Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A virus will not let me log onto Windows 7. Need help please.


  • This topic is locked This topic is locked
16 replies to this topic

#1 Ccarteraws

Ccarteraws

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 03 February 2015 - 07:33 PM

I am getting a black screen with cursor upon reboot.  I can get a screen to appear after hitting CONROL ALT DELETE but selecting any of the items will not allow me to do anything.  I cannot get logged onto the computer.  This is a decent PC from 2012 that has run fine with no issues until today.

I downloaded the FARBAR RECOVERY SCAN TOOL (FRST) and ran it from a flash drive and got the txt file after running the diagnostic tool.

There is a post from May 2014 that is similar and it instructed the person to download/run this tool and obtain the TXT file.  I have the file for reference for someone who can help.

Looking for some help at this point to get the problem repaired.  



BC AdBot (Login to Remove)

 


m

#2 Ccarteraws

Ccarteraws
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 04 February 2015 - 07:24 AM

Ok:  Here are the scan results (FRST.txt file) after running the Farbar recovery tool:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by SYSTEM on MININT-7CDV454 on 03-02-2015 16:05:19
Running from g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [dlecmon.exe] => C:\Program Files (x86)\Dell P713w\dlecmon.exe [766632 2009-07-10] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell P713w\ezprint.exe [139944 2009-07-10] ()
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\carter\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\carter\...\Run: [Spotify Web Helper] => C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-10] (Spotify Ltd)
HKU\carter\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\carter\...\Run: [Spotify] => C:\Users\carter\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-10] (Spotify Ltd)
HKU\carter\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\carter\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\carter\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\carter\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
AppInit_DLLs-x32: C:/PROGRA~3/{188AF~1/171~1.0/nito.dll => C:/PROGRA~3/{188AF~1/171~1.0/nito.dll [649216 2015-02-03] ()
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk ->  (No File)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 dlecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dlecserv.exe [33448 2009-07-01] ()
S2 dlec_device; C:\Windows\system32\dleccoms.exe [1054888 2009-07-01] ( )
S2 dlec_device; C:\Windows\SysWOW64\dleccoms.exe [602792 2009-07-01] ( )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-01] (Electronic Arts)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 16:03 - 2015-02-03 16:05 - 00000000 ____D () C:\FRST
2015-02-03 10:41 - 2015-02-03 10:43 - 00000000 ____D () C:\Users\carter\AppData\Local\Taplika
2015-02-03 10:39 - 2015-02-03 11:03 - 00000296 _____ () C:\Windows\Tasks\WSE_Taplika.job
2015-02-03 10:39 - 2015-02-03 11:03 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job
2015-02-03 10:39 - 2015-02-03 10:41 - 00000000 ____D () C:\Program Files (x86)\WSE_Taplika
2015-02-03 10:39 - 2015-02-03 10:39 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\carter\Downloads\Adobe_Flash_Setup (1).exe
2015-02-03 10:39 - 2015-02-03 10:39 - 00003240 _____ () C:\Windows\System32\Tasks\WSE_Taplika
2015-02-03 10:39 - 2015-02-03 10:39 - 00003240 _____ () C:\Windows\System32\Tasks\UpdaterEX
2015-02-03 10:39 - 2015-02-03 10:39 - 00000000 ____D () C:\Users\carter\AppData\Roaming\WSE_Taplika
2015-02-03 10:39 - 2015-02-03 10:39 - 00000000 ____D () C:\Users\carter\AppData\Roaming\UpdaterEX
2015-02-03 10:39 - 2015-02-03 10:39 - 00000000 ____D () C:\ProgramData\{188AF049-4808-21CF-F98E-514D290C82C3}
2015-02-03 10:38 - 2015-02-03 10:38 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\carter\Downloads\Adobe_Flash_Setup.exe
2015-02-03 10:31 - 2015-02-03 10:32 - 00000000 ____D () C:\Users\carter\Documents\Mikes Lessons PDFS
2015-02-03 10:20 - 2015-02-03 10:20 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 91d08b64837741d4948b53620ed78e543372264eb7814e618c57cc2970da631e
2015-02-03 10:15 - 2015-02-03 10:15 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 7ea77cf1cd044ffb8d36706dec17175f7c442c27fe8549a89455fc09a0b8afc7
2015-02-02 14:28 - 2015-02-02 14:28 - 00000000 ____D () C:\Users\carter\Desktop\Aria Ins 2015
2015-01-29 07:43 - 2015-01-29 07:43 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 79de254ed90f4c36b79c537d734699278bad217962124737984010c86f5ad17b
2015-01-29 07:42 - 2015-01-29 07:42 - 00921624 _____ () C:\img2-001.raw
2015-01-29 07:35 - 2015-01-29 07:45 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2015-01-29 07:35 - 2015-01-29 07:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2015-01-29 07:35 - 2009-09-04 14:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-29 07:34 - 2009-09-04 14:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-25 11:29 - 2015-01-25 11:29 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 62154507050f4ae5abe7ff2b07734f56c70a52e20efe487d9a093c230b534816
2015-01-22 09:01 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-22 09:01 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-22 09:01 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-22 09:01 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-22 09:01 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-22 09:01 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-22 09:00 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-01-22 09:00 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-01-22 09:00 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-01-22 09:00 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-01-22 09:00 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-22 09:00 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-22 09:00 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-12 12:43 - 2015-01-12 12:43 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 3c32b1fe3442447fa3f6cf2fda4c26dda0e611f0b9ea4077915bef3611fac1d0
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 12:54 - 2012-01-21 14:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 12:54 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 12:54 - 2009-07-13 20:51 - 00052621 _____ () C:\Windows\setupact.log
2015-02-03 12:53 - 2012-01-21 01:06 - 01800161 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 12:51 - 2009-07-13 20:45 - 00029120 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 12:51 - 2009-07-13 20:45 - 00029120 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 12:47 - 2012-01-21 20:13 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-03 12:45 - 2012-01-21 14:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 11:14 - 2012-09-28 18:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 11:03 - 2010-11-20 19:47 - 00136178 _____ () C:\Windows\PFRO.log
2015-02-03 11:01 - 2012-09-08 11:38 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Spotify
2015-02-03 10:45 - 2014-08-15 09:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-03 10:45 - 2014-08-15 09:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-03 10:41 - 2013-09-20 07:55 - 00000000 ____D () C:\ProgramData\AVG2014
2015-02-03 10:39 - 2012-01-21 14:16 - 00002146 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 10:39 - 2012-01-21 10:36 - 00000000 ____D () C:\Users\carter\AppData\Local\Adobe
2015-02-03 10:02 - 2012-09-08 11:40 - 00000000 ____D () C:\Users\carter\AppData\Local\Spotify
2015-01-30 13:40 - 2013-02-03 12:18 - 00001350 _____ () C:\Users\carter\Desktop\ROBLOX Player.lnk
2015-01-30 13:39 - 2014-10-20 11:35 - 00001169 _____ () C:\Users\carter\Desktop\ROBLOX Studio.lnk
2015-01-29 07:40 - 2014-03-10 14:40 - 00000000 ____D () C:\Users\carter\AppData\Roaming\IMVU
2015-01-29 07:40 - 2013-02-09 17:20 - 00000000 ___RD () C:\Users\carter\Dropbox
2015-01-29 07:40 - 2013-02-09 17:18 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Dropbox
2015-01-29 07:39 - 2012-02-12 10:12 - 00027773 _____ () C:\ProgramData\dlecscan.log
2015-01-26 11:17 - 2012-09-28 18:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 11:17 - 2012-07-08 08:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 11:17 - 2012-01-21 10:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 18:37 - 2014-12-20 10:19 - 00000000 ____D () C:\Users\carter\AppData\Roaming\SPORE Creature Creator
2015-01-23 00:05 - 2013-07-14 23:00 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-23 00:00 - 2012-01-20 14:25 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-01-09 06:53 - 2013-09-20 07:56 - 00000884 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
 
Some content of TEMP:
====================
C:\Users\carter\AppData\Local\Temp\avguidx.dll
C:\Users\carter\AppData\Local\Temp\CommonInstaller.exe
C:\Users\carter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsij3pc.dll
C:\Users\carter\AppData\Local\Temp\ICReinstall_Adobe_Flash_Setup.exe
C:\Users\carter\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\Lifecam3.0.204.0.exe
C:\Users\carter\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\carter\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\carter\AppData\Local\Temp\mism.exe
C:\Users\carter\AppData\Local\Temp\nsc8341.exe
C:\Users\carter\AppData\Local\Temp\nshA007.exe
C:\Users\carter\AppData\Local\Temp\nsrA21A.exe
C:\Users\carter\AppData\Local\Temp\nsw8B8E.exe
C:\Users\carter\AppData\Local\Temp\nsx80FF.exe
C:\Users\carter\AppData\Local\Temp\oi_{08737E95-AC23-4B35-A5DA-E6C9E4FE08FD}.exe
C:\Users\carter\AppData\Local\Temp\oi_{460ECB4B-929C-430C-BCD4-EB92DC2127DD}.exe
C:\Users\carter\AppData\Local\Temp\oi_{494CF083-3EB4-4F91-A8D9-08B0C1920317}.exe
C:\Users\carter\AppData\Local\Temp\paint.net.4.0.5.install.exe
C:\Users\carter\AppData\Local\Temp\SPSetup.exe
C:\Users\carter\AppData\Local\Temp\ToolbarInstaller.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-01-05 06:15:19
Restore point made on: 2015-01-12 13:23:07
Restore point made on: 2015-01-20 13:08:03
Restore point made on: 2015-01-23 00:00:34
Restore point made on: 2015-01-29 07:34:54
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8099.41 MB
Available physical RAM: 7287.16 MB
Total Pagefile: 8097.61 MB
Available Pagefile: 7284.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:843.11 GB) NTFS
Drive f: (My Book) (Fixed) (Total:465.64 GB) (Free:434 GB) FAT32
Drive g: () (Removable) (Total:1.88 GB) (Free:1.36 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9786A406)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 8D399BC0)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)
 
========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
 
 
LastRegBack: 2015-02-03 10:01
 
==================== End Of Log ============================


#3 Ccarteraws

Ccarteraws
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 04 February 2015 - 09:53 AM

Here is a complete scan after running the tool in SAFE MODE.  I believe the root of the problem stems from a web browser highjacker called TAPLIKA.com.

