2E2-3373-41C5-86F2-752AAF3CC3C7} - \{480015DE-B335-4D11-A7A0-F514A544D940} No Task File <==== ATTENTION
Task: {1F2043C7-5947-43D3-A3E9-455CE9218299} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {66C1100D-E70E-4349-AFCE-D28743927836} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {96A981DB-89AE-4231-AC44-CFBF1817F936} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {CE1D09EA-23C2-49F9-B747-7D2A7EDD82BC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {D8371184-1656-4AC6-BEA7-3BB3F9FC9341} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {DDC73336-0559-4481-B9BD-D2DC41889292} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EEFF818C-6941-440C-A7C5-CAA2E397ECC2} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-24 21:57 - 2005-04-21 22:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-06 09:16 - 2011-04-06 09:16 - 00325344 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2014-07-06 08:35 - 2014-07-06 08:35 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2015-02-03 18:44 - 2015-02-03 18:44 - 02913280 _____ () C:\Program Files\Alwil Software\Avast5\defs\15020301\algo.dll
2010-06-28 16:20 - 2010-06-28 16:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 16:12 - 2010-06-28 16:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-07-25 00:10 - 2009-05-20 00:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-07-06 08:35 - 2014-07-06 08:35 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2011-11-03 12:09 - 2011-11-03 12:09 - 00102912 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-11-03 12:10 - 2011-11-03 12:10 - 00025600 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2011-11-03 12:10 - 2011-11-03 12:10 - 00015360 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll
2011-11-03 12:10 - 2011-11-03 12:10 - 00014848 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll
2014-04-24 21:56 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-07-20 02:31 - 2010-04-13 10:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2011-04-06 09:16 - 2011-04-06 09:16 - 02896608 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2011-04-06 09:16 - 2011-04-06 09:16 - 00027360 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 16:59 - 2010-03-22 16:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2010-03-22 16:57 - 2010-03-22 16:57 - 00178176 _____ () C:\Program Files (x86)\Common Files\Memeo\ProfMan.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-04-20 11:22 - 2010-04-20 11:22 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2010-04-20 11:22 - 2010-04-20 11:22 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
2014-10-02 09:38 - 2014-09-05 10:55 - 00132808 _____ () C:\Users\Lori\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\Lori\Documents\31 FR flyer.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31 FR flyer.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\31 FR flyerJD.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31 FR flyerJD.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\31 Holiday OPEN HOUSE1.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31 Holiday OPEN HOUSE1.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\31 juvenile Diabetes ad.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31 juvenile Diabetes ad.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\31 open house holiday test.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31 open house holiday test.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\31 Womens Center ad.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31 Womens Center ad.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\31FR form.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\31FR form.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\corvette club.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\corvette club.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\lori's pages.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\lori's pages.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\Open House 0812.1.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\Open House 0812.1.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\Open House 0812.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\Open House 0812.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\sept2013-order-form1.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\sept2013-order-form1.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\sj enter to win.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\sj enter to win.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\SJ Giveaway card.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\SJ Giveaway card.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\sj kids korner.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\sj kids korner.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\sj sterling silver.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\sj sterling silver.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\ThermalToteSale.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\ThermalToteSale.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lori\Documents\ThermalToteSaleFR.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Lori\Documents\ThermalToteSaleFR.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\Documents\31 FALL OPEN HOUSE 1.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Public\Documents\31 FALL OPEN HOUSE 1.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\Documents\31 Holiday OPEN HOUSE.ppp:SummaryInformation
AlternateDataStreams: C:\Users\Public\Documents\31 Holiday OPEN HOUSE.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52267103.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52267103.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1565987645-4242153639-3628463870-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1565987645-4242153639-3628463870-1002 - Limited - Enabled)
Gary (S-1-5-21-1565987645-4242153639-3628463870-1027 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-1565987645-4242153639-3628463870-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1565987645-4242153639-3628463870-1004 - Limited - Enabled)
Lori (S-1-5-21-1565987645-4242153639-3628463870-1000 - Administrator - Enabled) => C:\Users\Lori
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VBoxAsw Support Driver
Description: VBoxAsw Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VBoxAswDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet 400 M401n
Description: HP LaserJet 400 M401n
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/03/2015 06:26:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.111, time stamp: 0x5447163b
Faulting module name: chrome.dll, version: 38.0.2125.111, time stamp: 0x54471342
Exception code: 0x80000003
Fault offset: 0x004dc123
Faulting process id: 0x15e0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (02/03/2015 06:25:54 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Alwil Software\Avast5\setup\instup.exe Files\Alwil Software\Avast5\setup\instup.exe" /instop:repair; Description = avast! antivirus system restore point; Error = 0x81000101).
 
Error: (02/03/2015 06:19:17 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Device Driver Package Install: Avast Network Service). Additional information: 0x80070005.
 
Error: (02/03/2015 06:16:32 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Fatal error: Can't open and lock privilege tables: Table 'mysql.host' doesn't exist
 
For more information, see Help and Support Center at http://www.mysql.com.
 
Error: (02/03/2015 06:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528.
 
Error: (02/03/2015 06:15:54 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1236) Catalog Database: Error -1811 occurred while opening logfile C:\Windows\system32\CatRoot2\edb005F9.log.
 
