Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still infected? Computer runs worse then before removal of bad stuff!


  • This topic is locked This topic is locked
30 replies to this topic

#1 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:09:15 PM

Posted 30 March 2015 - 06:49 AM

Help! Here are my log files posted as requested from another fourm. Vista will boot normally but wireless won't connect and nothing will open.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Barbara (administrator) on BARBARA-PC on 30-03-2015 07:37:59
Running from C:\Users\Barbara\Desktop
Loaded Profiles: Barbara (Available profiles: Barbara)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-05] (Realtek Semiconductor)
HKU\S-1-5-21-3762424694-237179980-4226746613-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\acer.scr [83554304 2007-04-19] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3762424694-237179980-4226746613-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3762424694-237179980-4226746613-1000\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3762424694-237179980-4226746613-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3762424694-237179980-4226746613-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-28] (Avast Software s.r.o.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll [2007-04-25] (HiTRUST)
Toolbar: HKLM - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll [2004-10-07] ()
Toolbar: HKLM - No Name - {A057A204-BACC-4D26-8398-26FADCF27386} -  No File
Toolbar: HKU\S-1-5-21-3762424694-237179980-4226746613-1000 -> ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll [2004-10-07] ()
Toolbar: HKU\S-1-5-21-3762424694-237179980-4226746613-1000 -> No Name - {A057A204-BACC-4D26-8398-26FADCF27386} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\mcxsri1s.default-1427372590849
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-21] ()
FF Plugin: @ei.MapsGalaxy_39.com/Plugin -> C:\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2010-03-17] (Alcatel-Lucent)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Extension: Disconnect - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\mcxsri1s.default-1427372590849\Extensions\2.0@disconnect.me.xpi [2015-03-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-28]

Chrome:
=======
CHR Profile: C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-19]
CHR Extension: (No Name) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-07]
CHR Extension: (No Name) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifkgichhpmabepjkbkmfeclembjdbpml [2014-12-26]
CHR Extension: (No Name) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc [2014-12-20]
CHR Extension: (No Name) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-28] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-28] (Avast Software)
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed]
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) [File not signed]
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () [File not signed]
S2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-03-17] (Alcatel-Lucent) [File not signed]
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-14] (acer) [File not signed]
S2 a6e8324c; "C:\Windows\system32\rundll32.exe" "c:\Program Files\SegmentBuilder\SegmentBuilder.dll",serv
S4 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-28] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-28] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-28] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-28] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-03-28] (Avast Software s.r.o.)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-28] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-03-28] ()
S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-08-07] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] ()
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-28] (Avast Software)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Barbara\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKsla4b46077; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{41676389-6129-4EF6-B288-757F023AC24C}\MpKsla4b46077.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 07:37 - 2015-03-30 07:38 - 00012427 _____ () C:\Users\Barbara\Desktop\FRST.txt
2015-03-30 07:37 - 2015-03-30 07:38 - 00000000 ____D () C:\FRST
2015-03-30 07:36 - 2015-03-30 07:36 - 01135104 _____ (Farbar) C:\Users\Barbara\Desktop\FRST.exe
2015-03-28 23:00 - 2015-03-28 23:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-28 22:59 - 2015-03-28 23:25 - 00000000 ____D () C:\Users\Barbara\Desktop\mbar
2015-03-28 22:58 - 2015-03-28 22:59 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Barbara\Downloads\mbar-1.09.1.1004.exe
2015-03-28 16:13 - 2015-03-28 16:13 - 00017246 _____ () C:\ComboFix.txt
2015-03-28 10:16 - 2015-03-28 10:16 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\AVAST Software
2015-03-28 10:16 - 2015-03-28 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-28 10:15 - 2015-03-28 10:15 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-28 10:15 - 2015-03-28 10:15 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-28 10:15 - 2015-03-28 10:15 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-28 10:15 - 2015-03-28 10:15 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-03-28 10:15 - 2015-03-28 10:15 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-03-28 10:15 - 2015-03-28 10:15 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-28 10:15 - 2015-03-28 10:15 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-28 10:15 - 2015-03-28 10:14 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-28 10:15 - 2015-03-28 10:14 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-28 10:14 - 2015-03-28 10:14 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-28 10:10 - 2015-03-28 10:10 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-28 09:48 - 2015-03-28 09:48 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Barbara\Downloads\tdsskiller.exe
2015-03-28 09:23 - 2015-03-28 16:13 - 00000000 ____D () C:\Qoobox
2015-03-28 09:23 - 2015-03-28 09:41 - 00000000 ____D () C:\Windows\erdnt