Any advice on how to fix would be greatly appreciated!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by carter (administrator) on CARTER-PC on 04-02-2015 09:37:36
Running from C:\Users\carter\Desktop
Loaded Profiles: carter (Available profiles: carter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [dlecmon.exe] => C:\Program Files (x86)\Dell P713w\dlecmon.exe [766632 2009-07-10] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell P713w\ezprint.exe [139944 2009-07-10] ()
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [Spotify Web Helper] => C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [Spotify] => C:\Users\carter\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
AppInit_DLLs-x32: C:/PROGRA~3/{188AF~1/171~1.0/nito.dll => C:/PROGRA~3/{188AF~1/171~1.0/nito.dll [649216 2015-02-03] ()
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\carter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\carter\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP769FD556-54D0-4AC7-93C4-BABD22EE571F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> {16745BF1-C590-49C9-A07F-AC3C5FF954D6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3318151&CUI=UN26961904648907254&UM=2
SearchScopes: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.avg.com/search?cid={917491F6-DF1F-4F05-ACC7-28E8D31F56FE}&mid=d38f49597ab147d1b867e92931760e5e-b232ddfcbd1d0b9f797619028800b606fa9e32b2&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-02-15 00:11:26&v=17.3.1.91&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: IMVU Inc C Toolbar -> {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} -> C:\Program Files (x86)\IMVU_Inc_C\prxtbIMVU.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - IMVU Inc C Toolbar - {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} - C:\Program Files (x86)\IMVU_Inc_C\prxtbIMVU.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> No Name - {F2E99EFD-72DC-4C5D-9F7C-219133FF8E40} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2879477293-1169577584-508307461-1000: @nsroblox.roblox.com/launcher -> C:\Users\carter\AppData\Local\Roblox\Versions\version-5d9b22aa9d594ee1\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2879477293-1169577584-508307461-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\carter\AppData\Local\Roblox\Versions\version-5d9b22aa9d594ee1\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2879477293-1169577584-508307461-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\carter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tlk_dnldstr_15_06_ie&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytB0EyB0A0D0A0AzyzytN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EyCtAtDtB0CyBtG0D0FyEyEtGzz0EyBtBtGtBtDtBzytGtDyB0BtAyD0F0C0EtB0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0BzyyBtAtC0AtG0CyEtByDtGyEtCzytBtG0BtC0F0DtGtD0D0EtByD0DtC0AtBtAyEyD2Q&cr=1299532820&ir=
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tlk_dnldstr_15_06_ie&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytB0EyB0A0D0A0AzyzytN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EyCtAtDtB0CyBtG0D0FyEyEtGzz0EyBtBtGtBtDtBzytGtDyB0BtAyD0F0C0EtB0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0BzyyBtAtC0AtG0CyEtByDtGyEtCzytBtG0BtC0F0DtGtD0D0EtByD0DtC0AtBtAyEyD2Q&cr=1299532820&ir=", "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\PFiles\Plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (We-Care Reminder) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2014-03-22]
CHR Extension: (AVG Security Toolbar) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-08-31]
CHR Extension: (Google Wallet) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (IMVU Inc C) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopdmcnionefjjnmchkiimificckpkif [2014-03-15]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\carter\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2014-03-14]
CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2013-09-27]
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\carter\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2014-03-14]
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 dlecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dlecserv.exe [33448 2009-07-01] ()
S2 dlec_device; C:\Windows\system32\dleccoms.exe [1054888 2009-07-01] ( )
S2 dlec_device; C:\Windows\SysWOW64\dleccoms.exe [602792 2009-07-01] ( )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-01] (Electronic Arts)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 09:37 - 2015-02-04 09:37 - 00021684 _____ () C:\Users\carter\Desktop\FRST.txt
2015-02-04 09:37 - 2015-02-03 15:26 - 02131456 _____ (Farbar) C:\Users\carter\Desktop\FRST64.exe
2015-02-03 21:26 - 2015-02-03 22:04 - 00029932 _____ () C:\Users\carter\Desktop\avgrep.txt
2015-02-03 19:03 - 2015-02-04 09:37 - 00000000 ____D () C:\FRST
2015-02-03 13:41 - 2015-02-03 13:43 - 00000000 ____D () C:\Users\carter\AppData\Local\Taplika
2015-02-03 13:39 - 2015-02-03 14:03 - 00000296 _____ () C:\Windows\Tasks\WSE_Taplika.job
2015-02-03 13:39 - 2015-02-03 14:03 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job
2015-02-03 13:39 - 2015-02-03 13:39 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\carter\Downloads\Adobe_Flash_Setup (1).exe
2015-02-03 13:39 - 2015-02-03 13:39 - 00003240 _____ () C:\Windows\System32\Tasks\WSE_Taplika
2015-02-03 13:39 - 2015-02-03 13:39 - 00003240 _____ () C:\Windows\System32\Tasks\UpdaterEX
2015-02-03 13:39 - 2015-02-03 13:39 - 00000000 ____D () C:\Users\carter\AppData\Roaming\WSE_Taplika
2015-02-03 13:39 - 2015-02-03 13:39 - 00000000 ____D () C:\Users\carter\AppData\Roaming\UpdaterEX
2015-02-03 13:39 - 2015-02-03 13:39 - 00000000 ____D () C:\ProgramData\{188AF049-4808-21CF-F98E-514D290C82C3}
2015-02-03 13:38 - 2015-02-03 13:38 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\carter\Downloads\Adobe_Flash_Setup.exe
2015-02-03 13:31 - 2015-02-03 13:32 - 00000000 ____D () C:\Users\carter\Documents\Mikes Lessons PDFS
2015-02-03 13:20 - 2015-02-03 13:20 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 91d08b64837741d4948b53620ed78e543372264eb7814e618c57cc2970da631e
2015-02-03 13:15 - 2015-02-03 13:15 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 7ea77cf1cd044ffb8d36706dec17175f7c442c27fe8549a89455fc09a0b8afc7
2015-02-02 17:28 - 2015-02-02 17:28 - 00000000 ____D () C:\Users\carter\Desktop\Aria Ins 2015
2015-01-29 10:43 - 2015-01-29 10:43 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 79de254ed90f4c36b79c537d734699278bad217962124737984010c86f5ad17b
2015-01-29 10:42 - 2015-01-29 10:42 - 00921624 _____ () C:\img2-001.raw
2015-01-29 10:36 - 2015-01-29 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2015-01-29 10:35 - 2015-01-29 10:45 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2015-01-29 10:35 - 2015-01-29 10:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2015-01-29 10:35 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-29 10:34 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-25 14:29 - 2015-01-25 14:29 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 62154507050f4ae5abe7ff2b07734f56c70a52e20efe487d9a093c230b534816
2015-01-22 12:01 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-22 12:01 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-22 12:01 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-22 12:01 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-22 12:01 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-22 12:01 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-22 12:00 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-22 12:00 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-22 12:00 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-22 12:00 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-22 12:00 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-22 12:00 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-22 12:00 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-12 15:43 - 2015-01-12 15:43 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 3c32b1fe3442447fa3f6cf2fda4c26dda0e611f0b9ea4077915bef3611fac1d0
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 22:20 - 2012-01-21 04:06 - 01813657 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 22:20 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 22:20 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 22:17 - 2012-01-21 23:13 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-03 22:14 - 2012-01-21 17:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 22:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 22:14 - 2009-07-13 23:51 - 00053181 _____ () C:\Windows\setupact.log
2015-02-03 15:45 - 2012-01-21 17:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 14:14 - 2012-09-28 21:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 14:03 - 2010-11-20 22:47 - 00136178 _____ () C:\Windows\PFRO.log
2015-02-03 14:01 - 2012-09-08 14:38 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Spotify
2015-02-03 13:45 - 2014-08-15 12:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-03 13:45 - 2014-08-15 12:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-03 13:41 - 2013-09-20 10:55 - 00000000 ____D () C:\ProgramData\AVG2014
2015-02-03 13:39 - 2012-01-21 17:16 - 00002146 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 13:39 - 2012-01-21 13:36 - 00000000 ____D () C:\Users\carter\AppData\Local\Adobe
2015-02-03 13:02 - 2012-09-08 14:40 - 00000000 ____D () C:\Users\carter\AppData\Local\Spotify
2015-01-30 16:40 - 2013-02-03 15:18 - 00001350 _____ () C:\Users\carter\Desktop\ROBLOX Player.lnk
2015-01-30 16:40 - 2013-02-03 15:16 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-01-30 16:39 - 2014-10-20 14:35 - 00001169 _____ () C:\Users\carter\Desktop\ROBLOX Studio.lnk
2015-01-29 10:40 - 2014-03-10 17:40 - 00000000 ____D () C:\Users\carter\AppData\Roaming\IMVU
2015-01-29 10:40 - 2013-02-09 20:20 - 00000000 ___RD () C:\Users\carter\Dropbox
2015-01-29 10:40 - 2013-02-09 20:18 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Dropbox
2015-01-29 10:39 - 2012-02-12 13:12 - 00027773 _____ () C:\ProgramData\dlecscan.log
2015-01-26 14:17 - 2012-09-28 21:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 14:17 - 2012-07-08 11:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 14:17 - 2012-01-21 13:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 21:37 - 2014-12-20 13:19 - 00000000 ____D () C:\Users\carter\AppData\Roaming\SPORE Creature Creator
2015-01-23 03:05 - 2013-07-15 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-23 03:00 - 2012-01-20 17:25 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 09:53 - 2014-04-05 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-09 09:53 - 2013-09-20 10:56 - 00000884 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
 
==================== Files in the root of some directories =======
 
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\carter\AppData\Local\setup.txt
2014-10-14 14:19 - 2014-10-14 14:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-02-12 13:08 - 2012-02-12 13:08 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-02-12 13:14 - 2012-09-02 09:24 - 0000178 _____ () C:\ProgramData\dlec.log
2013-11-14 12:57 - 2013-11-14 13:12 - 0000248 _____ () C:\ProgramData\dlecDiagnostics.log
2012-02-12 13:14 - 2014-09-25 16:12 - 0086604 _____ () C:\ProgramData\dlecJSW.log
2012-02-12 13:12 - 2015-01-29 10:39 - 0027773 _____ () C:\ProgramData\dlecscan.log
2012-02-12 13:14 - 2012-02-12 13:14 - 0000252 _____ () C:\ProgramData\FastPics.log
2012-02-12 13:08 - 2012-02-12 13:08 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-02-03 22:09 - 2014-02-03 22:09 - 0325968 _____ () C:\ProgramData\SPL1A3E.tmp
2014-05-18 11:50 - 2014-05-18 11:50 - 0893472 _____ () C:\ProgramData\SPL3F18.tmp
2013-11-08 17:22 - 2013-11-08 17:22 - 1853589 _____ () C:\ProgramData\SPL5AF9.tmp
2014-01-28 14:47 - 2014-01-28 14:47 - 0277335 _____ () C:\ProgramData\SPL6C9D.tmp
2014-05-07 20:24 - 2014-05-07 20:24 - 0012978 _____ () C:\ProgramData\SPL7D25.tmp
2014-04-22 18:20 - 2014-04-22 18:20 - 0341596 _____ () C:\ProgramData\SPL9DF.tmp
2014-09-25 16:24 - 2014-09-25 16:24 - 0152894 _____ () C:\ProgramData\SPLA746.tmp
2014-04-05 09:22 - 2014-04-05 09:22 - 1347376 _____ () C:\ProgramData\SPLB8F3.tmp
2014-03-05 08:06 - 2014-03-05 08:06 - 0052976 _____ () C:\ProgramData\SPLC8B2.tmp
2014-09-25 16:01 - 2014-09-25 16:01 - 1660428 _____ () C:\ProgramData\SPLF67E.tmp
2014-05-17 16:09 - 2014-05-17 16:09 - 0248133 _____ () C:\ProgramData\SPLF999.tmp
2012-02-12 13:08 - 2012-02-12 13:08 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some content of TEMP:
====================
C:\Users\carter\AppData\Local\Temp\avguidx.dll
C:\Users\carter\AppData\Local\Temp\CommonInstaller.exe
C:\Users\carter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsij3pc.dll
C:\Users\carter\AppData\Local\Temp\ICReinstall_Adobe_Flash_Setup.exe
C:\Users\carter\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\carter\AppData\Local\Temp\Lifecam3.0.204.0.exe
C:\Users\carter\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\carter\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\carter\AppData\Local\Temp\mism.exe
C:\Users\carter\AppData\Local\Temp\nsc8341.exe
C:\Users\carter\AppData\Local\Temp\nshA007.exe
C:\Users\carter\AppData\Local\Temp\nsrA21A.exe
C:\Users\carter\AppData\Local\Temp\nsw8B8E.exe
C:\Users\carter\AppData\Local\Temp\nsx80FF.exe
C:\Users\carter\AppData\Local\Temp\oi_{08737E95-AC23-4B35-A5DA-E6C9E4FE08FD}.exe
C:\Users\carter\AppData\Local\Temp\oi_{460ECB4B-929C-430C-BCD4-EB92DC2127DD}.exe
C:\Users\carter\AppData\Local\Temp\oi_{494CF083-3EB4-4F91-A8D9-08B0C1920317}.exe
C:\Users\carter\AppData\Local\Temp\paint.net.4.0.5.install.exe
C:\Users\carter\AppData\Local\Temp\SPSetup.exe
C:\Users\carter\AppData\Local\Temp\ToolbarInstaller.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 13:01
 
==================== End Of Log ============================


#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:05 PM

Posted 05 February 2015 - 10:25 AM

Hello Ccateraws,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Lastly, please give me some time to review the logs you have submitted. :)

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 Ccarteraws

Ccarteraws
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 05 February 2015 - 02:28 PM

Cody - thanks for the reply.  Standing by waiting for instructions on a fix.  I have other computers fortunately I can use.  Also have backed up files in safe mode to an external HD.