Error: (02/03/2015 05:14:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x858
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (02/03/2015 05:12:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0xd7c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (02/03/2015 05:12:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x158c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (02/03/2015 05:11:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x80000003
Fault offset: 0x004fd39c
Faulting process id: 0x1bb4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
 
System errors:
=============
Error: (02/03/2015 07:01:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (02/03/2015 07:01:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (02/03/2015 07:01:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (02/03/2015 07:01:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (02/03/2015 07:01:41 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (02/03/2015 07:01:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (02/03/2015 06:17:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MySQL service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/03/2015 06:17:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%2
 
Error: (02/03/2015 06:15:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: 
%%2
 
Error: (02/03/2015 06:15:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 51%
Total physical RAM: 3766.71 MB
Available physical RAM: 1840.95 MB
Total Pagefile: 7531.6 MB
Available Pagefile: 5321.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:286.48 GB) NTFS
Drive e: () (Removable) (Total:3.76 GB) (Free:3.62 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CA50B540)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)
 

 

==================== End Of Log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Lori (administrator) on LORI-PC on 03-02-2015 18:59:22
Running from E:\
Loaded Profiles: Lori (Available profiles: Lori & Gary)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rstrui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-04-06] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [73728 2011-11-03] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-09-18] (AVAST Software)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-20] (Google Inc.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\MountPoints2: {d7cca0cd-72c5-11e0-b6ba-5cac4c21225b} - E:\VZAccess_Manager.exe /z detect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742&r=27361110l635l04d4z165v4722150n
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
URLSearchHook: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
URLSearchHook: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 - (No Name) - {801120a5-289d-4a31-9d09-3f1794681e02} - C:\Program Files (x86)\GasGlance_5i\bar\1.bin\5iSrcAs.dll No File
URLSearchHook: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> DefaultScope {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=042113&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {1E6024F9-5CFC-482E-8810-FD1EEB9FB68B} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {34B19F01-197B-49ED-B5F6-2C658544FE77} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80502&lng=en
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS407US407
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=042113&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: No Name -> {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} ->  No File
BHO-x32: No Name -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll No File
BHO-x32: No Name -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll No File
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {A531D99C-5A22-449b-83DA-872725C6D0ED} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> No Name - {865FC489-56EB-41FA-BB25-027900188070} -  No File
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-04-17]
FF HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://www.msn.com/?pc=AV01", "https://www.thirtyonetoday.com/Account/Login?source=mto"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Bing) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2015-01-31]
CHR Extension: (Skype Click to Call) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-03]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2012-12-13]
CHR Extension: (Google Wallet) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR HKLM\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [47776 2010-05-25] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [106488 2014-07-06] (AVAST Software)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [X]
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe" [X]
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S2 MySQL; "C:\Program Files (x86)\TABS AutoBiz\mysql\bin\mysqld-nt" MySQL [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 Dot4; system32\DRIVERS\Dot4.sys [X]
S3 dot4usb; system32\DRIVERS\dot4usb.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 usbscan; system32\DRIVERS\usbscan.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 18:59 - 2015-02-03 18:59 - 06103040 _____ () C:\Program Files (x86)\GUTB05C.tmp
2015-02-03 18:59 - 2015-02-03 18:59 - 00000000 ____D () C:\Program Files (x86)\GUMB05B.tmp
2015-02-03 18:39 - 2015-02-03 18:39 - 00002040 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-02-03 18:39 - 2015-02-03 18:39 - 00001980 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-02-03 18:39 - 2015-02-03 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-03 18:29 - 2014-11-21 09:00 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-03 18:28 - 2015-02-03 18:59 - 00000000 ____D () C:\FRST
2015-02-03 17:11 - 2015-02-03 17:11 - 00000199 _____ () C:\Windows\system32\2015-02-03-23-11-29.070-AvastVBoxSVC.exe-3968.log
2015-02-01 14:28 - 2015-02-01 14:28 - 00000000 ____D () C:\Users\Gary\AppData\Local\Apple
2015-02-01 12:36 - 2015-02-01 13:15 - 00000000 ____D () C:\Users\Gary\AppData\Local\CrashDumps
2015-02-01 12:34 - 2015-02-01 15:58 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\ControlCenter4
2015-02-01 12:34 - 2015-02-01 12:34 - 00196872 _____ () C:\Users\Gary\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Seagate
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Memeo
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Intel Corporation
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\AVAST Software
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Apple Computer
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Local\EgisTec IPS
2015-02-01 12:33 - 2015-02-03 19:01 - 00000000 ____D () C:\Users\Gary
2015-02-01 12:33 - 2015-02-01 15:58 - 00000000 ___RD () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-01 12:33 - 2015-02-01 15:58 - 00000000 ___RD () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-01 12:33 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Local\VirtualStore
2015-02-01 12:33 - 2015-02-01 12:33 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Adobe
2015-02-01 12:33 - 2013-06-25 20:55 - 00000000 ____D () C:\Users\Gary\AppData\LocalGoogle
2015-02-01 12:33 - 2013-06-25 20:54 - 00000000 ____D () C:\Users\Gary\AppData\Local\Google
2015-02-01 12:33 - 2011-11-27 08:40 - 00000000 ____D () C:\Users\Gary\AppData\Local\Microsoft Help
2015-02-01 12:33 - 2010-11-26 07:45 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Macromedia
2015-02-01 12:24 - 2015-02-01 12:25 - 00000985 _____ () C:\ProgramData\hpzinstall.log
2015-02-01 00:57 - 2015-02-01 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-01 00:56 - 2015-02-01 16:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-01 00:56 - 2015-02-01 00:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 00:54 - 2015-02-01 00:54 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Zeon
2015-01-31 13:20 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-31 13:20 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-31 13:20 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-31 13:20 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-31 13:20 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-31 13:20 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-31 13:20 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-31 13:20 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-31 13:19 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-31 13:19 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-31 13:19 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-31 13:19 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-31 13:19 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-31 13:19 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-31 13:19 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-31 13:19 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-31 13:19 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-31 13:19 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-31 13:17 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-31 13:17 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-31 12:57 - 2015-01-31 12:57 - 00302011 _____ () C:\Users\Lori\Downloads\WindowsUpdateDiagnostic (2).diagcab
2015-01-31 12:52 - 2015-01-31 12:52 - 00302011 _____ () C:\Users\Lori\Downloads\WindowsUpdateDiagnostic (1).diagcab