2015-03-28 09:23 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-28 09:23 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-28 09:23 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-28 09:23 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-28 09:23 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-28 09:23 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-28 09:23 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-28 09:23 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-28 09:22 - 2015-03-28 09:22 - 05615749 ____R (Swearware) C:\Users\Barbara\Downloads\ComboFix.exe
2015-03-27 14:37 - 2015-03-29 14:13 - 00002734 _____ () C:\Users\Barbara\Desktop\Rkill.txt
2015-03-27 08:03 - 2015-03-27 08:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-27 08:02 - 2015-03-27 08:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-27 07:52 - 2015-03-27 07:52 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-03-27 07:51 - 2015-03-27 07:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-27 07:51 - 2015-03-27 07:51 - 00000000 ____D () C:\Program Files\Adobe
2015-03-27 06:21 - 2013-08-26 22:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-03-27 06:21 - 2013-08-26 22:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-03-27 06:21 - 2013-08-26 22:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-03-27 06:21 - 2013-08-26 22:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-03-27 06:21 - 2013-08-26 21:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-03-27 06:21 - 2013-08-26 21:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-03-27 06:21 - 2013-08-26 21:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-03-27 06:21 - 2013-08-26 21:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-03-27 06:21 - 2013-08-26 21:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-03-27 06:21 - 2011-03-12 17:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-03-26 17:08 - 2015-03-26 17:08 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-26 17:02 - 2015-03-26 17:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2015-03-26 17:02 - 2015-03-26 17:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2015-03-26 16:53 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-26 16:51 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-26 16:34 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-03-26 16:34 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-03-26 16:34 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-03-26 16:34 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-03-26 16:32 - 2015-02-25 20:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-26 16:31 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-26 16:31 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-26 16:31 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-26 16:23 - 2014-10-09 21:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-03-26 16:23 - 2014-10-09 21:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-26 16:23 - 2014-10-09 19:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-26 16:22 - 2014-12-18 20:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-26 16:21 - 2014-11-03 20:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-03-26 16:16 - 2009-09-09 22:01 - 03023360 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2015-03-26 16:16 - 2009-09-09 22:00 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2015-03-26 16:16 - 2009-09-09 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-03-26 16:14 - 2009-09-30 21:02 - 02537472 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-03-26 16:14 - 2009-09-30 21:02 - 00334848 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2015-03-26 16:14 - 2009-09-30 21:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2015-03-26 16:14 - 2009-09-30 21:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\BthMtpContextHandler.dll
2015-03-26 16:14 - 2009-09-30 21:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2015-03-26 16:14 - 2009-09-30 21:01 - 00546816 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2015-03-26 16:14 - 2009-09-30 21:01 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2015-03-26 16:14 - 2009-09-30 21:01 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2015-03-26 16:14 - 2009-09-30 21:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2015-03-26 16:14 - 2009-09-30 21:01 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2015-03-26 16:14 - 2009-09-30 21:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2015-03-26 16:14 - 2009-09-30 21:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2015-03-26 16:14 - 2009-09-30 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2015-03-26 16:14 - 2009-09-30 21:01 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2015-03-26 16:14 - 2009-09-30 21:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUsb.sys
2015-03-26 16:14 - 2009-09-30 21:01 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\WpdConns.dll
2015-03-26 16:03 - 2014-08-26 20:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-03-26 16:03 - 2014-08-26 20:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-03-26 15:57 - 2014-10-23 21:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-26 15:56 - 2014-10-23 21:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-03-26 15:46 - 2014-11-25 22:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-26 15:45 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-03-26 15:38 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-26 15:38 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-26 15:28 - 2015-02-25 22:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-26 15:28 - 2015-02-25 22:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-26 15:28 - 2015-01-08 22:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-26 15:28 - 2015-01-08 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-26 15:27 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-26 15:26 - 2014-08-11 22:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-03-26 15:24 - 2015-03-26 15:24 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-03-26 15:24 - 2015-03-26 15:24 