#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:05 PM

Posted 08 February 2015 - 08:45 AM

Hello Ccateraws,

 

Please read over and do the following.  :)

 

Since you can only successfully boot into Safe Mode, the following directions will have to be done there.

 

============================================================

:step1: Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs-x32: C:/PROGRA~3/{188AF~1/171~1.0/nito.dll => C:/PROGRA~3/{188AF~1/171~1.0/nito.dll [649216 2015-02-03] ()
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://taplika.com/results.php?f=4&q={searchTerms}&a=tlk_dnldstr_15_06_ie&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytB0EyB0A0D0A0AzyzytN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EyCtAtDtB0CyBtG0D0FyEyEtGzz0EyBtBtGtBtDtBzytGtDyB0BtAyD0F0C0EtB0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0BzyyBtAtC0AtG0CyEtByDtGyEtCzytBtG0BtC0F0DtGtD0D0EtByD0DtC0AtBtAyEyD2Q&cr=1299532820&ir=
SearchScopes: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP769FD556-54D0-4AC7-93C4-BABD22EE571F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> {16745BF1-C590-49C9-A07F-AC3C5FF954D6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3318151&CUI=UN26961904648907254&UM=2
SearchScopes: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.avg.com/search?cid={917491F6-DF1F-4F05-ACC7-28E8D31F56FE}&mid=d38f49597ab147d1b867e92931760e5e-b232ddfcbd1d0b9f797619028800b606fa9e32b2&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-02-15 00:11:26&v=17.3.1.91&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://taplika.com/results.php?f=4&q={searchTerms}&a=tlk_dnldstr_15_06_ie&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytB0EyB0A0D0A0AzyzytN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EyCtAtDtB0CyBtG0D0FyEyEtGzz0EyBtBtGtBtDtBzytGtDyB0BtAyD0F0C0EtB0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0BzyyBtAtC0AtG0CyEtByDtGyEtCzytBtG0BtC0F0DtGtD0D0EtByD0DtC0AtBtAyEyD2Q&cr=1299532820&ir=
SearchScopes: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
HO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: IMVU Inc C Toolbar -> {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} -> C:\Program Files (x86)\IMVU_Inc_C\prxtbIMVU.dll (Conduit Ltd.)
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tlk_dnldstr_15_06_ie&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytB0EyB0A0D0A0AzyzytN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EyCtAtDtB0CyBtG0D0FyEyEtGzz0EyBtBtGtBtDtBzytGtDyB0BtAyD0F0C0EtB0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0BzyyBtAtC0AtG0CyEtByDtGyEtCzytBtG0BtC0F0DtGtD0D0EtByD0DtC0AtBtAyEyD2Q&cr=1299532820&ir=
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tlk_dnldstr_15_06_ie&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytB0EyB0A0D0A0AzyzytN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EyCtAtDtB0CyBtG0D0FyEyEtGzz0EyBtBtGtBtDtBzytGtDyB0BtAyD0F0C0EtB0C0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0BzyyBtAtC0AtG0CyEtByDtGyEtCzytBtG0BtC0F0DtGtD0D0EtByD0DtC0AtBtAyEyD2Q&cr=1299532820&ir=", "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\gcswf32.dll No File
CHR Extension: (We-Care Reminder) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2014-03-22]
CHR Extension: (IMVU Inc C) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopdmcnionefjjnmchkiimificckpkif [2014-03-15]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\carter\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2014-03-14]
CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2013-09-27]
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\carter\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2014-03-14]
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

============================================================

 

:step2: Attempt to Boot Into Windows Normally

 

Now try to boot into Window normally.

 

If you're able to boot into Window normally, please do Step 3 below.

 

============================================================

 

:step3: Farbar Recovery Scan Tool (FRST) With Addition.txt

  • Launch FRST.
  • Check the Addition.txt radio button.
  • Click the Scan button.
  • A new FRST.txt log and Addition.txt log will be produced. Include the contents of this log in your next post.

Edited by TheShooter93, 08 February 2015 - 08:45 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 Ccarteraws

Ccarteraws
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 09 February 2015 - 04:23 PM

Ok.  Ran Fix and it booted back into Windows O/S fine.  Here are the scan two files you requested I paste into my replies:

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by carter at 2015-02-09 16:18:38
Running from C:\Users\carter\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dell P713w (HKLM\...\Dell P713w) (Version:  - Dell, Inc.)
Dell Toolbar (HKLM-x32\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - )
Dropbox (HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Extended Update (HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IMVU Avatar Chat Software (HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\IMVU Avatar chat client software BETA) (Version:  - )
IMVU Inc C Toolbar for IE (HKLM-x32\...\IECT3318151) (Version: 6.17.2.8 - IMVU Inc C)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2761 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
ROBLOX Player for carter (HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for carter (HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SavetheChildren Reminder by We-Care.com v4.1.26.4 (HKLM-x32\...\{26B4D0E1-6F6D-48DF-8719-80276A259F7E}) (Version: 4.1.26.4 - We-Care.com)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SPORE™ Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Spotify (HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Unity Web Player (HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2879477293-1169577584-508307461-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\carter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2879477293-1169577584-508307461-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\carter\AppData\Local\Roblox\Versions\version-5d9b22aa9d594ee1\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2879477293-1169577584-508307461-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2879477293-1169577584-508307461-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2879477293-1169577584-508307461-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2879477293-1169577584-508307461-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2879477293-1169577584-508307461-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2879477293-1169577584-508307461-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2879477293-1169577584-508307461-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2879477293-1169577584-508307461-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
05-01-2015 09:15:02 Scheduled Checkpoint
12-01-2015 16:22:54 Scheduled Checkpoint
20-01-2015 16:06:17 Scheduled Checkpoint
23-01-2015 03:00:23 Windows Update
29-01-2015 10:34:37 Installed DirectX
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2012-08-31 10:12 - 00444231 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A3DD7D0-EA7E-49D9-B015-91B138335DFD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0A5C2C77-7EC9-4688-B1DE-B077B23FF27D} - System32\Tasks\HP AR Program Upload - 62154507050f4ae5abe7ff2b07734f56c70a52e20efe487d9a093c230b534816 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {0CD4EDB6-3E90-4E57-94F3-F7F35E4278C6} - System32\Tasks\UpdaterEX => C:\Users\carter\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {3F7BF2B0-0484-4685-A0E2-DD056393D885} - System32\Tasks\HP AR Program Upload - 3c32b1fe3442447fa3f6cf2fda4c26dda0e611f0b9ea4077915bef3611fac1d0 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {72816C1A-11A2-4E9E-BD7B-78D56D1E488F} - System32\Tasks\HP AR Program Upload - 91d08b64837741d4948b53620ed78e543372264eb7814e618c57cc2970da631e => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {785D69F0-9813-492F-9778-2491B58F5DC5} - System32\Tasks\HP AR Program Upload - f6122266da864babb836089414f70fbd6995ff2a39a54844aa7a4a5f07b6efe1 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A1080DAF-BCBC-4B97-9D6B-1600D774F860} - System32\Tasks\WSE_Taplika => C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\UpdateTask.exe [2015-02-03] () <==== ATTENTION
Task: {A8289F56-F4C2-4D0A-952E-BFCC490D8AF7} - System32\Tasks\HP AR Program Upload - 79de254ed90f4c36b79c537d734699278bad217962124737984010c86f5ad17b => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A9C9AAED-87A6-45A0-B263-42C384610DFB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
Task: {D2B89200-B644-4D7F-8BB4-A8F6CA0F1B95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {D9180A51-19A8-4D28-9549-3BF3F8583EF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {DE34B209-C9F9-43AE-A0BF-E23670CC0549} - System32\Tasks\HP AR Program Upload - 7ea77cf1cd044ffb8d36706dec17175f7c442c27fe8549a89455fc09a0b8afc7 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\carter\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Taplika.job => C:\Users\carter\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2012-02-12 13:13 - 2009-06-19 04:01 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlecdrpp.dll
2014-08-11 16:08 - 2014-08-11 16:07 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2012-02-12 13:10 - 2009-07-10 10:53 - 00766632 _____ () C:\Program Files (x86)\Dell P713w\dlecmon.exe
2012-02-12 13:10 - 2009-07-10 10:53 - 00139944 _____ () C:\Program Files (x86)\Dell P713w\ezprint.exe
2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-15 00:11 - 2014-08-25 16:02 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-11 16:08 - 2014-08-11 16:07 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2012-02-12 13:09 - 2009-05-26 15:21 - 00086118 _____ () C:\Program Files (x86)\Dell P713w\dleccfg.dll
2012-02-12 13:10 - 2009-05-29 09:08 - 00389120 _____ () C:\Program Files (x86)\Dell P713w\dlecscw.dll
2012-02-12 13:10 - 2009-03-25 10:10 - 00192512 _____ () C:\Program Files (x86)\Dell P713w\dlecdatr.dll
2012-02-12 13:10 - 2009-05-29 09:09 - 01159168 _____ () C:\Program Files (x86)\Dell P713w\dlecDRS.dll
2012-02-12 13:10 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Dell P713w\dleccaps.dll
2012-02-12 13:10 - 2009-03-05 12:55 - 00059904 _____ () C:\Program Files (x86)\Dell P713w\dleccnv4.dll
2012-02-12 13:10 - 2009-06-22 08:08 - 00708608 _____ () C:\Program Files (x86)\Dell P713w\Epwizard.DLL
2012-02-12 13:10 - 2009-06-22 08:06 - 00159744 _____ () C:\Program Files (x86)\Dell P713w\customui.dll
2012-02-12 13:10 - 2009-06-22 08:06 - 00114688 _____ () C:\Program Files (x86)\Dell P713w\Eputil.DLL
2012-02-12 13:10 - 2009-06-22 08:05 - 00139264 _____ () C:\Program Files (x86)\Dell P713w\Imagutil.DLL
2012-02-12 13:10 - 2009-06-22 08:06 - 00061440 _____ () C:\Program Files (x86)\Dell P713w\Epfunct.DLL
2012-02-12 13:10 - 2009-06-22 08:08 - 02203648 _____ () C:\Program Files (x86)\Dell P713w\EPWizRes.dll
2012-02-12 13:10 - 2009-06-22 08:08 - 00045056 _____ () C:\Program Files (x86)\Dell P713w\epstring.dll
2012-02-12 13:10 - 2009-06-22 08:08 - 00196608 _____ () C:\Program Files (x86)\Dell P713w\EPOEMDll.dll
2012-02-12 13:10 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Dell P713w\iptk.dll
2012-02-12 13:10 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Dell P713w\dlecptp.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\carter\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-09 16:10 - 2015-02-09 16:10 - 00043008 _____ () c:\users\carter\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg_h_dk.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\carter\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\carter\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\carter\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-02-15 00:11 - 2014-03-20 17:42 - 01603608 _____ () C:\Program Files (x86)\AVG Secure Search\TBAPI.dll
2011-01-17 16:19 - 2012-02-20 17:14 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-02-04 10:50 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2015-01-30 23:35 - 2015-01-26 22:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-30 23:35 - 2015-01-26 22:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-30 23:35 - 2015-01-26 22:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\carter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2879477293-1169577584-508307461-500 - Administrator - Disabled)
carter (S-1-5-21-2879477293-1169577584-508307461-1000 - Administrator - Enabled) => C:\Users\carter
Guest (S-1-5-21-2879477293-1169577584-508307461-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2879477293-1169577584-508307461-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/09/2015 04:11:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/04/2015 06:38:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/04/2015 06:35:05 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Installed DirectX). Additional information: 0x80070005.
 
Error: (02/04/2015 06:22:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/04/2015 06:15:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2015 10:22:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2015 10:16:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2015 10:05:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (02/03/2015 05:22:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2015 05:17:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/09/2015 04:09:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dlecCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (02/09/2015 04:09:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the dlecCATSCustConnectService service to connect.
 