2015-01-31 12:45 - 2015-01-31 12:45 - 00302011 _____ () C:\Users\Lori\Downloads\WindowsUpdateDiagnostic.diagcab
2015-01-31 10:29 - 2015-01-31 10:29 - 00000000 ____D () C:\Users\Lori\AppData\Local\Hewlett-Packard
2015-01-08 19:36 - 2015-01-08 19:36 - 00001244 _____ () C:\Users\Lori\Desktop\SpeedyPC Pro.lnk
2015-01-08 19:36 - 2015-01-08 19:36 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\SpeedyPC Software
2015-01-08 19:35 - 2015-01-08 19:36 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2015-01-08 19:35 - 2015-01-08 19:35 - 00000000 ____D () C:\Program Files (x86)\SpeedyPC Software
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 19:00 - 2010-11-26 09:34 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 19:00 - 2010-11-26 09:34 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 19:00 - 2010-11-26 09:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 19:00 - 2010-11-26 09:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 18:45 - 2010-09-23 07:53 - 02058605 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 18:39 - 2010-11-26 14:10 - 00000000 ____D () C:\Users\Lori\Documents\Outlook Files
2015-02-03 18:38 - 2013-03-13 17:54 - 00003926 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-03 18:38 - 2010-11-26 23:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-03 18:31 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 18:31 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 18:26 - 2011-01-04 09:12 - 00000000 ____D () C:\Users\Lori\AppData\Local\CrashDumps
2015-02-03 18:19 - 2010-09-23 08:27 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-02-03 18:15 - 2010-11-26 20:43 - 00000000 ____D () C:\Users\Lori
2015-02-03 18:15 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 18:14 - 2009-07-13 22:45 - 00632848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-03 18:13 - 2009-07-13 22:51 - 00054416 _____ () C:\Windows\setupact.log
2015-02-03 18:09 - 2014-06-25 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-02-03 18:09 - 2014-05-21 08:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-03 18:09 - 2014-04-28 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TABS AutoBiz
2015-02-03 18:09 - 2014-04-28 09:09 - 00000000 ____D () C:\Program Files (x86)\TABS AutoBiz
2015-02-03 18:09 - 2014-04-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
2015-02-03 18:09 - 2013-12-25 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-03 18:09 - 2013-07-05 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-02-03 18:09 - 2013-07-05 13:56 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-03 18:09 - 2013-07-05 13:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-03 18:09 - 2013-06-07 20:25 - 00000000 ____D () C:\Program Files\Java
2015-02-03 18:09 - 2013-05-21 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-03 18:09 - 2013-04-20 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-03 18:09 - 2013-03-14 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-03 18:09 - 2013-02-24 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-03 18:09 - 2013-02-24 18:03 - 00000000 ____D () C:\ProgramData\HP
2015-02-03 18:09 - 2012-12-13 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0
2015-02-03 18:09 - 2012-11-18 19:20 - 00000000 ____D () C:\Windows\Minidump
2015-02-03 18:09 - 2012-05-16 08:01 - 00000000 ____D () C:\Users\Lori\AppData\Local\GasGlance_5i
2015-02-03 18:09 - 2012-04-21 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
2015-02-03 18:09 - 2012-03-23 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
2015-02-03 18:09 - 2012-01-12 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-02-03 18:09 - 2012-01-01 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMA! Pro VPN
2015-02-03 18:09 - 2011-12-11 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012
2015-02-03 18:09 - 2011-10-21 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
2015-02-03 18:09 - 2011-09-03 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-03 18:09 - 2011-05-26 14:52 - 00000000 ____D () C:\Windows\SysWOW64\Reg
2015-02-03 18:09 - 2011-05-26 14:52 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\High Impact eMail 5
2015-02-03 18:09 - 2011-05-26 14:51 - 00000000 ____D () C:\Windows\SysWOW64\MSI
2015-02-03 18:09 - 2011-05-26 14:49 - 00000000 ____D () C:\Users\Lori\Documents\High Impact eMail 5
2015-02-03 18:09 - 2011-05-04 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GolfLogix
2015-02-03 18:09 - 2011-04-15 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BodyMedia
2015-02-03 18:09 - 2010-12-26 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MasterCook 11
2015-02-03 18:09 - 2010-12-26 20:32 - 00000000 ____D () C:\Users\Public\Documents\MasterCook
2015-02-03 18:09 - 2010-12-15 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-02-03 18:09 - 2010-11-26 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2015-02-03 18:09 - 2010-11-26 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-03 18:09 - 2010-11-26 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-02-03 18:09 - 2010-11-26 07:44 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Macromedia
2015-02-03 18:09 - 2010-11-26 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
2015-02-03 18:09 - 2010-09-23 08:46 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2015-02-03 18:09 - 2010-09-23 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager
2015-02-03 18:09 - 2010-09-23 08:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-02-03 18:09 - 2010-09-23 08:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2015-02-03 18:09 - 2010-09-23 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Suite
2015-02-03 18:09 - 2010-09-23 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2015-02-03 18:09 - 2010-07-20 02:54 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-03 18:09 - 2010-07-20 02:53 - 00000000 ____D () C:\ProgramData\Symantec
2015-02-03 18:09 - 2010-07-20 02:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9
2015-02-03 18:09 - 2010-07-20 02:53 - 00000000 ____D () C:\Program Files (x86)\Symantec
2015-02-03 18:09 - 2010-07-20 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec
2015-02-03 18:09 - 2010-07-20 02:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-02-03 18:09 - 2010-07-20 02:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSobi v2
2015-02-03 18:09 - 2010-07-20 02:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-02-03 18:09 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\servicing
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-03 18:08 - 2013-02-20 08:39 - 00000000 ____D () C:\Program Files (x86)\Coupons.com CouponBar
2015-02-03 18:08 - 2012-05-16 08:00 - 00000000 ____D () C:\Program Files (x86)\GasGlance_5i
2015-02-03 18:08 - 2012-01-01 11:42 - 00000000 ____D () C:\Program Files (x86)\HMA! Pro VPN
2015-02-03 18:08 - 2011-05-26 14:52 - 00000000 ____D () C:\Program Files (x86)\ACT
2015-02-03 18:08 - 2011-05-26 14:49 - 00000000 ____D () C:\Program Files (x86)\High Impact eMail 5
2015-02-03 18:08 - 2011-05-04 15:13 - 00000000 ____D () C:\Program Files (x86)\GolfLogix
2015-02-03 18:08 - 2011-01-13 11:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-03 18:08 - 2010-12-15 09:19 - 00000000 ____D () C:\Program Files (x86)\Coupons
2015-02-03 18:08 - 2010-07-20 02:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-03 18:07 - 2014-11-21 09:35 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-03 18:07 - 2014-11-21 09:35 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-03 18:07 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-02-03 17:59 - 2012-12-13 23:10 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Nuance
2015-02-03 17:54 - 2014-04-24 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-02-03 17:54 - 2013-01-13 22:25 - 00000000 ____D () C:\ProgramData\Intel
2015-02-03 17:54 - 2011-04-14 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
2015-02-03 17:54 - 2010-07-20 02:53 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-03 17:51 - 2013-02-24 17:46 - 00000000 ____D () C:\Program Files (x86)\HP
2015-02-03 17:51 - 2013-02-24 17:46 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-02-03 17:50 - 2010-11-26 13:10 - 00000000 __RHD () C:\MSOCache
2015-02-03 17:50 - 2010-07-20 03:12 - 00000000 ___HD () C:\OEM
2015-02-03 17:50 - 2010-07-20 02:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-01 16:47 - 2014-11-21 09:37 - 00000000 ____D () C:\Users\Lori\AppData\Local\AskPartnerNetwork
2015-02-01 16:35 - 2013-12-25 20:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-01 07:54 - 2014-06-25 08:43 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-02-01 00:15 - 2010-11-26 07:44 - 00196872 _____ () C:\Users\Lori\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 22:31 - 2012-03-23 10:10 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Brother
2015-01-31 13:33 - 2013-08-02 07:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-31 09:51 - 2013-03-18 18:16 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\HpUpdate
2015-01-08 20:39 - 2010-11-26 07:45 - 00000000 ____D () C:\Users\Lori\AppData\Local\VirtualStore
2015-01-08 20:22 - 2010-07-20 02:49 - 00000000 ____D () C:\ProgramData\Partner
2015-01-08 20:22 - 2007-07-11 19:49 - 00000000 ____D () C:\Windows\Panther
 
