Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XMLKA problem


  • This topic is locked This topic is locked
4 replies to this topic

#1 soxrock524

soxrock524

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 05 March 2015 - 11:50 PM

I'm not sure what exactly was but my avast antivirus keeps popping up with warnings for http://xmlka.com/click?app=app... the process that is running it changes every time it happens.
 
conhost.exe
cmd.exe 
msiexec.exe
etc...
 
I can't find out how to remove it. I downloaded FRST and ran it the results are below. Any help would be appreciated. 
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by conno_000 (administrator) on CJS on 05-03-2015 22:42:28
Running from C:\Users\conno_000\Desktop
Loaded Profiles: conno_000 (Available profiles: conno_000)
Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Spotify Ltd) C:\Users\conno_000\AppData\Roaming\Spotify\spotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
() C:\Users\conno_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\conno_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\conno_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\conno_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\conno_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-28] (AVAST Software)
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKU\S-1-5-21-3374415774-2067191699-3458194498-1001\...\Run: [Spotify] => C:\Users\conno_000\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-02-24] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3374415774-2067191699-3458194498-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> {CD41CF3F-7C69-45AE-B3F5-FEAD512C3028} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {CD41CF3F-7C69-45AE-B3F5-FEAD512C3028} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3374415774-2067191699-3458194498-1001 -> {CD41CF3F-7C69-45AE-B3F5-FEAD512C3028} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-28]
 