Error: (02/09/2015 04:07:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/09/2015 04:07:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/09/2015 04:07:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/09/2015 04:07:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/09/2015 04:07:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/09/2015 04:07:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/09/2015 04:06:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/09/2015 04:06:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (02/09/2015 04:11:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/04/2015 06:38:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/04/2015 06:35:05 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Installed DirectX0x80070005
 
Error: (02/04/2015 06:22:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/04/2015 06:15:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2015 10:22:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2015 10:16:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2015 10:05:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (02/03/2015 05:22:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2015 05:17:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 28%
Total physical RAM: 8099.41 MB
Available physical RAM: 5762.03 MB
Total Pagefile: 16197.01 MB
Available Pagefile: 13852.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:846.52 GB) NTFS
Drive e: (My Book) (Fixed) (Total:465.64 GB) (Free:418.9 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9786A406)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 8D399BC0)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)
 
==================== End Of Log ============================

Here is FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by carter (administrator) on CARTER-PC on 09-02-2015 16:17:56
Running from C:\Users\carter\Desktop
Loaded Profiles: carter (Available profiles: carter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dleccoms.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Dell P713w\dlecmon.exe
() C:\Program Files (x86)\Dell P713w\ezprint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Spotify Ltd) C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\carter\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [dlecmon.exe] => C:\Program Files (x86)\Dell P713w\dlecmon.exe [766632 2009-07-10] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell P713w\ezprint.exe [139944 2009-07-10] ()
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [Spotify Web Helper] => C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [Spotify] => C:\Users\carter\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\carter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\carter\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> No Name - {F2E99EFD-72DC-4C5D-9F7C-219133FF8E40} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2879477293-1169577584-508307461-1000: @nsroblox.roblox.com/launcher -> C:\Users\carter\AppData\Local\Roblox\Versions\version-5d9b22aa9d594ee1\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2879477293-1169577584-508307461-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\carter\AppData\Local\Roblox\Versions\version-5d9b22aa9d594ee1\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2879477293-1169577584-508307461-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\carter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
 
Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\PFiles\Plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AVG Security Toolbar) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-08-31]
CHR Extension: (Google Wallet) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx [Not Found]
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 dlecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dlecserv.exe [33448 2009-07-01] ()
R2 dlec_device; C:\Windows\system32\dleccoms.exe [1054888 2009-07-01] ( )
R2 dlec_device; C:\Windows\SysWOW64\dleccoms.exe [602792 2009-07-01] ( )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-01] (Electronic Arts)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-09 16:07 - 2015-02-09 16:07 - 00000000 ____D () C:\Users\carter\Desktop\FRST-OlderVersion
2015-02-04 09:44 - 2015-02-04 09:44 - 00007539 _____ () C:\Users\carter\Desktop\Search.txt
2015-02-04 09:38 - 2015-02-04 09:38 - 00027491 _____ () C:\Users\carter\Desktop\Addition.txt
2015-02-04 09:37 - 2015-02-09 16:18 - 00020003 _____ () C:\Users\carter\Desktop\FRST.txt
2015-02-04 09:37 - 2015-02-09 16:07 - 02132992 _____ (Farbar) C:\Users\carter\Desktop\FRST64.exe
2015-02-03 21:26 - 2015-02-04 19:22 - 00029519 _____ () C:\Users\carter\Desktop\avgrep.txt
2015-02-03 19:03 - 2015-02-09 16:17 - 00000000 ____D () C:\FRST
2015-02-03 13:41 - 2015-02-03 13:43 - 00000000 ____D () C:\Users\carter\AppData\Local\Taplika
2015-02-03 13:39 - 2015-02-03 14:03 - 00000296 _____ () C:\Windows\Tasks\WSE_Taplika.job
2015-02-03 13:39 - 2015-02-03 14:03 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job
2015-02-03 13:39 - 2015-02-03 13:39 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\carter\Downloads\Adobe_Flash_Setup (1).exe
2015-02-03 13:39 - 2015-02-03 13:39 - 00003240 _____ () C:\Windows\System32\Tasks\WSE_Taplika
2015-02-03 13:39 - 2015-02-03 13:39 - 00003240 _____ () C:\Windows\System32\Tasks\UpdaterEX
2015-02-03 13:39 - 2015-02-03 13:39 - 00000000 ____D () C:\Users\carter\AppData\Roaming\WSE_Taplika
2015-02-03 13:39 - 2015-02-03 13:39 - 00000000 ____D () C:\Users\carter\AppData\Roaming\UpdaterEX
2015-02-03 13:39 - 2015-02-03 13:39 - 00000000 ____D () C:\ProgramData\{188AF049-4808-21CF-F98E-514D290C82C3}
2015-02-03 13:38 - 2015-02-03 13:38 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\carter\Downloads\Adobe_Flash_Setup.exe
2015-02-03 13:31 - 2015-02-03 13:32 - 00000000 ____D () C:\Users\carter\Documents\Mikes Lessons PDFS
2015-02-03 13:20 - 2015-02-03 13:20 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 91d08b64837741d4948b53620ed78e543372264eb7814e618c57cc2970da631e
2015-02-03 13:15 - 2015-02-03 13:15 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 7ea77cf1cd044ffb8d36706dec17175f7c442c27fe8549a89455fc09a0b8afc7
2015-02-02 17:28 - 2015-02-02 17:28 - 00000000 ____D () C:\Users\carter\Desktop\Aria Ins 2015
2015-01-29 10:43 - 2015-01-29 10:43 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 79de254ed90f4c36b79c537d734699278bad217962124737984010c86f5ad17b
2015-01-29 10:42 - 2015-01-29 10:42 - 00921624 _____ () C:\img2-001.raw
2015-01-29 10:36 - 2015-02-04 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2015-01-29 10:35 - 2015-02-04 21:32 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2015-01-29 10:35 - 2015-02-04 21:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2015-01-29 10:35 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-29 10:34 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-25 14:29 - 2015-01-25 14:29 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 62154507050f4ae5abe7ff2b07734f56c70a52e20efe487d9a093c230b534816
2015-01-22 12:01 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-22 12:01 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-22 12:01 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-22 12:01 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-22 12:01 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-22 12:01 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-22 12:00 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-22 12:00 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-22 12:00 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-22 12:00 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-22 12:00 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-22 12:00 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-22 12:00 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-12 15:43 - 2015-01-12 15:43 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 3c32b1fe3442447fa3f6cf2fda4c26dda0e611f0b9ea4077915bef3611fac1d0
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-09 16:17 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 16:17 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 16:15 - 2012-09-28 21:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-09 16:15 - 2012-09-28 21:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 16:15 - 2012-07-08 11:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-09 16:15 - 2012-01-21 23:13 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-09 16:15 - 2012-01-21 13:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-09 16:15 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 16:14 - 2012-01-21 04:06 - 01856925 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 16:11 - 2013-02-09 20:20 - 00000000 ___RD () C:\Users\carter\Dropbox
2015-02-09 16:11 - 2013-02-09 20:18 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Dropbox
2015-02-09 16:10 - 2014-03-10 17:40 - 00000000 ____D () C:\Users\carter\AppData\Roaming\IMVU
2015-02-09 16:10 - 2012-09-08 14:38 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Spotify
2015-02-09 16:10 - 2012-02-12 13:12 - 00027883 _____ () C:\ProgramData\dlecscan.log
2015-02-09 16:09 - 2014-03-22 17:34 - 00000000 ____D () C:\ProgramData\WeCareReminder
2015-02-09 16:09 - 2012-01-21 17:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 16:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 16:09 - 2009-07-13 23:51 - 00053349 _____ () C:\Windows\setupact.log
2015-02-09 16:07 - 2014-03-15 07:37 - 00000000 ____D () C:\Users\carter\AppData\Local\CRE
2015-02-05 12:19 - 2012-09-08 14:40 - 00000000 ____D () C:\Users\carter\AppData\Local\Spotify
2015-02-04 21:32 - 2014-08-15 12:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-04 21:32 - 2014-08-15 12:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-04 21:32 - 2014-04-05 09:32 - 00000000 ____D () C:\Users\carter\Desktop\FUSB3_allOS_2.1.28.1_PV
2015-02-04 21:32 - 2014-03-15 07:38 - 00000000 ____D () C:\Program Files (x86)\IMVU_Inc_C
2015-02-04 21:32 - 2013-02-03 15:16 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-02-04 21:32 - 2012-01-21 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 21:32 - 2012-01-20 12:08 - 00000000 ____D () C:\Users\carter
2015-02-04 21:32 - 2011-04-12 03:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-04 21:32 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-02-04 21:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-04 21:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-04 18:41 - 2013-09-20 10:56 - 00001122 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2015-02-03 15:45 - 2012-01-21 17:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 14:03 - 2010-11-20 22:47 - 00136178 _____ () C:\Windows\PFRO.log
2015-02-03 13:41 - 2013-09-20 10:55 - 00000000 ____D () C:\ProgramData\AVG2014
2015-02-03 13:39 - 2012-01-21 17:16 - 00002146 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 13:39 - 2012-01-21 13:36 - 00000000 ____D () C:\Users\carter\AppData\Local\Adobe
2015-01-30 16:40 - 2013-02-03 15:18 - 00001350 _____ () C:\Users\carter\Desktop\ROBLOX Player.lnk
2015-01-30 16:39 - 2014-10-20 14:35 - 00001169 _____ () C:\Users\carter\Desktop\ROBLOX Studio.lnk
2015-01-25 21:37 - 2014-12-20 13:19 - 00000000 ____D () C:\Users\carter\AppData\Roaming\SPORE Creature Creator
2015-01-23 03:05 - 2013-07-15 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-23 03:00 - 2012-01-20 17:25 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\carter\AppData\Local\setup.txt
2014-10-14 14:19 - 2014-10-14 14:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-02-12 13:08 - 2012-02-12 13:08 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-02-12 13:14 - 2012-09-02 09:24 - 0000178 _____ () C:\ProgramData\dlec.log
2013-11-14 12:57 - 2013-11-14 13:12 - 0000248 _____ () C:\ProgramData\dlecDiagnostics.log
2012-02-12 13:14 - 2014-09-25 16:12 - 0086604 _____ () C:\ProgramData\dlecJSW.log
2012-02-12 13:12 - 2015-02-09 16:10 - 0027883 _____ () C:\ProgramData\dlecscan.log
2012-02-12 13:14 - 2012-02-12 13:14 - 0000252 _____ () C:\ProgramData\FastPics.log
2012-02-12 13:08 - 2012-02-12 13:08 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-02-03 22:09 - 2014-02-03 22:09 - 0325968 _____ () C:\ProgramData\SPL1A3E.tmp
2014-05-18 11:50 - 2014-05-18 11:50 - 0893472 _____ () C:\ProgramData\SPL3F18.tmp
2013-11-08 17:22 - 2013-11-08 17:22 - 1853589 _____ () C:\ProgramData\SPL5AF9.tmp
2014-01-28 14:47 - 2014-01-28 14:47 - 0277335 _____ () C:\ProgramData\SPL6C9D.tmp
2014-05-07 20:24 - 2014-05-07 20:24 - 0012978 _____ () C:\ProgramData\SPL7D25.tmp
2014-04-22 18:20 - 2014-04-22 18:20 - 0341596 _____ () C:\ProgramData\SPL9DF.tmp
2014-09-25 16:24 - 2014-09-25 16:24 - 0152894 _____ () C:\ProgramData\SPLA746.tmp
2014-04-05 09:22 - 2014-04-05 09:22 - 1347376 _____ () C:\ProgramData\SPLB8F3.tmp
2014-03-05 08:06 - 2014-03-05 08:06 - 0052976 _____ () C:\ProgramData\SPLC8B2.tmp
2014-09-25 16:01 - 2014-09-25 16:01 - 1660428 _____ () C:\ProgramData\SPLF67E.tmp
2014-05-17 16:09 - 2014-05-17 16:09 - 0248133 _____ () C:\ProgramData\SPLF999.tmp
2012-02-12 13:08 - 2012-02-12 13:08 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some content of TEMP:
====================
C:\Users\carter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg_h_dk.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 13:01
 
==================== End Of Log ============================


#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:05 PM

Posted 10 February 2015 - 02:37 PM

Hello Ccateraws,
 
Glad to hear you were able to boot into Windows normally!
 