==================== Files in the root of some directories =======
 
2010-11-28 13:35 - 2011-07-19 18:28 - 0024466 _____ () C:\Users\Lori\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-04-09 21:00 - 2013-04-09 21:26 - 0023967 _____ () C:\Users\Lori\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-01-08 19:36 - 2015-02-03 17:10 - 0000053 _____ () C:\Users\Lori\AppData\Roaming\LogFile.txt
2012-12-15 13:36 - 2012-12-16 12:50 - 0002439 _____ () C:\Users\Lori\AppData\Roaming\SAS7_000.DAT
2012-11-11 19:25 - 2012-11-11 19:25 - 0000092 _____ () C:\Users\Lori\AppData\Local\fusioncache.dat
2015-02-01 12:24 - 2015-02-01 12:25 - 0000985 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Lori\AppData\Local\Temp\9C33.exe
C:\Users\Lori\AppData\Local\Temp\ApnStub.exe
C:\Users\Lori\AppData\Local\Temp\COMAP.EXE
C:\Users\Lori\AppData\Local\Temp\Couponscom.exe
C:\Users\Lori\AppData\Local\Temp\d4lv4hly.dll
C:\Users\Lori\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Lori\AppData\Local\Temp\PAGEPLUS-X5-EN_15.0.4.027_Patch-Setup.exe
C:\Users\Lori\AppData\Local\Temp\PAGEPLUS-X5-EN_15.0.5.030_Patch-Setup.exe
C:\Users\Lori\AppData\Local\Temp\PAGEPLUS1033_14.0.5.027_Patch-Setup.exe
C:\Users\Lori\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lori\AppData\Local\Temp\_isB9F1.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-26 11:25
 
==================== End Of Log ============================


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:57 PM

Posted 04 February 2015 - 10:39 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 downtown1

downtown1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 04 February 2015 - 01:44 PM

Here are the new reports First Adware, next Malwarebytes and then Junk remover.

 

The computer takes forever to boot now. (much longer than it should)

 

 

# AdwCleaner v4.109 - Report created 04/02/2015 at 11:00:56
# Updated 24/01/2015 by Xplode
# Database : 2015-02-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lori - LORI-PC
# Running from : E:\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : APNMCP
[#] Service Deleted : CouponPrinterService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Lori\Favorites\Coupons
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\alotappbar
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\speedypc software
Folder Deleted : C:\Program Files (x86)\Coupons.com CouponBar
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Program Files (x86)\Common Files\speedypc software
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\Lori\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Lori\AppData\LocalLow\alotappbar
Folder Deleted : C:\Users\Lori\AppData\LocalLow\iac
Folder Deleted : C:\Users\Lori\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Lori\AppData\Roaming\speedypc software
Folder Deleted : C:\Users\Lori\Documents\Optimizer Pro
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
File Deleted : C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal
File Deleted : C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4CC9-B2B4-C546BCCF8706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A531D99C-5A22-449B-83DA-872725C6D0ED}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1E6024F9-5CFC-482E-8810-FD1EEB9FB68B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{29c5f355-0907-4719-9f15-30ff0459607f}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{34B19F01-197B-49ED-B5F6-2C658544FE77}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CA9C4C1E-1ADE-4E9F-83EF-07617EFCF318}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{29c5f355-0907-4719-9f15-30ff0459607f}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\alotAppbar
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5354-2D53-5045-A758B70C1801}
Key Deleted : [x64] HKLM\SOFTWARE\ParetoLogic
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
 
-\\ Google Chrome v40.0.2214.94
 
 
*************************
 
AdwCleaner[R0].txt - [13765 octets] - [04/02/2015 10:58:15]
AdwCleaner[S0].txt - [12858 octets] - [04/02/2015 11:00:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12919 octets] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/4/2015
Scan Time: 11:22:08 AM
Logfile: malwarebytes report.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.04.08
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lori
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395777
Time Elapsed: 31 min, 55 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.CouponBar.A, HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [8fe9a07a08822f0785e3d42c8a799c64], 
PUP.Optional.CouponBar.A, HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [8fe9a07a08822f0785e3d42c8a799c64], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9641D095-2C78-400E-BBB0-C20F3108358B}, Quarantined, [2a4e47d3602a6ccad73e241693703fc1], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E1BFC11E-A392-4575-9EE7-27A96EB0DB90}, Quarantined, [7ff94eccfd8dbb7b5cbdb88228dba55b], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\GasGlance_5i, Quarantined, [a7d1c159fb8fa393d1d11c9451b217e9], 
 