Chrome: 
=======
CHR Profile: C:\Users\conno_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\conno_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-24]
CHR Extension: (Google Docs) - C:\Users\conno_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-24]
CHR Extension: (Google Drive) - C:\Users\conno_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\conno_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-24]
CHR Extension: (YouTube) - C:\Users\conno_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-24]
CHR Extension: (Google Search) - C:\Users\conno_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-24]
CHR Extension: (Google Sheets) - C:\Users\conno_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-24]
CHR Extension: (AdBlock) - C:\Users\conno_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-28]
CHR Extension: (Avast Online Security) - C:\Users\conno_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-01]
CHR Extension: (Google Wallet) - C:\Users\conno_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-24]
CHR Extension: (Gmail) - C:\Users\conno_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-28] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-05-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-06] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-28] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7517872 2014-08-06] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [150744 2013-09-09] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
R3 VSTWinDriver6; C:\Windows\system32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-05-06] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-05 22:42 - 2015-03-05 22:42 - 00020299 _____ () C:\Users\conno_000\Desktop\FRST.txt
2015-03-05 22:39 - 2015-03-05 22:42 - 00000000 ____D () C:\FRST
2015-03-05 22:38 - 2015-03-05 22:38 - 02092544 _____ (Farbar) C:\Users\conno_000\Downloads\FRST64.exe
2015-03-05 22:38 - 2015-03-05 22:38 - 02092544 _____ (Farbar) C:\Users\conno_000\Desktop\FRST64.exe
2015-03-03 20:09 - 2015-03-03 20:09 - 00000000 _____ () C:\autoexec.bat
2015-03-03 20:07 - 2015-03-03 20:07 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-03 20:06 - 2015-03-03 20:06 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\conno_000\Downloads\SpyHunter-Installer.exe
2015-03-03 12:48 - 2015-03-03 12:49 - 01339949 _____ () C:\Users\conno_000\Downloads\Fluorescence_Qiao (1).pptx
2015-03-03 11:55 - 2015-03-03 11:55 - 00067336 _____ () C:\Users\conno_000\Downloads\FBT_Risk_Register_ v3 2.xlsx
2015-03-03 11:54 - 2015-03-03 11:54 - 00118358 _____ () C:\Users\conno_000\Downloads\FBT_Gantt_V4.0.xlsx
2015-03-02 00:25 - 2015-03-02 00:25 - 00000000 ____D () C:\Users\Public\Pokki
2015-03-01 16:32 - 2015-03-01 16:32 - 00000069 _____ () C:\Users\conno_000\Downloads\null.pdb
2015-03-01 15:03 - 2015-03-01 15:03 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-01 14:46 - 2015-03-01 14:46 - 00001893 _____ () C:\Users\conno_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-02-28 20:21 - 2015-03-05 22:24 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-02-28 20:21 - 2015-02-28 20:21 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-02-28 12:52 - 2015-02-28 12:52 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-28 12:52 - 2015-02-28 12:52 - 00002046 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-02-28 12:51 - 2015-02-28 12:53 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-28 12:51 - 2015-02-28 12:52 - 00000000 ____D () C:\Users\conno_000\AppData\Local\Adobe
2015-02-28 12:51 - 2015-02-28 12:51 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-28 12:42 - 2015-03-03 19:59 - 00000000 ____D () C:\Users\conno_000\AppData\Roaming\Dropbox
2015-02-28 12:41 - 2015-02-28 12:41 - 00000000 ____D () C:\Users\conno_000\AppData\Roaming\AVAST Software