Now to make some more progress...please do the following.
 
=================================================================

:exclame: Note that there are legitimate programs from Yahoo! included in the uninstall recommendations below. If you use any of these products feel free to keep them installed. If you do not use them, I suggest continuing with the uninstall procedure.

:step1: Uninstall Programs Using Programs and Features

  • Press and hold the Windows key + R on your keyboard.
  • In the Run box type appwiz.cpl and hit Enter.
  • Select the following programs and click Uninstall.
    • Extended Update
    • Yahoo! Messenger
    • Yahoo! Software Update
    • Yahoo! Toolbar
  • Reboot your computer.

=================================================================

:step2: Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
Toolbar: HKLM-x32 - No Name - {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} -  No File
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> No Name - {F2E99EFD-72DC-4C5D-9F7C-219133FF8E40} -  No File
2015-02-03 13:41 - 2015-02-03 13:43 - 00000000 ____D () C:\Users\carter\AppData\Local\Taplika
2015-02-03 13:39 - 2015-02-03 14:03 - 00000296 _____ () C:\Windows\Tasks\WSE_Taplika.job
2015-02-03 13:39 - 2015-02-03 13:39 - 00003240 _____ () C:\Windows\System32\Tasks\WSE_Taplika
2015-02-03 13:39 - 2015-02-03 13:39 - 00000000 ____D () C:\Users\carter\AppData\Roaming\WSE_Taplika
2015-02-03 13:39 - 2015-02-03 13:39 - 00000000 ____D () C:\ProgramData\{188AF049-4808-21CF-F98E-514D290C82C3}
Task: {A1080DAF-BCBC-4B97-9D6B-1600D774F860} - System32\Tasks\WSE_Taplika => C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\UpdateTask.exe [2015-02-03] () <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Taplika.job => C:\Users\carter\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

=================================================================

:step3: Malwarebytes Antimalware
 

GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, remove the checkmark next to Enable free trial of Malwarebytes Anti-Malware Premium and keep the checkmark next to Launch Malwarebytes Anti-Malware, then click Finish.
  • Once launched it will automatically scan for updates. If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the Scan tab at the top.
  • Select Threat Scan and click Scan Now >>.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

=================================================================

:step4: Farbar Recovery Scan Tool (FRST)

  • Launch FRST.
  • Click the Scan button.
  • A new FRST.txt log will be produced. Include the contents of this log in your next post.

=================================================================

What I'd like to see in your next post:   :thumbsup2:

  • Confirmation of what programs were successfully uninstalled.
  • Fixlog.txt.
  • MBAM log.
  • FRST.txt.

Edited by TheShooter93, 10 February 2015 - 02:38 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 Ccarteraws

Ccarteraws
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 11 February 2015 - 11:38 AM

I did all you suggested and will post the logs in 3 separate entries.  THANKS a TON for your help!  Please advise with next steps.  Everything seems "normal" now except that upon launching Google Chrome "Taplika" continues to be the default browser.  This is a result of the malware.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 01
Ran by carter (administrator) on CARTER-PC on 11-02-2015 11:35:34
Running from C:\Users\carter\Desktop
Loaded Profiles: carter (Available profiles: carter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dleccoms.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Dell P713w\dlecmon.exe
() C:\Program Files (x86)\Dell P713w\ezprint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Spotify Ltd) C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\carter\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [dlecmon.exe] => C:\Program Files (x86)\Dell P713w\dlecmon.exe [766632 2009-07-10] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell P713w\ezprint.exe [139944 2009-07-10] ()
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [Spotify Web Helper] => C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [Spotify] => C:\Users\carter\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\carter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\carter\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2879477293-1169577584-508307461-1000: @nsroblox.roblox.com/launcher -> C:\Users\carter\AppData\Local\Roblox\Versions\version-5d9b22aa9d594ee1\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2879477293-1169577584-508307461-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\carter\AppData\Local\Roblox\Versions\version-5d9b22aa9d594ee1\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2879477293-1169577584-508307461-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\carter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=&cd=&cr=&ir="
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\PFiles\Plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AVG Security Toolbar) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-08-31]
CHR Extension: (Google Wallet) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 dlecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dlecserv.exe [33448 2009-07-01] ()
R2 dlec_device; C:\Windows\system32\dleccoms.exe [1054888 2009-07-01] ( )
R2 dlec_device; C:\Windows\SysWOW64\dleccoms.exe [602792 2009-07-01] ( )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-01] (Electronic Arts)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-11 11:03 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 11:03 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 11:03 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 11:02 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 11:02 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 11:02 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 11:02 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 11:02 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 11:02 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 11:02 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 11:02 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 11:02 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 11:02 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 11:02 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 11:02 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 11:02 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 11:02 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 11:02 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 11:02 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 11:02 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 11:02 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 11:02 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 11:02 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 11:02 - 2015-01-11 21:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 11:02 - 2015-01-11 21:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 11:02 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 11:02 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 11:02 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 11:02 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 11:02 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 11:02 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 11:02 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 11:02 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 11:02 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 11:02 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 11:02 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 11:02 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 11:02 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 11:02 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 11:02 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 11:02 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 11:02 - 2015-01-11 20:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 11:02 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 11:02 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 11:02 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 11:02 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 11:02 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 11:02 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 11:02 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 11:02 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 11:02 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 11:02 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 11:02 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 11:02 - 2015-01-11 20:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 11:02 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 11:02 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 11:02 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 11:02 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 11:02 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 11:02 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 11:02 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 11:02 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 11:02 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 11:02 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 10:57 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 10:57 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 10:57 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 10:57 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 10:57 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 10:57 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 10:57 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 10:57 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 10:57 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 10:57 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 10:57 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 10:57 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 10:57 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 10:57 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 10:57 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 10:57 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 10:57 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 10:57 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 10:57 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 10:57 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 10:57 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 10:57 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 10:57 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 10:57 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 10:57 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 10:57 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 10:57 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 10:56 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 10:56 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 10:56 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 10:56 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 10:56 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 10:56 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 10:56 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 10:56 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 10:56 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 10:55 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 10:54 - 2015-02-11 10:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 10:54 - 2015-02-11 10:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-11 10:54 - 2015-02-11 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-11 10:54 - 2015-02-11 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-11 10:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-11 10:54 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-11 10:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-11 10:49 - 2015-02-11 10:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\carter\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-11 07:49 - 2015-02-11 07:49 - 00022528 _____ () C:\Users\carter\AppData\Local\dsisetup1428132992.exe
2015-02-11 07:49 - 2015-02-11 07:49 - 00000010 _____ () C:\Users\carter\AppData\Local\DSI.DAT
2015-02-10 09:00 - 2015-02-10 08:58 - 00244673 _____ () C:\Users\carter\Documents\AviruswillnotletmelogontoWindows7NeedhelppleasepageNumber-VirusTrojanSpywareandMalwareRemovalLogs.html
2015-02-10 08:58 - 2015-02-10 08:58 - 00244673 _____ () C:\Users\carter\Downloads\AviruswillnotletmelogontoWindows7NeedhelppleasepageNumber-VirusTrojanSpywareandMalwareRemovalLogs.html
2015-02-09 16:39 - 2015-02-11 07:49 - 00000128 _____ () C:\Users\carter\AppData\Roaming\WB.CFG
2015-02-09 16:07 - 2015-02-11 10:48 - 00000000 ____D () C:\Users\carter\Desktop\FRST-OlderVersion
2015-02-04 09:44 - 2015-02-04 09:44 - 00007539 _____ () C:\Users\carter\Desktop\Search.txt
2015-02-04 09:38 - 2015-02-09 16:19 - 00030566 _____ () C:\Users\carter\Desktop\Addition.txt
2015-02-04 09:37 - 2015-02-11 11:35 - 00019378 _____ () C:\Users\carter\Desktop\FRST.txt
2015-02-04 09:37 - 2015-02-11 10:48 - 02134016 _____ (Farbar) C:\Users\carter\Desktop\FRST64.exe
2015-02-03 21:26 - 2015-02-04 19:22 - 00029519 _____ () C:\Users\carter\Desktop\avgrep.txt
2015-02-03 19:03 - 2015-02-11 11:35 - 00000000 ____D () C:\FRST
2015-02-03 13:39 - 2015-02-11 11:18 - 00000000 ____D () C:\Users\carter\AppData\Roaming\UpdaterEX
2015-02-03 13:39 - 2015-02-11 10:40 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job
2015-02-03 13:39 - 2015-02-03 13:39 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\carter\Downloads\Adobe_Flash_Setup (1).exe
2015-02-03 13:39 - 2015-02-03 13:39 - 00003240 _____ () C:\Windows\System32\Tasks\UpdaterEX
2015-02-03 13:38 - 2015-02-03 13:38 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\carter\Downloads\Adobe_Flash_Setup.exe
2015-02-03 13:31 - 2015-02-03 13:32 - 00000000 ____D () C:\Users\carter\Documents\Mikes Lessons PDFS
2015-02-03 13:20 - 2015-02-03 13:20 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 91d08b64837741d4948b53620ed78e543372264eb7814e618c57cc2970da631e
2015-02-03 13:15 - 2015-02-03 13:15 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 7ea77cf1cd044ffb8d36706dec17175f7c442c27fe8549a89455fc09a0b8afc7
2015-02-02 17:28 - 2015-02-02 17:28 - 00000000 ____D () C:\Users\carter\Desktop\Aria Ins 2015
2015-01-29 10:43 - 2015-01-29 10:43 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 79de254ed90f4c36b79c537d734699278bad217962124737984010c86f5ad17b
2015-01-29 10:42 - 2015-01-29 10:42 - 00921624 _____ () C:\img2-001.raw
2015-01-29 10:36 - 2015-02-04 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2015-01-29 10:35 - 2015-02-04 21:32 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2015-01-29 10:35 - 2015-02-04 21:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2015-01-29 10:35 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-29 10:34 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-25 14:29 - 2015-01-25 14:29 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 62154507050f4ae5abe7ff2b07734f56c70a52e20efe487d9a093c230b534816
2015-01-22 12:01 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-22 12:01 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-22 12:01 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-22 12:01 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-22 12:01 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-22 12:01 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 15:43 - 2015-01-12 15:43 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 3c32b1fe3442447fa3f6cf2fda4c26dda0e611f0b9ea4077915bef3611fac1d0
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-11 11:35 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 11:35 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 11:31 - 2014-03-10 17:40 - 00000000 ____D () C:\Users\carter\AppData\Roaming\IMVU
2015-02-11 11:31 - 2013-02-09 20:20 - 00000000 ___RD () C:\Users\carter\Dropbox
2015-02-11 11:31 - 2013-02-09 20:18 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Dropbox
2015-02-11 11:31 - 2012-09-08 14:38 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Spotify
2015-02-11 11:30 - 2012-02-12 13:12 - 00028103 _____ () C:\ProgramData\dlecscan.log
2015-02-11 11:30 - 2012-01-21 17:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 11:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 11:29 - 2009-07-13 23:51 - 00053461 _____ () C:\Windows\setupact.log
2015-02-11 11:29 - 2009-07-13 23:45 - 00315544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 11:28 - 2014-12-10 03:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 11:28 - 2014-05-01 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 11:28 - 2010-11-20 22:47 - 00157848 _____ () C:\Windows\PFRO.log
2015-02-11 11:27 - 2012-01-21 04:06 - 01568241 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 11:22 - 2013-07-15 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 11:22 - 2012-01-20 17:25 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 11:18 - 2014-03-22 17:32 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2015-02-11 11:18 - 2014-03-15 07:38 - 00000000 ____D () C:\ProgramData\Conduit
2015-02-11 11:18 - 2014-03-15 07:38 - 00000000 ____D () C:\Program Files (x86)\IMVU_Inc_C
2015-02-11 11:14 - 2012-09-28 21:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 10:54 - 2012-08-31 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-11 10:52 - 2012-01-21 17:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 10:50 - 2012-01-21 23:13 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-11 10:49 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-11 10:42 - 2012-02-04 10:50 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-02-11 10:42 - 2012-02-04 10:46 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-02-09 17:14 - 2012-09-28 21:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-09 17:14 - 2012-07-08 11:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-09 17:14 - 2012-01-21 13:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-09 16:55 - 2012-01-21 17:16 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-09 16:47 - 2012-01-21 17:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 16:47 - 2012-01-21 17:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-09 16:07 - 2014-03-15 07:37 - 00000000 ____D () C:\Users\carter\AppData\Local\CRE
2015-02-05 12:19 - 2012-09-08 14:40 - 00000000 ____D () C:\Users\carter\AppData\Local\Spotify
2015-02-04 21:32 - 2014-08-15 12:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-04 21:32 - 2014-08-15 12:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-04 21:32 - 2014-04-05 09:32 - 00000000 ____D () C:\Users\carter\Desktop\FUSB3_allOS_2.1.28.1_PV
2015-02-04 21:32 - 2013-02-03 15:16 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-02-04 21:32 - 2012-01-21 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 21:32 - 2012-01-20 12:08 - 00000000 ____D () C:\Users\carter
2015-02-04 21:32 - 2011-04-12 03:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-04 21:32 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-02-04 21:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-04 21:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-04 18:41 - 2013-09-20 10:56 - 00001122 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2015-02-03 13:41 - 2013-09-20 10:55 - 00000000 ____D () C:\ProgramData\AVG2014
2015-02-03 13:39 - 2012-01-21 13:36 - 00000000 ____D () C:\Users\carter\AppData\Local\Adobe
2015-01-30 16:40 - 2013-02-03 15:18 - 00001350 _____ () C:\Users\carter\Desktop\ROBLOX Player.lnk
2015-01-30 16:39 - 2014-10-20 14:35 - 00001169 _____ () C:\Users\carter\Desktop\ROBLOX Studio.lnk
2015-01-25 21:37 - 2014-12-20 13:19 - 00000000 ____D () C:\Users\carter\AppData\Roaming\SPORE Creature Creator
 