Registry Values: 4
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{865FC489-56EB-41FA-BB25-027900188070}, Quarantined, [d99f35e565254aec8d8fce6cbb48cd33], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{865FC489-56EB-41FA-BB25-027900188070}, ì??è??å?«ä?ºâ?»ç¤?á ?ç??, Quarantined, [d99f35e565254aec8d8fce6cbb48cd33]
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{801120a5-289d-4a31-9d09-3f1794681e02}, Quarantined, [2b4d3ddd93f71a1cdb386eccbd462ad6], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{801120A5-289D-4A31-9D09-3F1794681E02}, Quarantined, [2b4d3ddd93f71a1cdb386eccbd462ad6], 
 
Registry Data: 0
(No malicious items detected)
 
Folders: 13
PUP.Optional.MindSpark.A, C:\Program Files (x86)\GasGlance_5i, Quarantined, [35431505e9a164d285edaca970933fc1], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\GasGlance_5i\bar, Quarantined, [35431505e9a164d285edaca970933fc1], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\GasGlance_5i\bar\1.bin, Quarantined, [35431505e9a164d285edaca970933fc1], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i\ace8e6c6d7b186095ae3b09c4566b7461d83ebf8, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i\ace8e6c6d7b186095ae3b09c4566b7461d83ebf8\1.0, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i\ace8e6c6d7b186095ae3b09c4566b7461d83ebf8\1.0\fonts, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i\ace8e6c6d7b186095ae3b09c4566b7461d83ebf8\1.0\js, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\Cache, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\ie9mesg, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\ie9mesg\COMMON, Quarantined, [651342d8880249edc8f36bf043c026da], 
 
Files: 22
PUP.Optional.OptimumInstaller.A, C:\Users\Lori\Downloads\Maps.exe, Quarantined, [5424ee2c85051620c1a0dd96cf3209f7], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\GasGlance_5i\bar\1.bin\5iimpipe.exe, Quarantined, [35431505e9a164d285edaca970933fc1], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\GasGlance_5i\bar\1.bin\CHROME.MANIFEST, Quarantined, [35431505e9a164d285edaca970933fc1], 
PUP.Optional.MindSpark.A, C:\Program Files (x86)\GasGlance_5i\bar\1.bin\installKeys.js, Quarantined, [35431505e9a164d285edaca970933fc1], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i\ace8e6c6d7b186095ae3b09c4566b7461d83ebf8\1.0\hogan-1.0.3.js, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i\ace8e6c6d7b186095ae3b09c4566b7461d83ebf8\1.0\jquery-1.7.1.min.js, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i\ace8e6c6d7b186095ae3b09c4566b7461d83ebf8\1.0\widget-messaging-1.0.SNAPSHOT.js, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i\ace8e6c6d7b186095ae3b09c4566b7461d83ebf8\1.0\fonts\cabin-condensed.eot, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i\ace8e6c6d7b186095ae3b09c4566b7461d83ebf8\1.0\js\background.js, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i\ace8e6c6d7b186095ae3b09c4566b7461d83ebf8\1.0\js\gasglance.js, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i\ace8e6c6d7b186095ae3b09c4566b7461d83ebf8\1.0\js\menu.js, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\Local\GasGlance_5i\ace8e6c6d7b186095ae3b09c4566b7461d83ebf8\1.0\js\menu.test.js, Quarantined, [2850c7532d5da88e32415cf9f3102ed2], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\Cache\files.ini, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\ie9mesg\COMMON\config.js, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\ie9mesg\COMMON\dispatch.js, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\ie9mesg\COMMON\infobar.js, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\ie9mesg\COMMON\jquery.js, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\ie9mesg\COMMON\overlay.js, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\ie9mesg\COMMON\pid.js, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\ie9mesg\COMMON\qstring.js, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\ie9mesg\COMMON\toolbar.js, Quarantined, [651342d8880249edc8f36bf043c026da], 
PUP.Optional.MindSpark.A, C:\Users\Lori\AppData\LocalLow\GasGlance_5i\bar\ie9mesg\COMMON\zEnable.js, Quarantined, [651342d8880249edc8f36bf043c026da], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Lori on Wed 02/04/2015 at 12:23:51.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.DynamicBarButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.DynamicBarButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.Radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.Radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.RadioSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.RadioSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.SkinLauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.SkinLauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.UrlAlertButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.UrlAlertButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.XMLSessionPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\GasGlance_5i.XMLSessionPlugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Lori\desktop\speedypc pro.lnk"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Lori\appdata\local\{1921EBD3-2E2A-448A-B083-730BDD7AFF61}
Successfully deleted: [Empty Folder] C:\Users\Lori\appdata\local\{3772E537-51E1-4BEF-9714-5CF0CBEE8571}
Successfully deleted: [Empty Folder] C:\Users\Lori\appdata\local\{3DAE07B2-C87E-4206-A86C-963C1FB20766}
Successfully deleted: [Empty Folder] C:\Users\Lori\appdata\local\{8928DCAC-EA50-4898-91A9-9307606D66A7}
Successfully deleted: [Empty Folder] C:\Users\Lori\appdata\local\{A7A8DA06-27DC-4E74-BBA6-47F9E1B9989C}
Successfully deleted: [Empty Folder] C:\Users\Lori\appdata\local\{CCFB5478-ABEE-4B77-9660-52EA8B07BD18}
Successfully deleted: [Empty Folder] C:\Users\Lori\appdata\local\{D0058DB7-A977-431E-9841-CF5D8E94A671}
Successfully deleted: [Empty Folder] C:\Users\Lori\appdata\local\{E980825B-EFD9-448B-A726-F228BC2A7B54}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/04/2015 at 12:30:40.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:57 PM

Posted 05 February 2015 - 11:16 AM

What's with Step 4? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 downtown1

downtown1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 05 February 2015 - 07:48 PM

I don't know what you mean by Step 4.