2015-02-28 12:40 - 2015-03-04 16:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-28 12:40 - 2015-02-28 12:40 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-28 12:40 - 2015-02-28 12:40 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-28 12:40 - 2015-02-28 12:40 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-28 12:40 - 2015-02-28 12:40 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-28 12:40 - 2015-02-28 12:40 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-28 12:40 - 2015-02-28 12:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-28 12:40 - 2015-02-28 12:40 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-28 12:40 - 2015-02-28 12:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-28 12:40 - 2015-02-28 12:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-28 12:40 - 2015-02-28 12:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-28 12:40 - 2015-02-28 12:40 - 00001987 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-28 12:40 - 2015-02-28 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-28 12:39 - 2015-02-28 12:39 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-28 12:38 - 2015-02-28 12:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-28 12:38 - 2015-02-28 12:38 - 05006864 _____ (AVAST Software) C:\Users\conno_000\Downloads\avast_free_antivirus_setup_online.exe
2015-02-28 12:37 - 2015-02-28 12:37 - 03402432 _____ (Check Point Software Technologies Ltd.) C:\Users\conno_000\Downloads\zaSetupWeb_133_209_000-5400_123.exe
2015-02-28 12:37 - 2015-02-28 12:37 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-02-27 15:10 - 2015-02-27 15:10 - 01339949 _____ () C:\Users\conno_000\Downloads\Fluorescence_Qiao.pptx
2015-02-27 01:13 - 2015-02-27 01:13 - 00000000 ____D () C:\7
2015-02-26 17:58 - 2004-02-04 11:27 - 00049536 _____ (Texas Instruments Incorporated) C:\Windows\SysWOW64\Drivers\tiehdusb.sys
2015-02-26 17:58 - 2003-11-14 15:53 - 00011520 _____ (Walter Oney Software) C:\Windows\SysWOW64\Drivers\wdmstub.sys
2015-02-26 17:57 - 2015-02-26 17:57 - 00002218 _____ () C:\Users\Public\Desktop\Logger Pro 3.8.2.lnk
2015-02-26 17:57 - 2015-02-26 17:57 - 00000000 ____D () C:\ProgramData\Vernier
2015-02-26 17:57 - 2015-02-26 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vernier Software
2015-02-26 17:57 - 2015-02-26 17:57 - 00000000 ____D () C:\Program Files (x86)\Vernier Software
2015-02-26 17:57 - 2007-01-10 13:23 - 00017424 _____ (anchor chips) C:\Windows\SysWOW64\Drivers\ezusb.sys
2015-02-26 17:56 - 2015-02-26 17:56 - 00000000 ____D () C:\Users\conno_000\AppData\Local\Downloaded Installations
2015-02-26 17:52 - 2015-02-26 17:54 - 121082374 _____ () C:\Users\conno_000\Downloads\LoggerPro3_8_2 XP.7z
2015-02-26 16:23 - 2015-02-26 16:23 - 00062229 _____ () C:\Users\conno_000\Downloads\FBT_Risk_Register_ v2.1 (1).xlsx
2015-02-26 16:23 - 2015-02-26 16:23 - 00061430 _____ () C:\Users\conno_000\Downloads\FBT_Risk_Register_ v2.1.xlsx
2015-02-26 15:49 - 2015-02-26 15:49 - 00000000 ____D () C:\Users\conno_000\Desktop\mpide-0023-windows-20140821
2015-02-26 15:48 - 2015-02-26 15:48 - 220656538 _____ () C:\Users\conno_000\Desktop\mpide-0023-windows-20140821.zip
2015-02-26 15:48 - 2015-02-26 15:48 - 00012520 _____ () C:\Users\conno_000\Downloads\Prototype Rubric.xlsx
2015-02-26 15:38 - 2015-02-26 15:38 - 00000000 ____D () C:\Users\conno_000\Documents\mpide
2015-02-26 15:38 - 2015-02-26 15:38 - 00000000 ____D () C:\Users\conno_000\AppData\Roaming\mpide
2015-02-25 22:03 - 2015-02-25 22:03 - 00000000 ____D () C:\Users\conno_000\AppData\Roaming\hpqlog
2015-02-25 12:26 - 2015-02-25 12:26 - 00000000 ___SD () C:\Users\conno_000\Documents\My Shapes
2015-02-25 12:25 - 2015-02-25 12:25 - 00104879 _____ () C:\Users\conno_000\Downloads\FBT_Gantt_V3.1.xlsx
2015-02-25 12:25 - 2015-02-25 12:25 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-25 12:24 - 2015-02-25 12:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-25 12:24 - 2015-02-25 12:24 - 00000000 __RHD () C:\MSOCache
2015-02-25 12:24 - 2015-02-25 12:24 - 00000000 ____D () C:\Users\conno_000\AppData\Local\Microsoft Help