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-26 15:24 - 2015-03-26 15:24 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-26 15:24 - 2015-03-26 15:24 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-26 15:24 - 2015-03-26 15:24 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-03-26 15:24 - 2015-03-26 15:24 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-03-26 15:24 - 2015-03-26 15:24 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-26 15:24 - 2015-03-26 15:24 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-03-26 15:24 - 2015-03-26 15:24 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-03-26 15:24 - 2015-03-26 15:24 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-26 15:24 - 2015-03-26 15:24 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-03-26 15:24 - 2015-03-26 15:24 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-03-26 15:24 - 2015-03-26 15:24 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-26 15:24 - 2015-03-26 15:24 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-26 15:22 - 2015-03-26 15:22 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 01554432 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 01075712 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 00979456 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2015-03-26 15:22 - 2015-03-26 15:22 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2015-03-26 15:22 - 2015-03-26 15:22 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-26 15:22 - 2015-03-26 15:22 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2015-03-26 15:21 - 2015-03-26 15:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-03-26 15:21 - 2015-03-26 15:21 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-03-26 15:21 - 2015-03-26 15:21 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2015-03-26 15:21 - 2015-03-26 15:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2015-03-26 15:21 - 2015-03-26 15:21 - 00189440 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-03-26 15:19 - 2015-03-26 15:24 - 00004020 _____ () C:\Windows\IE9_main.log
2015-03-26 15:14 - 2015-03-06 00:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-26 15:14 - 2015-01-15 00:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-26 15:14 - 2014-10-09 21:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-26 15:12 - 2014-10-12 21:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-26 15:12 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-03-26 15:12 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-26 15:12 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-03-26 15:12 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-03-26 15:02 - 2014-10-02 21:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-26 15:02 - 2014-10-02 21:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-26 15:02 - 2014-10-02 21:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-26 15:02 - 2014-10-02 21:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-26 14:56 - 2014-12-05 23:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-26 14:56 - 2014-12-05 23:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-03-26 14:56 - 2014-12-05 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-03-26 14:53 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-26 14:35 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-03-26 14:34 - 2014-12-07 21:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-26 14:33 - 2012-07-25 23:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-03-26 14:33 - 2012-07-25 23:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-03-26 14:33 - 2012-07-25 23:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-03-26 14:33 - 2012-07-25 23:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-03-26 14:33 - 2012-07-25 23:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-03-26 14:33 - 2012-07-25 23:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-03-26 14:33 - 2012-07-25 22:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-03-26 14:33 - 2012-07-25 22:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-03-26 14:33 - 2012-07-25 22:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-03-26 14:33 - 2012-06-02 10:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-03-26 14:33 - 2009-07-14 08:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2015-03-26 14:20 - 2014-12-05 23:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-26 13:41 - 2015-03-30 07:36 - 00000680 _____ () C:\Users\Barbara\AppData\Local\d3d9caps.dat
2015-03-26 10:36 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-03-26 10:36 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-03-26 10:36 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-03-26 10:36 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-03-26 10:36 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-03-26 10:36 - 2013-06-15 09:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-03-26 10:36 - 2013-06-15 07:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-03-26 10:36 - 2011-10-14 12:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2015-03-26 10:36 - 2011-10-14 12:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\mciseq.dll
2015-03-26 10:36 - 2011-07-29 12:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2015-03-26 10:36 - 2011-07-29 12:01 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2015-03-26 10:36 - 2011-07-29 12:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2015-03-26 10:36 - 2011-07-29 12:00 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2015-03-26 10:36 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-03-26 10:36 - 2011-05-05 09:54 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-03-26 10:35 - 2012-05-11 11:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-26 10:34 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-03-26 10:33 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-03-26 10:32 - 2013-10-29 22:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2015-03-26 10:32 - 2013-10-29 21:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-03-26 10:32 - 2013-10-29 20:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-03-26 10:32 - 2012-11-02 06:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-03-26 10:32 - 2012-11-02 04:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2015-03-26 10:32 - 2012-09-25 12:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2015-03-26 10:32 - 2012-03-20 19:28 - 00053120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2015-03-26 10:32 - 2011-10-14 12:02 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2015-03-26 10:31 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-03-26 10:31 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-03-26 10:31 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-03-26 10:31 - 2013-07-10 05:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-03-26 10:31 - 2012-08-21 07:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-03-26 10:31 - 2012-06-29 12:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2015-03-26 10:29 - 2011-02-22 10:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-03-26 10:28 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-03-26 10:28 - 2013-03-03 15:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-03-26 10:28 - 2012-11-20 00:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-26 10:28 - 2011-12-14 12:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2015-03-26 10:27 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-03-26 10:26 - 2013-10-10 22:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-03-26 10:26 - 2013-10-10 22:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-03-26 10:26 - 2013-10-10 22:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2015-03-26 10:26 - 2013-10-10 20:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-03-26 10:26 - 2013-10-10 20:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-03-26 10:26 - 2013-08-02 00:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-03-26 10:26 - 2013-05-02 00:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-26 10:26 - 2013-05-02 00:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2015-03-26 10:26 - 2013-04-24 00:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-03-26 10:26 - 2013-04-23 21:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-03-26 10:26 - 2012-11-21 23:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2015-03-26 10:26 - 2012-11-07 23:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-26 10:25 - 2014-02-05 21:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-03-26 10:25 - 2013-10-03 08:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-26 10:24 - 2013-10-22 03:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-03-26 10:24 - 2013-10-10 22:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-03-26 10:24 - 2013-10-10 22:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-03-26 10:24 - 2013-10-10 20:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF
2015-03-26 10:24 - 2013-07-16 00:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2015-03-26 10:24 - 2013-07-09 08:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-26 10:24 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-03-26 10:24 - 2012-02-29 11:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2015-03-26 10:24 - 2012-02-29 09:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2015-03-26 10:24 - 2011-11-16 12:23 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2015-03-26 10:24 - 2011-10-25 11:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-26 10:24 - 2011-08-25 12:15 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-03-26 10:24 - 2011-08-25 12:14 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2015-03-26 10:24 - 2011-08-25 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll
2015-03-26 10:23 - 2013-03-07 23:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-26 10:23 - 2011-06-15 12:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2015-03-26 10:22 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-03-26 10:22 - 2013-07-02 22:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2015-03-26 10:22 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-03-26 10:22 - 2013-04-17 08:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-03-26 10:22 - 2013-03-07 23:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-03-26 10:22 - 2012-05-01 10:03 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-03-26 10:20 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-03-26 10:20 - 2013-02-11 21:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-03-26 10:20 - 2011-11-16 12:23 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-26 10:20 - 2011-11-16 10:12 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-26 10:20 - 2010-05-04 15:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2015-03-26 09:46 - 2013-07-08 00:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-26 09:46 - 2013-07-08 00:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-26 09:46 - 2013-07-08 00:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-26 09:36 - 2012-01-09 11:54 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2015-03-26 08:50 - 2015-03-28 14:59 - 00003588 _____ () C:\Windows\setupact.log
2015-03-26 08:50 - 2015-03-26 09:34 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-26 08:50 - 2015-03-26 08:50 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-25 16:26 - 2015-03-29 11:12 - 00960386 _____ () C:\Windows\PFRO.log
2015-03-25 14:37 - 2015-03-25 14:37 - 00000020 _____ () C:\Users\Barbara\AppData\Roaming\appdataFr3.bin
2015-03-25 14:32 - 2015-03-25 14:33 - 00000000 ____D () C:\Program Files\Common Files\Adobe(1)
2015-03-25 14:32 - 2015-03-25 14:32 - 00000000 ____D () C:\Program Files\Adobe(0)
2015-03-25 13:58 - 2015-03-28 10:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-25 13:57 - 2015-03-25 13:57 - 05475064 _____ (Avast Software s.r.o.) C:\Users\Barbara\Downloads\avast_free_antivirus_setup_online.exe
2015-03-25 11:33 - 2015-03-28 14:55 - 00000000 ____D () C:\Windows\pss
2015-03-25 11:24 - 2015-03-25 11:24 - 02168320 _____ () C:\Users\Barbara\Desktop\AdwCleaner.exe
2015-03-25 11:12 - 2015-03-25 11:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-25 10:57 - 2015-03-25 10:57 - 00000982 _____ () C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2015-03-25 10:53 - 2015-03-25 10:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Barbara\Desktop\rkill.exe