And now chrome will work but not IE. 


Edited by downtown1, 05 February 2015 - 07:52 PM.


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:57 PM

Posted 06 February 2015 - 08:28 AM

Hey, :)
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 downtown1

downtown1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 09 February 2015 - 11:03 AM

Here is the file, sorry I took so long but I was out of town over the weekend.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Lori (administrator) on LORI-PC on 08-02-2015 22:23:15
Running from E:\
Loaded Profiles: Lori &  (Available profiles: Lori & Gary)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
() C:\Program Files (x86)\Google\Update\Install\{B510955A-B1A0-40ED-9DF3-A071EF4E6F4C}\40.0.2214.111_40.0.2214.94_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_FCFC4.tmp\setup.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{51AA9F81-E831-4FBC-A09B-D1F47B6545BE}\40.0.2214.111_chrome_installer.exe
(Google Inc.) C:\Windows\Temp\CR_7780D.tmp\setup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
Failed to access process -> instup.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{6CEE66B7-D202-408C-A39C-6FA41D27E3AB}\40.0.2214.111_chrome_installer.exe
(Google Inc.) C:\Windows\Temp\CR_CB4A3.tmp\setup.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
Failed to access process -> dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-04-06] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [73728 2011-11-03] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-02-03] (AVAST Software)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-20] (Google Inc.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-26] (Google Inc.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\MountPoints2: {d7cca0cd-72c5-11e0-b6ba-5cac4c21225b} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-20] (Google Inc.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-26] (Google Inc.)
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d7cca0cd-72c5-11e0-b6ba-5cac4c21225b} - E:\VZAccess_Manager.exe /z detect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742&r=27361110l635l04d4z165v4722150n
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742&r=27361110l635l04d4z165v4722150n
HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS407US407
SearchScopes: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS407US407
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll No File
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-04-17]
FF HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR Profile: C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Skype Click to Call) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-03]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2012-12-13]
CHR Extension: (Google Wallet) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [47776 2010-05-25] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2015-02-03] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [104416 2015-02-03] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-03] (Avast Software)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe" [X]
S2 MySQL; "C:\Program Files (x86)\TABS AutoBiz\mysql\bin\mysqld-nt" MySQL [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [271752 2015-02-03] (Avast Software)
S3 Dot4; system32\DRIVERS\Dot4.sys [X]
S3 dot4usb; system32\DRIVERS\dot4usb.sys [X]
S3 usbscan; system32\DRIVERS\usbscan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-08 22:23 - 2015-02-08 22:23 - 00000282 _____ () C:\Windows\system32\2015-02-09-04-23-17.039-aswFe.exe-9484.log
2015-02-08 11:18 - 2015-02-08 11:20 - 00000000 ____D () C:\4f499c462da7e15f86413f48e116bb26
2015-02-04 19:30 - 2015-02-04 19:30 - 00000199 _____ () C:\Windows\system32\2015-02-05-01-30-43.086-AvastVBoxSVC.exe-3812.log
2015-02-04 18:36 - 2015-02-04 18:36 - 00000199 _____ () C:\Windows\system32\2015-02-05-00-36-32.062-AvastVBoxSVC.exe-4932.log
2015-02-04 18:10 - 2015-02-04 18:10 - 00000282 _____ () C:\Windows\system32\2015-02-05-00-10-01.027-aswFe.exe-7972.log
2015-02-04 14:57 - 2015-02-04 14:57 - 00000199 _____ () C:\Windows\system32\2015-02-04-20-57-06.064-AvastVBoxSVC.exe-2328.log
2015-02-04 14:22 - 2015-02-04 14:22 - 00000199 _____ () C:\Windows\system32\2015-02-04-20-22-54.010-AvastVBoxSVC.exe-5152.log
2015-02-04 13:41 - 2015-02-04 13:42 - 00000199 _____ () C:\Windows\system32\2015-02-04-19-41-53.021-AvastVBoxSVC.exe-5392.log
2015-02-04 12:16 - 2015-02-04 12:16 - 00000199 _____ () C:\Windows\system32\2015-02-04-18-16-05.044-AvastVBoxSVC.exe-3580.log
2015-02-04 11:21 - 2015-02-05 09:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 11:21 - 2015-02-04 11:21 - 00001145 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 11:21 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 11:21 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 11:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 11:18 - 2015-02-04 11:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Lori\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 11:13 - 2015-02-04 11:14 - 00000199 _____ () C:\Windows\system32\2015-02-04-17-13-58.056-AvastVBoxSVC.exe-5304.log
2015-02-04 10:58 - 2015-02-04 14:45 - 00000000 ____D () C:\AdwCleaner
2015-02-04 10:57 - 2015-02-04 10:57 - 00000282 _____ () C:\Windows\system32\2015-02-04-16-57-07.090-aswFe.exe-8552.log
2015-02-04 09:35 - 2015-02-04 09:35 - 00003274 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1565987645-4242153639-3628463870-1000
2015-02-03 20:29 - 2015-02-03 20:29 - 00000199 _____ () C:\Windows\system32\2015-02-04-02-29-26.058-AvastVBoxSVC.exe-3780.log
2015-02-03 18:39 - 2015-02-03 18:39 - 00002040 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-02-03 18:39 - 2015-02-03 18:39 - 00001980 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-02-03 18:39 - 2015-02-03 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-03 18:29 - 2014-11-21 09:00 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-03 18:28 - 2015-02-08 22:24 - 00000000 ____D () C:\FRST
2015-02-03 17:11 - 2015-02-03 17:11 - 00000199 _____ () C:\Windows\system32\2015-02-03-23-11-29.070-AvastVBoxSVC.exe-3968.log
2015-02-01 14:28 - 2015-02-01 14:28 - 00000000 ____D () C:\Users\Gary\AppData\Local\Apple
2015-02-01 12:36 - 2015-02-01 13:15 - 00000000 ____D () C:\Users\Gary\AppData\Local\CrashDumps
2015-02-01 12:34 - 2015-02-01 15:58 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\ControlCenter4
2015-02-01 12:34 - 2015-02-01 12:34 - 00196872 _____ () C:\Users\Gary\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Seagate
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Memeo
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Intel Corporation
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\AVAST Software
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Apple Computer
2015-02-01 12:34 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Local\EgisTec IPS
2015-02-01 12:33 - 2015-02-03 19:01 - 00000000 ____D () C:\Users\Gary
2015-02-01 12:33 - 2015-02-01 15:58 - 00000000 ___RD () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-01 12:33 - 2015-02-01 15:58 - 00000000 ___RD () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-01 12:33 - 2015-02-01 12:34 - 00000000 ____D () C:\Users\Gary\AppData\Local\VirtualStore
2015-02-01 12:33 - 2015-02-01 12:33 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Adobe
2015-02-01 12:33 - 2013-06-25 20:55 - 00000000 ____D () C:\Users\Gary\AppData\LocalGoogle
2015-02-01 12:33 - 2013-06-25 20:54 - 00000000 ____D () C:\Users\Gary\AppData\Local\Google
2015-02-01 12:33 - 2011-11-27 08:40 - 00000000 ____D () C:\Users\Gary\AppData\Local\Microsoft Help
2015-02-01 12:33 - 2010-11-26 07:45 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Macromedia
2015-02-01 12:24 - 2015-02-01 12:25 - 00000985 _____ () C:\ProgramData\hpzinstall.log
2015-02-01 00:57 - 2015-02-04 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-01 00:56 - 2015-02-04 11:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-01 00:56 - 2015-02-01 00:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 00:54 - 2015-02-01 00:54 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Zeon
2015-01-31 13:20 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-31 13:20 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-31 13:20 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-31 13:20 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-31 13:20 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-31 13:20 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-31 13:20 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-31 13:20 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-31 13:19 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-31 13:19 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-31 13:19 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-31 13:19 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-31 13:19 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-31 13:19 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-31 13:19 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-31 13:19 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-31 13:19 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-31 13:19 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-31 13:19 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-31 13:17 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-31 13:17 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-31 12:57 - 2015-01-31 12:57 - 00302011 _____ () C:\Users\Lori\Downloads\WindowsUpdateDiagnostic (2).diagcab