2015-02-25 12:24 - 2015-02-25 12:24 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-25 12:24 - 2015-02-25 12:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-25 12:20 - 2015-02-25 12:20 - 00000000 ____D () C:\Users\conno_000\Downloads\Visio Professional 2013 (x86 and x64) - DVD (English)
2015-02-25 12:13 - 2015-02-25 12:21 - 00003108 _____ () C:\Users\conno_000\Downloads\SecureDownloadManager.log
2015-02-25 12:13 - 2015-02-25 12:13 - 00003199 _____ () C:\Users\conno_000\Desktop\Shortcut to SecureDownloadManager.exe.lnk
2015-02-25 12:13 - 2015-02-25 12:13 - 00000183 _____ () C:\Users\conno_000\Downloads\100357724634.sdx
2015-02-25 12:13 - 2015-02-25 12:13 - 00000000 ____D () C:\Users\conno_000\AppData\Roaming\e-academy Inc
2015-02-25 12:13 - 2015-02-25 12:13 - 00000000 ____D () C:\Users\conno_000\AppData\Local\e-academy Inc
2015-02-25 12:12 - 2015-02-25 12:14 - 00000000 ____D () C:\school
2015-02-25 12:12 - 2015-02-25 12:13 - 00774656 _____ () C:\Users\conno_000\Downloads\SDM_EN.msi
2015-02-25 11:51 - 2015-02-25 11:51 - 00000000 ____D () C:\Users\conno_000\AppData\Roaming\NuGet
2015-02-25 11:46 - 2015-02-25 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2015-02-25 11:46 - 2015-02-25 11:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2015-02-25 11:43 - 2015-02-25 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
2015-02-25 11:43 - 2015-02-25 11:43 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits
2015-02-25 11:42 - 2015-02-26 14:45 - 00000000 ____D () C:\Users\conno_000\Documents\Visual Studio 2013
2015-02-25 11:42 - 2015-02-25 11:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE
2015-02-25 11:38 - 2015-02-25 11:38 - 00000000 ____D () C:\Program Files (x86)\AppInsights
2015-02-25 11:34 - 2015-02-25 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-25 11:33 - 2015-02-25 11:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-25 11:32 - 2015-02-25 11:32 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-02-25 11:32 - 2015-02-25 11:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-02-25 11:31 - 2015-02-25 11:39 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2015-02-25 11:31 - 2015-02-25 11:31 - 00000000 ____D () C:\Program Files\Application Verifier
2015-02-25 11:31 - 2015-02-25 11:31 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2015-02-25 11:30 - 2015-02-25 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-02-25 11:28 - 2015-02-25 11:28 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2015-02-25 11:26 - 2015-02-25 11:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-02-25 11:24 - 2015-02-25 11:38 - 00000000 ____D () C:\Program Files\IIS Express
2015-02-25 11:24 - 2015-02-25 11:38 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2015-02-25 11:24 - 2015-02-25 11:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2015-02-25 11:23 - 2015-02-25 11:23 - 00000000 ____D () C:\ProgramData\NuGet
2015-02-25 11:23 - 2015-02-25 11:23 - 00000000 ____D () C:\Program Files\IIS
2015-02-25 11:23 - 2015-02-25 11:23 - 00000000 ____D () C:\Program Files (x86)\NuGet
2015-02-25 11:23 - 2015-02-25 11:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2015-02-25 11:23 - 2015-02-25 11:23 - 00000000 ____D () C:\Program Files (x86)\IIS
2015-02-25 11:22 - 2015-02-25 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2015-02-25 11:21 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-02-25 11:17 - 2015-02-25 11:21 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2015-02-25 11:17 - 2015-02-25 11:17 - 00000000 ____D () C:\Windows\symbols
2015-02-25 11:17 - 2015-02-25 11:17 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits
2015-02-25 11:17 - 2015-02-25 11:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2015-02-25 11:17 - 2015-02-25 11:17 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2015-02-25 11:14 - 2015-02-25 11:48 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-02-25 11:14 - 2015-02-25 11:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-02-25 11:14 - 2015-02-25 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-02-25 11:14 - 2015-02-25 11:20 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-02-25 11:08 - 2015-03-03 19:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-02-25 11:08 - 2015-02-25 11:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-02-25 11:08 - 2015-02-25 11:16 - 00000000 ____D () C:\Windows\system32\1033