==================== Files in the root of some directories =======
 
2015-02-09 16:39 - 2015-02-11 07:49 - 0000128 _____ () C:\Users\carter\AppData\Roaming\WB.CFG
2015-02-11 07:49 - 2015-02-11 07:49 - 0000010 _____ () C:\Users\carter\AppData\Local\DSI.DAT
2015-02-11 07:49 - 2015-02-11 07:49 - 0022528 _____ () C:\Users\carter\AppData\Local\dsisetup1428132992.exe
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\carter\AppData\Local\setup.txt
2014-10-14 14:19 - 2014-10-14 14:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-02-12 13:08 - 2012-02-12 13:08 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-02-12 13:14 - 2012-09-02 09:24 - 0000178 _____ () C:\ProgramData\dlec.log
2013-11-14 12:57 - 2013-11-14 13:12 - 0000248 _____ () C:\ProgramData\dlecDiagnostics.log
2012-02-12 13:14 - 2014-09-25 16:12 - 0086604 _____ () C:\ProgramData\dlecJSW.log
2012-02-12 13:12 - 2015-02-11 11:30 - 0028103 _____ () C:\ProgramData\dlecscan.log
2012-02-12 13:14 - 2012-02-12 13:14 - 0000252 _____ () C:\ProgramData\FastPics.log
2012-02-12 13:08 - 2012-02-12 13:08 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-02-03 22:09 - 2014-02-03 22:09 - 0325968 _____ () C:\ProgramData\SPL1A3E.tmp
2014-05-18 11:50 - 2014-05-18 11:50 - 0893472 _____ () C:\ProgramData\SPL3F18.tmp
2013-11-08 17:22 - 2013-11-08 17:22 - 1853589 _____ () C:\ProgramData\SPL5AF9.tmp
2014-01-28 14:47 - 2014-01-28 14:47 - 0277335 _____ () C:\ProgramData\SPL6C9D.tmp
2014-05-07 20:24 - 2014-05-07 20:24 - 0012978 _____ () C:\ProgramData\SPL7D25.tmp
2014-04-22 18:20 - 2014-04-22 18:20 - 0341596 _____ () C:\ProgramData\SPL9DF.tmp
2014-09-25 16:24 - 2014-09-25 16:24 - 0152894 _____ () C:\ProgramData\SPLA746.tmp
2014-04-05 09:22 - 2014-04-05 09:22 - 1347376 _____ () C:\ProgramData\SPLB8F3.tmp
2014-03-05 08:06 - 2014-03-05 08:06 - 0052976 _____ () C:\ProgramData\SPLC8B2.tmp
2014-09-25 16:01 - 2014-09-25 16:01 - 1660428 _____ () C:\ProgramData\SPLF67E.tmp
2014-05-17 16:09 - 2014-05-17 16:09 - 0248133 _____ () C:\ProgramData\SPLF999.tmp
2012-02-12 13:08 - 2012-02-12 13:08 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some content of TEMP:
====================
C:\Users\carter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeivu9k.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 13:01
 
==================== End Of Log ============================


#10 Ccarteraws

Ccarteraws
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 11 February 2015 - 11:41 AM

I uninstalled all programs listed except for Yahoo Msngr.  We use that from time to time.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/11/2015
Scan Time: 10:55:52 AM
Logfile: Malwarebyteslog.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.11.05
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: carter
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361881
Time Elapsed: 16 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 27
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [74bd2bf2fb8f85b1ac0629da719206fa], 
PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [74bd2bf2fb8f85b1ac0629da719206fa], 
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B60591CD-AA25-4261-B05A-77826471C0A3}, Quarantined, [74bd2bf2fb8f85b1ac0629da719206fa], 
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [74bd2bf2fb8f85b1ac0629da719206fa], 
PUP.Optional.WeCare.A, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [ee434fce99f18ea824b3b686b0533ec2], 
PUP.Optional.WeCare.A, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [ee434fce99f18ea824b3b686b0533ec2], 
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D2580209-EBD1-477B-A9A9-4171D6E8958C}, Quarantined, [6bc60b1291f9b97db04447e857a907f9], 
PUP.Optional.Conduit, HKLM\SOFTWARE\CLASSES\Toolbar.CT3318151, Quarantined, [6bc60b1291f9b97db04447e857a907f9], 
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3318151, Quarantined, [6bc60b1291f9b97db04447e857a907f9], 
PUP.Optional.Conduit, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D2580209-EBD1-477B-A9A9-4171D6E8958C}, Quarantined, [6bc60b1291f9b97db04447e857a907f9], 
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D2580209-EBD1-477B-A9A9-4171D6E8958C}, Quarantined, [6bc60b1291f9b97db04447e857a907f9], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Quarantined, [b37e7e9fd2b81c1acd695e36f50eda26], 
PUP.Optional.Taplika.A, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Taplika Browser, Quarantined, [2d04a17cf89221151692a5ea29da4bb5], 
PUP.Optional.WeCare, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wecarereminder, Quarantined, [4be688955535ea4c789e92194cb78c74], 
PUP.Optional.Taplika.A, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_taplika, Quarantined, [939eef2eaedc1e18c2e6533c699a0df3], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [e34e94897713c6704c07d0c7a55e946c], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [a88969b45535b38320cd5245976cd828], 
PUP.Optional.ValueApps.A, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, Quarantined, [7eb3f22bc3c7ee487f30bf15cd3603fd], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [ec45ea33d0ba69cd7fbd00d4c04324dc], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [f938ed30aedc9a9c8d9c569436ceb44c], 
PUP.Optional.WeCare, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [6dc44bd24b3fa096de41b2f9ee1516ea], 
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IECT3318151, Quarantined, [77ba7ca164265cda979098ba29dab24e], 
PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F773BB94-6C19-4643-A570-0E429103D1C3}, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B60591CD-AA25-4261-B05A-77826471C0A3}, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
 
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2879477293-1169577584-508307461-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0U1N2S1K1M, Quarantined, [f938ed30aedc9a9c8d9c569436ceb44c]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 12
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, Quarantined, [77ba7ca164265cda979098ba29dab24e], 
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3318151, Quarantined, [77ba7ca164265cda979098ba29dab24e], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.Updater.A, C:\Users\carter\AppData\Roaming\UpdaterEX\UpdateProc, Quarantined, [33fe54c990fada5ca504d19c23e002fe], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults\preferences, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
 
Files: 70
PUP.Optional.WeCare, C:\ProgramData\WeCareReminder\IEMenuItem.dll, Quarantined, [74bd2bf2fb8f85b1ac0629da719206fa], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\ReminderHelper.exe, Quarantined, [76bb86970387b87e7fd6f8276b95bd43], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\WCAutoUpdate.exe, Quarantined, [7ab7100dcac00d29480e30ef996748b8], 
PUP.Optional.Conduit, C:\Program Files (x86)\IMVU_Inc_C\hk64tbIMVU.dll, Quarantined, [1918100db7d371c542b2e14e728e6898], 
PUP.Optional.Conduit, C:\Program Files (x86)\IMVU_Inc_C\hktbIMVU.dll, Quarantined, [3001f528622803333db76dc23bc5be42], 
PUP.Optional.Conduit.A, C:\Program Files (x86)\IMVU_Inc_C\IMVU_Inc_CToolbarHelper.exe, Quarantined, [3ff28a938dfd68ce17992df1f40ca957], 
PUP.Optional.Conduit, C:\Program Files (x86)\IMVU_Inc_C\ldrtbIMVU.dll, Quarantined, [fb36d746692172c4fef673bcb749f808], 
PUP.Optional.Conduit, C:\Program Files (x86)\IMVU_Inc_C\prxtbIMVU.dll, Quarantined, [6bc60b1291f9b97db04447e857a907f9], 
PUP.Optional.Conduit, C:\Program Files (x86)\IMVU_Inc_C\tbIMVU.dll, Quarantined, [69c88f8e008ac96df8fc73bcba4643bd], 
PUP.Optional.Conduit.A, C:\Program Files (x86)\OpenDownloaderManager\spd.exe, Quarantined, [a28fd845c0ca1e1822411b284cb5ad53], 
PUP.Optional.WeCare.A, C:\Program Files (x86)\OpenDownloaderManager\wecarenew.msi, Quarantined, [c968d944107a49edf362a47b60a0718f], 
PUP.Optional.Downware, C:\Users\carter\Downloads\Setup_ODM (3).exe, Quarantined, [11207f9e1674979f265beae233ce2dd3], 
PUP.Optional.Downware, C:\Users\carter\Downloads\Setup_ODM (4).exe, Quarantined, [d75a2bf21b6f58de433e5874d928fe02], 
PUP.Optional.Conduit.A, C:\Users\carter\AppData\Local\Conduit\CT3318151\IMVU_Inc_CAutoUpdateHelper.exe, Quarantined, [e64bf825f99126104868fe2051af05fb], 
PUP.Optional.WeCare.A, C:\Windows\Installer\2f77dd71.msi, Quarantined, [1918eb325e2cda5c13428996a35d7b85], 
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3318151\configutaion.json, Quarantined, [77ba7ca164265cda979098ba29dab24e], 
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3318151\SetupIcon.ico, Quarantined, [77ba7ca164265cda979098ba29dab24e], 
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3318151\UninstallerUI.exe, Quarantined, [77ba7ca164265cda979098ba29dab24e], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\1.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\407.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\4489.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\450.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\9491.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\a.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\b.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\c.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\d.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\e.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\f.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\g.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\h.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\i.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\j.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\k.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\l.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\m.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\mru.xml, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\n.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\o.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\p.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\q.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\r.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\s.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\t.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\u.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\v.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\w.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\wlu.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\x.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\y.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.PriceGong.A, C:\Users\carter\AppData\LocalLow\PriceGong\Data\z.txt, Quarantined, [989971ac0d7d2b0bc74173e2946f57a9], 
PUP.Optional.Updater.A, C:\Users\carter\AppData\Roaming\UpdaterEX\UpdateProc\config.dat, Quarantined, [33fe54c990fada5ca504d19c23e002fe], 
PUP.Optional.Updater.A, C:\Users\carter\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat, Quarantined, [33fe54c990fada5ca504d19c23e002fe], 
PUP.Optional.Updater.A, C:\Users\carter\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe, Quarantined, [33fe54c990fada5ca504d19c23e002fe], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\IEMenuItemPS.dll, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\IEToolMenuDisable.exe, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\MerchantHash.json, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\savethechildren.bmp, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome.manifest, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\install.rdf, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\wecarereminder.jar, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo\default_serp.gif, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo\wecare_logo.bmp, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\httpModifyListener.js, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.idl, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.js, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.xpt, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults\preferences\wecarereminder.js, Quarantined, [5ed3ff1ebdcdbc7abfd681ff1ee5da26], 
 