2015-01-31 12:52 - 2015-01-31 12:52 - 00302011 _____ () C:\Users\Lori\Downloads\WindowsUpdateDiagnostic (1).diagcab
2015-01-31 12:45 - 2015-01-31 12:45 - 00302011 _____ () C:\Users\Lori\Downloads\WindowsUpdateDiagnostic.diagcab
2015-01-31 10:29 - 2015-01-31 10:29 - 00000000 ____D () C:\Users\Lori\AppData\Local\Hewlett-Packard
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-08 22:26 - 2010-11-26 09:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 22:25 - 2010-11-26 13:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-08 22:21 - 2009-07-13 23:13 - 00799926 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 22:20 - 2010-11-26 14:10 - 00000000 ____D () C:\Users\Lori\Documents\Outlook Files
2015-02-08 22:17 - 2012-06-15 16:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 22:17 - 2011-09-03 12:12 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Skype
2015-02-08 22:17 - 2010-11-26 09:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 22:17 - 2010-09-23 08:27 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-02-08 11:09 - 2010-09-23 07:53 - 01668271 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 10:54 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 10:54 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 10:37 - 2013-03-18 18:16 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\HpUpdate
2015-02-07 09:38 - 2011-01-04 09:12 - 00000000 ____D () C:\Users\Lori\AppData\Local\CrashDumps
2015-02-07 09:27 - 2013-08-02 07:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-07 09:17 - 2013-03-13 17:54 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-04 19:22 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 19:21 - 2009-07-13 22:51 - 00054920 _____ () C:\Windows\setupact.log
2015-02-04 19:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 14:47 - 2010-09-23 07:50 - 00623608 _____ () C:\Windows\PFRO.log
2015-02-04 08:38 - 2011-09-03 12:16 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 00:58 - 2010-09-23 08:10 - 00000000 ____D () C:\ProgramData\Temp
2015-02-03 19:00 - 2010-11-26 09:34 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 19:00 - 2010-11-26 09:34 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 18:38 - 2010-11-26 23:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-03 18:15 - 2010-11-26 20:43 - 00000000 ____D () C:\Users\Lori
2015-02-03 18:14 - 2009-07-13 22:45 - 00632848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-03 18:09 - 2014-06-25 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-02-03 18:09 - 2014-05-21 08:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-03 18:09 - 2014-04-28 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TABS AutoBiz
2015-02-03 18:09 - 2014-04-28 09:09 - 00000000 ____D () C:\Program Files (x86)\TABS AutoBiz
2015-02-03 18:09 - 2014-04-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
2015-02-03 18:09 - 2013-12-25 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-03 18:09 - 2013-07-05 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-02-03 18:09 - 2013-07-05 13:56 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-03 18:09 - 2013-07-05 13:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-03 18:09 - 2013-06-07 20:25 - 00000000 ____D () C:\Program Files\Java
2015-02-03 18:09 - 2013-05-21 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-03 18:09 - 2013-04-20 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-03 18:09 - 2013-03-14 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-03 18:09 - 2013-02-24 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-03 18:09 - 2013-02-24 18:03 - 00000000 ____D () C:\ProgramData\HP
2015-02-03 18:09 - 2012-12-13 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0
2015-02-03 18:09 - 2012-11-18 19:20 - 00000000 ____D () C:\Windows\Minidump
2015-02-03 18:09 - 2012-04-21 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
2015-02-03 18:09 - 2012-03-23 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
2015-02-03 18:09 - 2012-01-12 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-02-03 18:09 - 2012-01-01 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMA! Pro VPN
2015-02-03 18:09 - 2011-12-11 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012
2015-02-03 18:09 - 2011-10-21 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
2015-02-03 18:09 - 2011-09-03 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-03 18:09 - 2011-05-26 14:52 - 00000000 ____D () C:\Windows\SysWOW64\Reg
2015-02-03 18:09 - 2011-05-26 14:52 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\High Impact eMail 5
2015-02-03 18:09 - 2011-05-26 14:51 - 00000000 ____D () C:\Windows\SysWOW64\MSI
2015-02-03 18:09 - 2011-05-26 14:49 - 00000000 ____D () C:\Users\Lori\Documents\High Impact eMail 5
2015-02-03 18:09 - 2011-05-04 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GolfLogix
2015-02-03 18:09 - 2011-04-15 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BodyMedia
2015-02-03 18:09 - 2010-12-26 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MasterCook 11
2015-02-03 18:09 - 2010-12-26 20:32 - 00000000 ____D () C:\Users\Public\Documents\MasterCook
2015-02-03 18:09 - 2010-11-26 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2015-02-03 18:09 - 2010-11-26 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-03 18:09 - 2010-11-26 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-02-03 18:09 - 2010-11-26 07:44 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Macromedia
2015-02-03 18:09 - 2010-11-26 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
2015-02-03 18:09 - 2010-09-23 08:46 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2015-02-03 18:09 - 2010-09-23 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager
2015-02-03 18:09 - 2010-09-23 08:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-02-03 18:09 - 2010-09-23 08:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2015-02-03 18:09 - 2010-09-23 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Suite
2015-02-03 18:09 - 2010-09-23 07:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2015-02-03 18:09 - 2010-07-20 02:54 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-03 18:09 - 2010-07-20 02:53 - 00000000 ____D () C:\ProgramData\Symantec
2015-02-03 18:09 - 2010-07-20 02:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9
2015-02-03 18:09 - 2010-07-20 02:53 - 00000000 ____D () C:\Program Files (x86)\Symantec
2015-02-03 18:09 - 2010-07-20 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec
2015-02-03 18:09 - 2010-07-20 02:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-02-03 18:09 - 2010-07-20 02:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSobi v2
2015-02-03 18:09 - 2010-07-20 02:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-02-03 18:09 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\servicing
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-03 18:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-03 18:08 - 2012-01-01 11:42 - 00000000 ____D () C:\Program Files (x86)\HMA! Pro VPN
2015-02-03 18:08 - 2011-05-26 14:52 - 00000000 ____D () C:\Program Files (x86)\ACT
2015-02-03 18:08 - 2011-05-26 14:49 - 00000000 ____D () C:\Program Files (x86)\High Impact eMail 5
2015-02-03 18:08 - 2011-05-04 15:13 - 00000000 ____D () C:\Program Files (x86)\GolfLogix
2015-02-03 18:08 - 2011-01-13 11:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-03 18:08 - 2010-07-20 02:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-03 18:07 - 2014-11-21 09:35 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-03 18:07 - 2014-11-21 09:35 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-03 18:07 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-02-03 17:59 - 2012-12-13 23:10 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Nuance
2015-02-03 17:54 - 2014-04-24 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-02-03 17:54 - 2013-01-13 22:25 - 00000000 ____D () C:\ProgramData\Intel
2015-02-03 17:54 - 2011-04-14 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
2015-02-03 17:54 - 2010-07-20 02:53 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-03 17:51 - 2013-02-24 17:46 - 00000000 ____D () C:\Program Files (x86)\HP
2015-02-03 17:51 - 2013-02-24 17:46 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-02-03 17:50 - 2010-11-26 13:10 - 00000000 __RHD () C:\MSOCache
2015-02-03 17:50 - 2010-07-20 03:12 - 00000000 ___HD () C:\OEM
2015-02-03 17:50 - 2010-07-20 02:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-01 16:35 - 2013-12-25 20:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-01 00:15 - 2010-11-26 07:44 - 00196872 _____ () C:\Users\Lori\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 22:31 - 2012-03-23 10:10 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Brother
 