2015-02-25 11:08 - 2015-02-25 11:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
2015-02-25 11:08 - 2015-02-25 11:08 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0
2015-02-25 11:03 - 2015-02-25 11:03 - 01240624 _____ (Microsoft Corporation) C:\Users\conno_000\Downloads\vs_community.exe
2015-02-25 09:53 - 2015-02-25 09:54 - 00000000 ____D () C:\Users\conno_000\Desktop\Senior Design
2015-02-25 09:15 - 2015-02-26 14:45 - 00000000 ____D () C:\Users\conno_000\Desktop\visual basic
2015-02-25 09:13 - 2015-02-25 09:13 - 00000000 ____D () C:\Users\conno_000\Desktop\Rugby
2015-02-25 09:13 - 2015-02-25 09:13 - 00000000 ____D () C:\Users\conno_000\Desktop\resume
2015-02-25 09:13 - 2015-02-25 09:13 - 00000000 ____D () C:\Users\conno_000\Desktop\code
2015-02-24 22:13 - 2015-03-05 22:29 - 00000000 ____D () C:\Users\conno_000\AppData\Roaming\Spotify
2015-02-24 22:13 - 2015-03-05 22:25 - 00000000 ____D () C:\Users\conno_000\AppData\Local\Spotify
2015-02-24 22:13 - 2015-03-02 01:20 - 00000000 ____D () C:\Users\conno_000\AppData\Local\CrashDumps
2015-02-24 22:13 - 2015-02-24 22:13 - 00137888 _____ (Spotify Ltd) C:\Users\conno_000\Downloads\SpotifySetup.exe
2015-02-24 22:13 - 2015-02-24 22:13 - 00137888 _____ (Spotify Ltd) C:\Users\conno_000\Downloads\SpotifySetup (1).exe
2015-02-24 22:13 - 2015-02-24 22:13 - 00001840 _____ () C:\Users\conno_000\Desktop\Spotify.lnk
2015-02-24 22:13 - 2015-02-24 22:13 - 00001826 _____ () C:\Users\conno_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-02-24 17:12 - 2015-03-05 19:03 - 00000000 ____D () C:\6
2015-02-24 16:44 - 2015-02-25 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-24 16:43 - 2015-03-01 15:16 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-24 16:43 - 2015-02-24 16:43 - 01062064 _____ (Microsoft Corporation) C:\Users\conno_000\Downloads\Setup.X86.en-us_O365ProPlusRetail_b0401186-b369-435b-b8f2-b293a1e4b7b1_TX_PR_.exe
2015-02-24 16:35 - 2015-03-05 22:40 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 16:35 - 2015-03-05 22:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 16:35 - 2015-02-24 16:35 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-24 16:35 - 2015-02-24 16:35 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-24 16:35 - 2015-02-24 16:35 - 00002286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-24 16:35 - 2015-02-24 16:35 - 00000000 ____D () C:\Users\conno_000\AppData\Local\Google
2015-02-24 16:35 - 2015-02-24 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-24 16:35 - 2015-02-24 16:35 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-24 16:34 - 2015-02-24 16:34 - 00000000 ____D () C:\Users\conno_000\AppData\Local\Deployment
2015-02-24 16:34 - 2015-02-24 16:34 - 00000000 ____D () C:\Users\conno_000\AppData\Local\Apps\2.0
2015-02-24 16:32 - 2015-03-05 22:29 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3374415774-2067191699-3458194498-1001
2015-02-24 16:31 - 2015-02-24 16:51 - 00000000 ____D () C:\Users\conno_000\AppData\Roaming\Hewlett-Packard
2015-02-24 16:30 - 2015-03-05 22:26 - 00000000 ____D () C:\Users\conno_000\Documents\Youcam
2015-02-24 16:30 - 2015-02-24 16:30 - 00000000 ____D () C:\Users\conno_000\AppData\Roaming\Macromedia
2015-02-24 16:30 - 2015-02-24 16:30 - 00000000 ____D () C:\Users\conno_000\AppData\Local\CyberLink
2015-02-24 16:29 - 2015-03-05 22:27 - 00000000 __RDO () C:\Users\conno_000\OneDrive
2015-02-24 16:29 - 2015-03-05 11:09 - 00382680 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 16:29 - 2015-02-24 16:29 - 00000000 __SHD () C:\Users\conno_000\AppData\Local\EmieUserList
2015-02-24 16:29 - 2015-02-24 16:29 - 00000000 __SHD () C:\Users\conno_000\AppData\Local\EmieSiteList
2015-02-24 16:28 - 2015-02-25 22:03 - 00000000 ____D () C:\Users\conno_000\AppData\Local\Hewlett-Packard