Physical Sectors: 0
(No malicious items detected)
 
 

(end) 


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 01
Ran by carter at 2015-02-11 10:48:32 Run:2
Running from C:\Users\carter\Desktop
Loaded Profiles: carter (Available profiles: carter)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
Toolbar: HKLM-x32 - No Name - {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} -  No File
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> No Name - {F2E99EFD-72DC-4C5D-9F7C-219133FF8E40} -  No File
2015-02-03 13:41 - 2015-02-03 13:43 - 00000000 ____D () C:\Users\carter\AppData\Local\Taplika
2015-02-03 13:39 - 2015-02-03 14:03 - 00000296 _____ () C:\Windows\Tasks\WSE_Taplika.job
2015-02-03 13:39 - 2015-02-03 13:39 - 00003240 _____ () C:\Windows\System32\Tasks\WSE_Taplika
2015-02-03 13:39 - 2015-02-03 13:39 - 00000000 ____D () C:\Users\carter\AppData\Roaming\WSE_Taplika
2015-02-03 13:39 - 2015-02-03 13:39 - 00000000 ____D () C:\ProgramData\{188AF049-4808-21CF-F98E-514D290C82C3}
Task: {A1080DAF-BCBC-4B97-9D6B-1600D774F860} - System32\Tasks\WSE_Taplika => C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\UpdateTask.exe [2015-02-03] () <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Taplika.job => C:\Users\carter\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
*****************
 
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WSE_Taplika => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{f2e99efd-72dc-4c5d-9f7c-219133ff8e40} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{f2e99efd-72dc-4c5d-9f7c-219133ff8e40} => Key not found. 
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40} => value deleted successfully.
HKCR\CLSID\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40} => Key not found. 
C:\Users\carter\AppData\Local\Taplika => Moved successfully.
C:\Windows\Tasks\WSE_Taplika.job => Moved successfully.
C:\Windows\System32\Tasks\WSE_Taplika => Moved successfully.
C:\Users\carter\AppData\Roaming\WSE_Taplika => Moved successfully.
C:\ProgramData\{188AF049-4808-21CF-F98E-514D290C82C3} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1080DAF-BCBC-4B97-9D6B-1600D774F860}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1080DAF-BCBC-4B97-9D6B-1600D774F860}" => Key deleted successfully.
C:\Windows\System32\Tasks\WSE_Taplika not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Taplika" => Key deleted successfully.
C:\Windows\Tasks\WSE_Taplika.job not found.
 
==== End of Fixlog 10:48:37 ====


#11 Ccarteraws

Ccarteraws
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 11 February 2015 - 11:44 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 01
Ran by carter at 2015-02-11 10:48:32 Run:2
Running from C:\Users\carter\Desktop
Loaded Profiles: carter (Available profiles: carter)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
Toolbar: HKLM-x32 - No Name - {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} -  No File
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> No Name - {F2E99EFD-72DC-4C5D-9F7C-219133FF8E40} -  No File
2015-02-03 13:41 - 2015-02-03 13:43 - 00000000 ____D () C:\Users\carter\AppData\Local\Taplika
2015-02-03 13:39 - 2015-02-03 14:03 - 00000296 _____ () C:\Windows\Tasks\WSE_Taplika.job
2015-02-03 13:39 - 2015-02-03 13:39 - 00003240 _____ () C:\Windows\System32\Tasks\WSE_Taplika
2015-02-03 13:39 - 2015-02-03 13:39 - 00000000 ____D () C:\Users\carter\AppData\Roaming\WSE_Taplika
2015-02-03 13:39 - 2015-02-03 13:39 - 00000000 ____D () C:\ProgramData\{188AF049-4808-21CF-F98E-514D290C82C3}
Task: {A1080DAF-BCBC-4B97-9D6B-1600D774F860} - System32\Tasks\WSE_Taplika => C:\Users\carter\AppData\Roaming\WSE_Taplika\UpdateProc\UpdateTask.exe [2015-02-03] () <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Taplika.job => C:\Users\carter\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
*****************
 
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WSE_Taplika => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{f2e99efd-72dc-4c5d-9f7c-219133ff8e40} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{f2e99efd-72dc-4c5d-9f7c-219133ff8e40} => Key not found. 
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40} => value deleted successfully.
HKCR\CLSID\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40} => Key not found. 
C:\Users\carter\AppData\Local\Taplika => Moved successfully.
C:\Windows\Tasks\WSE_Taplika.job => Moved successfully.
C:\Windows\System32\Tasks\WSE_Taplika => Moved successfully.
C:\Users\carter\AppData\Roaming\WSE_Taplika => Moved successfully.
C:\ProgramData\{188AF049-4808-21CF-F98E-514D290C82C3} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1080DAF-BCBC-4B97-9D6B-1600D774F860}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1080DAF-BCBC-4B97-9D6B-1600D774F860}" => Key deleted successfully.
C:\Windows\System32\Tasks\WSE_Taplika not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Taplika" => Key deleted successfully.
C:\Windows\Tasks\WSE_Taplika.job not found.
 
==== End of Fixlog 10:48:37 ====


#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:05 PM

Posted 13 February 2015 - 08:52 AM

Hello Ccateraws,

THANKS a TON for your help!  Please advise with next steps.

You're welcome.  :)
 
Here they are. 
 
================================================
 
Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=&cd=&cr=&ir="
2014-02-03 22:09 - 2014-02-03 22:09 - 0325968 _____ () C:\ProgramData\SPL1A3E.tmp
2014-05-18 11:50 - 2014-05-18 11:50 - 0893472 _____ () C:\ProgramData\SPL3F18.tmp
2013-11-08 17:22 - 2013-11-08 17:22 - 1853589 _____ () C:\ProgramData\SPL5AF9.tmp
2014-01-28 14:47 - 2014-01-28 14:47 - 0277335 _____ () C:\ProgramData\SPL6C9D.tmp
2014-05-07 20:24 - 2014-05-07 20:24 - 0012978 _____ () C:\ProgramData\SPL7D25.tmp
2014-04-22 18:20 - 2014-04-22 18:20 - 0341596 _____ () C:\ProgramData\SPL9DF.tmp
2014-09-25 16:24 - 2014-09-25 16:24 - 0152894 _____ () C:\ProgramData\SPLA746.tmp
2014-04-05 09:22 - 2014-04-05 09:22 - 1347376 _____ () C:\ProgramData\SPLB8F3.tmp
2014-03-05 08:06 - 2014-03-05 08:06 - 0052976 _____ () C:\ProgramData\SPLC8B2.tmp
2014-09-25 16:01 - 2014-09-25 16:01 - 1660428 _____ () C:\ProgramData\SPLF67E.tmp
2014-05-17 16:09 - 2014-05-17 16:09 - 0248133 _____ () C:\ProgramData\SPLF999.tmp
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

================================================
 
Farbar Recovery Scan Tool (FRST)

  • Launch FRST.
  • Click the Scan button.
  • A new FRST.txt log will be produced. Include the contents of this log in your next post.

================================================

Change Google Chrome's Startup Page

  • In the top-right corner of your window, click the Chrome menu 
  • Select Settings. (If you're using a Chromebook, click "Show advanced settings" at the bottom of the page.)
  • Under "On startup," click Open a specific page or set of pages.
  • Click the link Set pages.
  • Enter the web address of the page you want to see when you open Chrome.
  • Press the "X" next to any pages you don't want to see when you open Chrome.
  • Click OK.

================================================

Update Java
 
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:

  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.

================================================

Adobe Reader

Your Adobe Reader is out of date.

Outdated versions of this software can be exploited for malicious purposes, so it is important to keep updated.

Download and install the latest version of Adobe Reader.

================================================
 

What I'd like to see in your next post:   :thumbsup2:

  • Fixlog.txt.
  • FRST.txt.
  • Confirmation Google Chrome's startup page has been fixed.
  • Confirmation Java has been updated.
  • Confirmation Adobe Reader has been updated.

Edited by TheShooter93, 13 February 2015 - 08:53 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 Ccarteraws

Ccarteraws
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 13 February 2015 - 10:01 AM

Results from today's repairs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 01
Ran by carter at 2015-02-13 10:01:01 Run:3
Running from C:\Users\carter\Desktop
Loaded Profiles: carter (Available profiles: carter)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=&cd=&cr=&ir="
2014-02-03 22:09 - 2014-02-03 22:09 - 0325968 _____ () C:\ProgramData\SPL1A3E.tmp
2014-05-18 11:50 - 2014-05-18 11:50 - 0893472 _____ () C:\ProgramData\SPL3F18.tmp
2013-11-08 17:22 - 2013-11-08 17:22 - 1853589 _____ () C:\ProgramData\SPL5AF9.tmp
2014-01-28 14:47 - 2014-01-28 14:47 - 0277335 _____ () C:\ProgramData\SPL6C9D.tmp
2014-05-07 20:24 - 2014-05-07 20:24 - 0012978 _____ () C:\ProgramData\SPL7D25.tmp
2014-04-22 18:20 - 2014-04-22 18:20 - 0341596 _____ () C:\ProgramData\SPL9DF.tmp
2014-09-25 16:24 - 2014-09-25 16:24 - 0152894 _____ () C:\ProgramData\SPLA746.tmp
2014-04-05 09:22 - 2014-04-05 09:22 - 1347376 _____ () C:\ProgramData\SPLB8F3.tmp
2014-03-05 08:06 - 2014-03-05 08:06 - 0052976 _____ () C:\ProgramData\SPLC8B2.tmp
2014-09-25 16:01 - 2014-09-25 16:01 - 1660428 _____ () C:\ProgramData\SPLF67E.tmp
2014-05-17 16:09 - 2014-05-17 16:09 - 0248133 _____ () C:\ProgramData\SPLF999.tmp
*****************
 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 
Chrome StartupUrls deleted successfully.
C:\ProgramData\SPL1A3E.tmp => Moved successfully.
C:\ProgramData\SPL3F18.tmp => Moved successfully.
C:\ProgramData\SPL5AF9.tmp => Moved successfully.
C:\ProgramData\SPL6C9D.tmp => Moved successfully.
C:\ProgramData\SPL7D25.tmp => Moved successfully.
C:\ProgramData\SPL9DF.tmp => Moved successfully.
C:\ProgramData\SPLA746.tmp => Moved successfully.
C:\ProgramData\SPLB8F3.tmp => Moved successfully.
C:\ProgramData\SPLC8B2.tmp => Moved successfully.
C:\ProgramData\SPLF67E.tmp => Moved successfully.
C:\ProgramData\SPLF999.tmp => Moved successfully.
 