2015-03-25 10:51 - 2012-06-02 18:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-03-25 10:51 - 2012-06-02 18:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-03-25 10:51 - 2012-06-02 18:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-03-25 10:51 - 2012-06-02 18:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-03-25 10:50 - 2012-06-02 18:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-03-25 10:50 - 2012-06-02 18:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-03-25 10:50 - 2012-06-02 18:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-03-25 10:50 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-03-25 10:50 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-03-22 13:56 - 2015-03-22 13:56 - 01388672 _____ (Thisisu) C:\Users\Barbara\Downloads\JRT.exe
2015-03-22 11:11 - 2015-03-29 16:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 11:09 - 2015-03-28 22:59 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-22 11:09 - 2015-03-22 11:09 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-22 11:09 - 2015-03-22 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-22 11:09 - 2015-03-22 11:09 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-22 11:09 - 2015-03-17 06:24 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 11:09 - 2015-03-17 06:24 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 11:07 - 2015-03-22 11:07 - 21540904 _____ (Malwarebytes Corporation ) C:\Users\Barbara\Downloads\mbam-setup.exe
2015-03-22 10:44 - 2015-03-28 23:37 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-22 10:44 - 2015-03-22 10:45 - 00000000 ____D () C:\Windows\system32\eu-ES
2015-03-22 10:44 - 2015-03-22 10:45 - 00000000 ____D () C:\Windows\system32\ca-ES
2015-03-22 10:44 - 2015-03-22 10:44 - 00000000 ____D () C:\Windows\system32\vi-VN
2015-03-22 10:41 - 2015-03-22 10:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2015-03-22 09:48 - 2015-03-22 09:48 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-03-21 20:06 - 2015-03-21 20:06 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Macromedia
2015-03-21 19:57 - 2015-03-21 19:57 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-16 19:57 - 2015-03-16 19:59 - 00000000 ____D () C:\ProgramData\WRData

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 20:12 - 2010-03-01 17:39 - 00028029 _____ () C:\ProgramData\nvModes.001
2015-03-29 20:12 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-29 20:12 - 2006-11-02 08:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 20:12 - 2006-11-02 08:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 20:08 - 2013-07-23 10:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-29 16:52 - 2010-03-01 17:38 - 00028029 _____ () C:\ProgramData\nvModes.dat
2015-03-29 16:50 - 2007-11-02 04:02 - 01235833 _____ () C:\Windows\WindowsUpdate.log
2015-03-29 16:50 - 2006-11-02 09:01 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-28 16:07 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2015-03-28 11:58 - 2013-07-23 10:18 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-28 11:58 - 2013-07-23 10:18 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-28 10:35 - 2007-08-07 15:00 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-28 10:35 - 2007-08-07 15:00 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-03-28 09:45 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default
2015-03-28 09:45 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2015-03-28 09:34 - 2008-01-15 06:27 - 00000000 ____D () C:\Users\Barbara
2015-03-27 08:33 - 2013-07-23 10:18 - 00000000 ____D () C:\Program Files\Google
2015-03-27 07:57 - 2007-08-07 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Empowering Technology
2015-03-27 07:57 - 2007-08-07 13:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-27 07:56 - 2008-01-15 06:29 - 00000000 ___HD () C:\Users\Barbara\AppData\Local\acer eNM
2015-03-27 07:53 - 2008-01-30 18:47 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Adobe
2015-03-26 17:49 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-26 17:35 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2015-03-26 17:22 - 2006-11-02 06:33 - 00709582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 17:17 - 2014-12-07 17:56 - 00000953 _____ () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-26 17:15 - 2007-08-07 13:08 - 00000000 ____D () C:\Windows\Panther
2015-03-26 17:13 - 2006-11-02 08:47 - 00271648 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-26 17:08 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-03-26 17:08 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\zh-TW
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\th-TH
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\sv-SE
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\pt-PT
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\nb-NO
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\ko-KR
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\ja-JP
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\it-IT
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\hu-HU
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\he-IL
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\fi-FI
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\et-EE
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\el-GR
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-03-26 17:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-03-26 17:07 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-26 17:01 - 2007-08-07 13:35 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-03-26 15:24 - 2006-11-02 02:32 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2015-03-26 15:24 - 2006-11-02 02:32 - 00001988 _____ () C:\Windows\system32\ticrf.rat
2015-03-26 12:18 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2015-03-26 12:18 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-03-26 12:18 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2015-03-26 12:18 - 2006-11-02 06:22 - 34865152 _____ () C:\Windows\system32\config\software_previous