2015-02-24 16:27 - 2015-03-03 12:49 - 00000000 ____D () C:\Users\conno_000\AppData\Local\Packages
2015-02-24 16:27 - 2015-03-02 17:35 - 00000000 ____D () C:\Users\conno_000\AppData\Roaming\Adobe
2015-02-24 16:27 - 2015-02-24 16:43 - 00000000 ____D () C:\Users\conno_000\AppData\Local\VirtualStore
2015-02-24 16:27 - 2015-02-24 16:27 - 00001453 _____ () C:\Users\conno_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-24 16:27 - 2015-02-24 16:27 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-02-24 16:27 - 2015-02-24 16:27 - 00000000 ____D () C:\Users\conno_000\AppData\Roaming\Synaptics
2015-02-24 16:26 - 2015-03-03 19:27 - 00000000 ____D () C:\Users\conno_000
2015-02-24 16:26 - 2015-02-24 16:26 - 00000020 ___SH () C:\Users\conno_000\ntuser.ini
2015-02-24 16:26 - 2014-05-06 17:56 - 00000000 ___RD () C:\Users\conno_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-24 16:26 - 2014-05-06 17:07 - 00000000 ___HD () C:\Users\conno_000\Documents\hp.system.package.metadata
2015-02-24 16:26 - 2014-03-18 04:06 - 00000000 ___RD () C:\Users\conno_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-24 16:26 - 2014-03-18 03:54 - 00000369 _____ () C:\Users\conno_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-24 16:26 - 2014-03-18 03:54 - 00000369 _____ () C:\Users\conno_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-24 16:26 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\conno_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-24 16:26 - 2013-08-22 09:36 - 00000000 ____D () C:\Users\conno_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-05 22:28 - 2014-03-18 03:53 - 00958292 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 22:23 - 2014-03-18 03:44 - 00003628 _____ () C:\Windows\PFRO.log
2015-03-05 22:23 - 2013-08-22 08:46 - 00027892 _____ () C:\Windows\setupact.log
2015-03-05 22:23 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 22:22 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-05 22:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-03 19:26 - 2014-08-06 00:43 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-03 19:26 - 2014-08-06 00:43 - 00000000 ____D () C:\Program Files\mcafee
2015-03-03 19:26 - 2014-08-06 00:43 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-03-03 19:26 - 2014-08-06 00:43 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-03 19:25 - 2013-08-22 08:44 - 00516040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-28 20:21 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-02-26 17:58 - 2014-05-06 17:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-25 22:29 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-25 22:03 - 2014-05-06 17:18 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-02-25 12:25 - 2014-05-06 17:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-25 12:24 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-25 11:42 - 2014-08-06 00:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-25 11:24 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-25 11:08 - 2014-04-02 03:50 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-25 11:04 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\restore
2015-02-25 00:17 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache
2015-02-25 00:16 - 2014-04-02 04:25 - 00000000 ____D () C:\Windows\Panther
2015-02-24 22:05 - 2014-08-06 00:42 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-24 16:39 - 2013-08-22 09:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-24 16:33 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-24 16:27 - 2014-05-06 17:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-02-24 16:27 - 2014-05-06 17:17 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2015-02-24 16:27 - 2014-05-06 17:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-02-24 16:27 - 2014-05-06 17:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-02-24 16:27 - 2014-05-06 17:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-02-24 16:27 - 2014-03-31 19:07 - 00000000 ___HD () C:\SYSTEM.SAV
 