==================== Files in the root of some directories =======
 
2010-11-28 13:35 - 2011-07-19 18:28 - 0024466 _____ () C:\Users\Lori\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-04-09 21:00 - 2013-04-09 21:26 - 0023967 _____ () C:\Users\Lori\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-01-08 19:36 - 2015-02-03 17:10 - 0000053 _____ () C:\Users\Lori\AppData\Roaming\LogFile.txt
2012-12-15 13:36 - 2012-12-16 12:50 - 0002439 _____ () C:\Users\Lori\AppData\Roaming\SAS7_000.DAT
2012-11-11 19:25 - 2012-11-11 19:25 - 0000092 _____ () C:\Users\Lori\AppData\Local\fusioncache.dat
2015-02-01 12:24 - 2015-02-01 12:25 - 0000985 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Lori\AppData\Local\Temp\9C33.exe
C:\Users\Lori\AppData\Local\Temp\ApnStub.exe
C:\Users\Lori\AppData\Local\Temp\COMAP.EXE
C:\Users\Lori\AppData\Local\Temp\Couponscom.exe
C:\Users\Lori\AppData\Local\Temp\d4lv4hly.dll
C:\Users\Lori\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Lori\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Lori\AppData\Local\Temp\PAGEPLUS-X5-EN_15.0.4.027_Patch-Setup.exe
C:\Users\Lori\AppData\Local\Temp\PAGEPLUS-X5-EN_15.0.5.030_Patch-Setup.exe
C:\Users\Lori\AppData\Local\Temp\PAGEPLUS1033_14.0.5.027_Patch-Setup.exe
C:\Users\Lori\AppData\Local\Temp\Quarantine.exe
C:\Users\Lori\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lori\AppData\Local\Temp\sqlite3.dll
C:\Users\Lori\AppData\Local\Temp\_isB9F1.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-26 11:25
 
==================== End Of Log ============================


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:57 PM

Posted 09 February 2015 - 02:12 PM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1565987645-4242153639-3628463870-1000\...\MountPoints2: {d7cca0cd-72c5-11e0-b6ba-5cac4c21225b} - E:\VZAccess_Manager.exe /z detect
    HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d7cca0cd-72c5-11e0-b6ba-5cac4c21225b} - E:\VZAccess_Manager.exe /z detect
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
    BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
    BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll No File
    BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000 -> No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
    Toolbar: HKU\S-1-5-21-1565987645-4242153639-3628463870-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No File
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:57 PM

Posted 14 February 2015 - 07:10 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users