==== End of Fixlog 10:01:01 ====


#14 Ccarteraws

Ccarteraws
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 13 February 2015 - 10:03 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 01
Ran by carter (administrator) on CARTER-PC on 13-02-2015 10:02:25
Running from C:\Users\carter\Desktop
Loaded Profiles: carter (Available profiles: carter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dleccoms.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Dell P713w\dlecmon.exe
() C:\Program Files (x86)\Dell P713w\ezprint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Spotify Ltd) C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\carter\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Spotify Ltd) C:\Users\carter\AppData\Roaming\Spotify\spotify.exe
() C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [dlecmon.exe] => C:\Program Files (x86)\Dell P713w\dlecmon.exe [766632 2009-07-10] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell P713w\ezprint.exe [139944 2009-07-10] ()
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [Spotify Web Helper] => C:\Users\carter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [Spotify] => C:\Users\carter\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\carter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\carter\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2879477293-1169577584-508307461-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2879477293-1169577584-508307461-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2879477293-1169577584-508307461-1000: @nsroblox.roblox.com/launcher -> C:\Users\carter\AppData\Local\Roblox\Versions\version-5d9b22aa9d594ee1\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2879477293-1169577584-508307461-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\carter\AppData\Local\Roblox\Versions\version-5d9b22aa9d594ee1\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2879477293-1169577584-508307461-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\carter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
 
Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\PFiles\Plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AVG Security Toolbar) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-08-31]
CHR Extension: (Google Wallet) - C:\Users\carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 dlecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dlecserv.exe [33448 2009-07-01] ()
R2 dlec_device; C:\Windows\system32\dleccoms.exe [1054888 2009-07-01] ( )
R2 dlec_device; C:\Windows\SysWOW64\dleccoms.exe [602792 2009-07-01] ( )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-01] (Electronic Arts)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-12 10:57 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 10:57 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 10:57 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 10:57 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 11:03 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 11:03 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 11:03 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 11:02 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 11:02 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 11:02 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 11:02 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 11:02 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 11:02 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 11:02 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 11:02 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 11:02 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 11:02 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 11:02 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 11:02 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 11:02 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 11:02 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 11:02 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 11:02 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 11:02 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 11:02 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 11:02 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 11:02 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 11:02 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 11:02 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 11:02 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 11:02 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 11:02 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 11:02 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 11:02 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 11:02 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 11:02 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 11:02 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 11:02 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 11:02 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 11:02 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 11:02 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 11:02 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 11:02 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 11:02 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 11:02 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 11:02 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 11:02 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 11:02 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 11:02 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 11:02 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 11:02 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 11:02 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 11:02 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 11:02 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 11:02 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 11:02 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 11:02 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 11:02 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 11:02 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 11:02 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 11:02 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 11:02 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 11:02 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 11:02 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 11:02 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 11:02 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 10:57 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 10:57 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 10:57 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 10:57 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 10:57 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 10:57 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 10:57 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 10:57 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 10:57 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 10:57 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 10:57 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 10:57 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 10:57 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 10:57 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 10:57 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 10:57 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 10:57 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 10:57 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 10:57 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 10:57 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 10:57 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 10:57 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 10:57 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 10:57 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 10:57 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 10:57 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 10:57 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 10:56 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 10:56 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 10:56 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 10:56 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 10:56 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 10:56 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 10:56 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 10:56 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 10:56 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 10:55 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 10:54 - 2015-02-11 10:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 10:54 - 2015-02-11 10:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-11 10:54 - 2015-02-11 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-11 10:54 - 2015-02-11 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-11 10:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-11 10:54 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-11 10:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-11 10:49 - 2015-02-11 10:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\carter\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-11 07:49 - 2015-02-11 07:49 - 00022528 _____ () C:\Users\carter\AppData\Local\dsisetup1428132992.exe
2015-02-11 07:49 - 2015-02-11 07:49 - 00000010 _____ () C:\Users\carter\AppData\Local\DSI.DAT
2015-02-10 09:00 - 2015-02-10 08:58 - 00244673 _____ () C:\Users\carter\Documents\AviruswillnotletmelogontoWindows7NeedhelppleasepageNumber-VirusTrojanSpywareandMalwareRemovalLogs.html
2015-02-10 08:58 - 2015-02-10 08:58 - 00244673 _____ () C:\Users\carter\Downloads\AviruswillnotletmelogontoWindows7NeedhelppleasepageNumber-VirusTrojanSpywareandMalwareRemovalLogs.html
2015-02-09 16:39 - 2015-02-11 07:49 - 00000128 _____ () C:\Users\carter\AppData\Roaming\WB.CFG
2015-02-09 16:07 - 2015-02-11 10:48 - 00000000 ____D () C:\Users\carter\Desktop\FRST-OlderVersion
2015-02-04 09:44 - 2015-02-04 09:44 - 00007539 _____ () C:\Users\carter\Desktop\Search.txt
2015-02-04 09:38 - 2015-02-09 16:19 - 00030566 _____ () C:\Users\carter\Desktop\Addition.txt
2015-02-04 09:37 - 2015-02-13 10:02 - 00019658 _____ () C:\Users\carter\Desktop\FRST.txt
2015-02-04 09:37 - 2015-02-11 10:48 - 02134016 _____ (Farbar) C:\Users\carter\Desktop\FRST64.exe
2015-02-03 21:26 - 2015-02-04 19:22 - 00029519 _____ () C:\Users\carter\Desktop\avgrep.txt
2015-02-03 19:03 - 2015-02-13 10:02 - 00000000 ____D () C:\FRST
2015-02-03 13:39 - 2015-02-13 09:39 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job
2015-02-03 13:39 - 2015-02-11 11:18 - 00000000 ____D () C:\Users\carter\AppData\Roaming\UpdaterEX
2015-02-03 13:39 - 2015-02-03 13:39 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\carter\Downloads\Adobe_Flash_Setup (1).exe
2015-02-03 13:39 - 2015-02-03 13:39 - 00003240 _____ () C:\Windows\System32\Tasks\UpdaterEX
2015-02-03 13:38 - 2015-02-03 13:38 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\carter\Downloads\Adobe_Flash_Setup.exe
2015-02-03 13:31 - 2015-02-03 13:32 - 00000000 ____D () C:\Users\carter\Documents\Mikes Lessons PDFS
2015-02-03 13:20 - 2015-02-03 13:20 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 91d08b64837741d4948b53620ed78e543372264eb7814e618c57cc2970da631e
2015-02-03 13:15 - 2015-02-03 13:15 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 7ea77cf1cd044ffb8d36706dec17175f7c442c27fe8549a89455fc09a0b8afc7
2015-02-02 17:28 - 2015-02-02 17:28 - 00000000 ____D () C:\Users\carter\Desktop\Aria Ins 2015
2015-01-29 10:43 - 2015-01-29 10:43 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 79de254ed90f4c36b79c537d734699278bad217962124737984010c86f5ad17b
2015-01-29 10:42 - 2015-01-29 10:42 - 00921624 _____ () C:\img2-001.raw
2015-01-29 10:36 - 2015-02-04 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2015-01-29 10:35 - 2015-02-04 21:32 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2015-01-29 10:35 - 2015-02-04 21:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2015-01-29 10:35 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-29 10:34 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-25 14:29 - 2015-01-25 14:29 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 62154507050f4ae5abe7ff2b07734f56c70a52e20efe487d9a093c230b534816
2015-01-22 12:01 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-22 12:01 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-22 12:01 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-22 12:01 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-22 12:01 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-22 12:01 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-13 09:59 - 2012-01-21 23:13 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-13 09:52 - 2012-01-21 17:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 09:44 - 2012-09-08 14:40 - 00000000 ____D () C:\Users\carter\AppData\Local\Spotify
2015-02-13 09:44 - 2012-09-08 14:38 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Spotify
2015-02-13 09:14 - 2012-09-28 21:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-13 03:00 - 2012-01-21 04:06 - 01700694 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 16:52 - 2012-01-21 17:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 14:07 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 14:07 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 14:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 11:31 - 2014-03-10 17:40 - 00000000 ____D () C:\Users\carter\AppData\Roaming\IMVU
2015-02-11 11:31 - 2013-02-09 20:20 - 00000000 ___RD () C:\Users\carter\Dropbox
2015-02-11 11:31 - 2013-02-09 20:18 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Dropbox
2015-02-11 11:30 - 2012-02-12 13:12 - 00028103 _____ () C:\ProgramData\dlecscan.log
2015-02-11 11:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 11:29 - 2009-07-13 23:51 - 00053461 _____ () C:\Windows\setupact.log
2015-02-11 11:29 - 2009-07-13 23:45 - 00315544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 11:28 - 2014-12-10 03:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 11:28 - 2014-05-01 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 11:28 - 2010-11-20 22:47 - 00157848 _____ () C:\Windows\PFRO.log
2015-02-11 11:25 - 2013-07-15 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 11:22 - 2012-01-20 17:25 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 11:18 - 2014-03-22 17:32 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2015-02-11 11:18 - 2014-03-15 07:38 - 00000000 ____D () C:\ProgramData\Conduit
2015-02-11 11:18 - 2014-03-15 07:38 - 00000000 ____D () C:\Program Files (x86)\IMVU_Inc_C
2015-02-11 10:54 - 2012-08-31 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-11 10:49 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-11 10:42 - 2012-02-04 10:50 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-02-11 10:42 - 2012-02-04 10:46 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-02-09 17:14 - 2012-09-28 21:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-09 17:14 - 2012-07-08 11:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-09 17:14 - 2012-01-21 13:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-09 16:55 - 2012-01-21 17:16 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-09 16:47 - 2012-01-21 17:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 16:47 - 2012-01-21 17:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-09 16:07 - 2014-03-15 07:37 - 00000000 ____D () C:\Users\carter\AppData\Local\CRE
2015-02-04 21:32 - 2014-08-15 12:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-04 21:32 - 2014-08-15 12:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-04 21:32 - 2014-04-05 09:32 - 00000000 ____D () C:\Users\carter\Desktop\FUSB3_allOS_2.1.28.1_PV
2015-02-04 21:32 - 2013-02-03 15:16 - 00000000 ____D () C:\Users\carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-02-04 21:32 - 2012-01-21 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 21:32 - 2012-01-20 12:08 - 00000000 ____D () C:\Users\carter
2015-02-04 21:32 - 2011-04-12 03:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-04 21:32 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-02-04 21:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-04 21:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-04 18:41 - 2013-09-20 10:56 - 00001122 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2015-02-03 13:41 - 2013-09-20 10:55 - 00000000 ____D () C:\ProgramData\AVG2014
2015-02-03 13:39 - 2012-01-21 13:36 - 00000000 ____D () C:\Users\carter\AppData\Local\Adobe
2015-01-30 16:40 - 2013-02-03 15:18 - 00001350 _____ () C:\Users\carter\Desktop\ROBLOX Player.lnk
2015-01-30 16:39 - 2014-10-20 14:35 - 00001169 _____ () C:\Users\carter\Desktop\ROBLOX Studio.lnk
2015-01-25 21:37 - 2014-12-20 13:19 - 00000000 ____D () C:\Users\carter\AppData\Roaming\SPORE Creature Creator
 
==================== Files in the root of some directories =======
 
2015-02-09 16:39 - 2015-02-11 07:49 - 0000128 _____ () C:\Users\carter\AppData\Roaming\WB.CFG
2015-02-11 07:49 - 2015-02-11 07:49 - 0000010 _____ () C:\Users\carter\AppData\Local\DSI.DAT
2015-02-11 07:49 - 2015-02-11 07:49 - 0022528 _____ () C:\Users\carter\AppData\Local\dsisetup1428132992.exe
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\carter\AppData\Local\setup.txt
2014-10-14 14:19 - 2014-10-14 14:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-02-12 13:08 - 2012-02-12 13:08 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-02-12 13:14 - 2012-09-02 09:24 - 0000178 _____ () C:\ProgramData\dlec.log
2013-11-14 12:57 - 2013-11-14 13:12 - 0000248 _____ () C:\ProgramData\dlecDiagnostics.log
2012-02-12 13:14 - 2014-09-25 16:12 - 0086604 _____ () C:\ProgramData\dlecJSW.log
2012-02-12 13:12 - 2015-02-11 11:30 - 0028103 _____ () C:\ProgramData\dlecscan.log
2012-02-12 13:14 - 2012-02-12 13:14 - 0000252 _____ () C:\ProgramData\FastPics.log
2012-02-12 13:08 - 2012-02-12 13:08 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-02-12 13:08 - 2012-02-12 13:08 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some content of TEMP:
====================
C:\Users\carter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeivu9k.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-13 00:37
 
==================== End Of Log ============================


#15 Ccarteraws

Ccarteraws
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 13 February 2015 - 10:38 AM

Performed everything per your instructions:

 

Google Chrome Startup page changed:  Successful fix after reboot.

 

Updated Java and deleted old versions.

 

Updated Adobe Reader.

 

Again:  MEGA THANKS for your help!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users