Some content of TEMP:
====================
C:\Users\conno_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppvrdof.dll
C:\Users\conno_000\AppData\Local\Temp\octCA0C.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-02 03:25
 
==================== End Of Log ============================
 
 
 
addition.txt
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by conno_000 at 2015-03-05 22:43:34
Running from C:\Users\conno_000\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.223.215.5 - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9130 - Broadcom Corporation)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3604 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Logger Pro 3.8.2 (HKLM-x32\...\InstallShield_{DD1C903B-C75E-446A-9C09-19EFE9D101DD}) (Version: 5.0 - Vernier Software & Technology)
LoggerPro3 (x32 Version: 5.0 - Vernier Software & Technology) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Spotify (HKU\S-1-5-21-3374415774-2067191699-3458194498-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.5.2 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3374415774-2067191699-3458194498-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\ddrawex.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3374415774-2067191699-3458194498-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
25-02-2015 11:04:31 Microsoft Visual Studio Community 2013 with Update 4
26-02-2015 17:56:31 Installed LoggerPro3
28-02-2015 12:39:08 avast! antivirus system restore point
03-03-2015 19:57:27 Removed Microsoft Silverlight 5 SDK
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {06C1134E-C121-4592-A545-1B8075A5B9C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24] (Google Inc.)
Task: {1D4AC757-A8EA-404C-90F0-EB78F8CA0E8C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-12-18] (Hewlett-Packard)
Task: {1DF00F7E-3839-4138-8FB0-F5023B5EA729} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-27] (Microsoft Corporation)
Task: {433F06B5-ED35-492B-BAED-8DAF8702A653} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-28] (AVAST Software)
Task: {4523C63E-388D-48EC-9FB3-CF7970CE9727} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {57E6B2F9-EE2F-44E8-9B1E-3AAE40F86AA1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-12-18] (Hewlett-Packard)
Task: {68475641-9B2F-43E9-AAD4-2E083AD30EC4} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {6EAE71EB-323C-4B74-A7E3-C032EA63BAE8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7CEDD7E1-ADAC-4A04-AB17-D6ED447ED169} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-27] (Microsoft Corporation)
Task: {84576626-8864-4E55-AB5A-D749CE093A54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24] (Google Inc.)
Task: {8B80E0B9-83D0-4F0A-A02D-8497E085C749} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {8C36881A-1C9E-4604-95E4-2F1C1D78FD8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {963C0306-7E41-4A34-BD26-29D52904C4F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {9656E6C8-C4F7-4E66-9080-F41270B192F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {BDB26239-5F3A-407C-9644-88B74C4CD572} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-27] (Microsoft Corporation)
Task: {BEF34DC9-B876-4386-A0C0-C4AAF3C574E3} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {E43338D8-D4AF-434E-9CB3-B6D0B547147F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-03-28 14:31 - 2014-03-28 14:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 14:27 - 2014-03-28 14:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 14:48 - 2014-03-28 14:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 14:48 - 2014-03-28 14:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-02-24 16:43 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-04 09:44 - 2013-12-04 09:44 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 09:44 - 2013-12-04 09:44 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 09:44 - 2013-12-04 09:44 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2015-02-27 12:08 - 2015-02-27 12:08 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-28 14:36 - 2014-03-28 14:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-02-24 22:13 - 2015-02-24 22:13 - 00374840 _____ () C:\Users\conno_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2015-03-05 18:50 - 2015-03-05 18:50 - 02918400 _____ () C:\Program Files\AVAST Software\Avast\defs\15030501\algo.dll
2015-02-24 22:13 - 2015-02-24 22:13 - 36966968 _____ () C:\Users\conno_000\AppData\Roaming\Spotify\Data\libcef.dll
2015-02-28 12:40 - 2015-02-28 12:40 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-24 22:13 - 2015-02-24 22:13 - 00867896 _____ () C:\Users\conno_000\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2015-02-24 22:13 - 2015-02-24 22:13 - 00886840 _____ () C:\Users\conno_000\AppData\Roaming\Spotify\Data\libglesv2.dll
2015-02-24 22:13 - 2015-02-24 22:13 - 00108600 _____ () C:\Users\conno_000\AppData\Roaming\Spotify\Data\libegl.dll
2014-08-06 00:10 - 2013-12-10 09:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-02-24 16:35 - 2015-02-17 16:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-24 16:35 - 2015-02-17 16:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-24 16:35 - 2015-02-17 16:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-24 16:35 - 2015-02-17 16:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\conno_000\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3374415774-2067191699-3458194498-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3374415774-2067191699-3458194498-500 - Administrator - Disabled)
conno_000 (S-1-5-21-3374415774-2067191699-3458194498-1001 - Administrator - Enabled) => C:\Users\conno_000
Guest (S-1-5-21-3374415774-2067191699-3458194498-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/05/2015 10:04:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msconfig.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 24c0
 
Start Time: 01d057c26b69d26e
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\msconfig.exe
 
Report Id: cd9cb780-c3b5-11e4-8264-38b1dbeac3a2
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/05/2015 10:04:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program spotify.exe version 0.9.15.27 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1358
 
Start Time: 01d056cd69e29b77
 
Termination Time: 4294967295
 
Application Path: C:\Users\conno_000\AppData\Roaming\Spotify\spotify.exe
 
Report Id: d9230ae7-c3b5-11e4-8264-38b1dbeac3a2
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/05/2015 07:28:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18735
 
Error: (03/05/2015 07:28:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18735
 
Error: (03/05/2015 07:28:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2015 07:28:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17250
 
Error: (03/05/2015 07:28:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17250
 
Error: (03/05/2015 07:28:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2015 07:28:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16016
 
Error: (03/05/2015 07:28:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16016
 
 
System errors:
=============
Error: (03/05/2015 10:22:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
 
Error: (03/04/2015 04:47:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:09:44 PM on ‎3/‎4/‎2015 was unexpected.
 
Error: (03/03/2015 11:39:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service.
 
Error: (03/03/2015 11:34:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
 
Error: (03/03/2015 11:21:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
 
Error: (03/03/2015 11:21:21 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
 
Error: (03/03/2015 09:26:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:51:26 PM on ‎3/‎3/‎2015 was unexpected.
 
Error: (03/03/2015 07:50:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:25:43 PM on ‎3/‎3/‎2015 was unexpected.
 
Error: (03/03/2015 07:24:57 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (03/03/2015 07:25:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:16:01 PM on ‎3/‎3/‎2015 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (03/05/2015 10:04:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: msconfig.exe6.3.9600.1638424c001d057c26b69d26e4294967295C:\Windows\system32\msconfig.execd9cb780-c3b5-11e4-8264-38b1dbeac3a2
 
Error: (03/05/2015 10:04:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: spotify.exe0.9.15.27135801d056cd69e29b774294967295C:\Users\conno_000\AppData\Roaming\Spotify\spotify.exed9230ae7-c3b5-11e4-8264-38b1dbeac3a2
 
Error: (03/05/2015 07:28:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18735
 
Error: (03/05/2015 07:28:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18735
 
Error: (03/05/2015 07:28:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2015 07:28:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17250
 
Error: (03/05/2015 07:28:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17250
 
Error: (03/05/2015 07:28:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2015 07:28:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16016
 
Error: (03/05/2015 07:28:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16016
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-03 12:10:45.834
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\ddrawex.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-03-03 11:22:49.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\ddrawex.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-03-02 17:47:18.314
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\ddrawex.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-03-02 17:17:58.244
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\ddrawex.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-03-01 16:38:05.380
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\ddrawex.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 50%
Total physical RAM: 6074.15 MB
Available physical RAM: 2996.07 MB
Total Pagefile: 7162.15 MB
Available Pagefile: 3484.35 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:675.17 GB) (Free:609.38 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.45 GB) (Free:2.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: F297DD98)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Attached Files


Edited by Queen-Evie, 06 March 2015 - 09:55 AM.
moved from Windows 8. FRST logs are allowed only in Malware Removal Logs forum


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:32 PM

Posted 10 March 2015 - 05:02 PM

hi soxrock524,

 

Your post is a few days old. If you still need help simply reply back and we will begin.


How Can I Reduce My Risk to Malware?


#3 soxrock524

soxrock524
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 11 March 2015 - 11:11 AM

If you have time, I would appreciate the help. The virus that I have had causes avast to constantly pop up as well as for certain programs to start and take up to 20-25 percent of my CPU up. These could be notepad, Windows installer, Windows Command Processor, etc.

 

Thank you again.



#4 shelf life

shelf life

  • Malware Response Team
  • 2,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:32 PM

Posted 11 March 2015 - 04:37 PM

ok. No problem.

First we will use FRST, then get some downloads to run and we will go from there based on the logs and how things are looking on your end.

 

Copy/paste whats below in the code box into notepad. Save it as fixlist.txt in the same location that you have FRST. Start FRST like before except this time click on the Fix button and wait.

The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
EmptyTemp:

Next the downloads:

 

Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

You can also get Malwarebytes. There is a free version you can keep and use as a antimalware app.

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 

    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.


How Can I Reduce My Risk to Malware?


#5 shelf life

shelf life

  • Malware Response Team
  • 2,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:32 PM

Posted 19 March 2015 - 07:10 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users