2015-03-26 12:18 - 2006-11-02 06:22 - 16777216 _____ () C:\Windows\system32\config\system_previous
2015-03-26 12:13 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-03-26 12:13 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-03-26 08:38 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-03-26 07:46 - 2006-11-02 06:22 - 39321600 _____ () C:\Windows\system32\config\components_previous
2015-03-26 07:45 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2015-03-25 14:38 - 2013-07-23 10:19 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Google
2015-03-25 14:32 - 2007-08-07 14:56 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-25 13:50 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Globalization
2015-03-25 12:02 - 2013-04-10 11:04 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-25 11:42 - 2013-04-10 11:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-25 11:36 - 2014-12-07 18:29 - 00000000 ____D () C:\AdwCleaner
2015-03-22 12:41 - 2014-12-07 20:04 - 00000000 ____D () C:\Program Files\Windows Network Accelerater
2015-03-22 12:41 - 2010-02-06 15:13 - 00000000 ____D () C:\Windows\bin
2015-03-22 11:09 - 2013-04-10 10:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-22 10:53 - 2008-01-15 06:28 - 00000879 _____ () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-03-22 10:45 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Photo Gallery
2015-03-22 10:45 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Collaboration
2015-03-22 10:45 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Calendar
2015-03-22 10:45 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Movie Maker
2015-03-22 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-03-22 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\IME
2015-03-22 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\SLUI
2015-03-22 09:34 - 2015-01-07 17:13 - 00000000 ____D () C:\Program Files\Software Update Services
2015-03-21 20:22 - 2013-08-17 15:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-21 20:09 - 2006-11-02 06:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-21 19:09 - 2008-10-01 16:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-03 09:16 - 2013-04-10 11:02 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-03-25 14:37 - 2015-03-25 14:37 - 0000020 _____ () C:\Users\Barbara\AppData\Roaming\appdataFr3.bin
2008-01-30 16:32 - 2010-03-01 16:33 - 0027525 _____ () C:\Users\Barbara\AppData\Roaming\nvModes.001
2008-01-28 16:37 - 2010-02-27 16:20 - 0027525 _____ () C:\Users\Barbara\AppData\Roaming\nvModes.dat
2015-03-26 13:41 - 2015-03-30 07:36 - 0000680 _____ () C:\Users\Barbara\AppData\Local\d3d9caps.dat
2008-12-16 19:03 - 2009-03-07 13:15 - 0005632 _____ () C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-03-01 17:39 - 2015-03-29 20:12 - 0028029 _____ () C:\ProgramData\nvModes.001
2010-03-01 17:38 - 2015-03-29 16:52 - 0028029 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\Barbara\AppData\Local\temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-29 17:06

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Barbara at 2015-03-30 07:39:20
Running from C:\Users\Barbara\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.12.4213 - CyberLink Corporation)
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Inc.)
Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.10 - SUYIN)
Acer Crystal Eye Webcam Video Class Camera  (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.30.500-1.0 - Suyin)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4012 - )
Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4008 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4010 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4021 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4011 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.20070515 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1003 - Acer Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - Alps Electric)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2215 - AVAST Software)
Big Kahuna Reef 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}) (Version:  - Oberon Media)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP480 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series) (Version:  - )
Canon MP480 series User Registration (HKLM\...\Canon MP480 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Dynasty (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}) (Version:  - Oberon Media)
Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
IHA_MessageCenter (HKLM\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Luxor 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Prime Suspects (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}) (Version:  - Oberon Media)
Mystery Case Files Ravenhearst (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}) (Version:  - Oberon Media)
NetZero (HKLM\...\{6C651250-2EB2-11D5-8E33-0050DAD72AC2}) (Version: NetZero QuickStart 7 - NetZero, Inc.)
NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - NVIDIA Corporation)
PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074117(3.7)_Vista_Acer - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Star Defender 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111730193}) (Version:  - Oberon Media)
Superchips Easy Update (HKLM\...\{61CEF73A-056A-492C-B6C6-51AD8013EF57}) (Version: 3.00.0001 - Superchips)
Treasures of the Deep (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}) (Version:  - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Verizon Broadband Toolbar (IE only) (HKLM\...\verizon_broad) (Version:  - )
Verizon Help and Support Tool (HKLM\...\Verizon Help and Support) (Version:  - )
Vz In Home Agent (HKLM\...\{2266312B-3502-41EE-82CD-8DC62276D87B}) (Version: 7.02.12 - Verizon)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.73.0 - Verizon)
Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-03-2015 10:00:33 avast! antivirus system restore point
28-03-2015 10:10:16 avast! antivirus system restore point
28-03-2015 10:34:46 Removed LiveUpdate Notice (Symantec Corporation)
29-03-2015 00:12:19 Scheduled Checkpoint
29-03-2015 12:21:49 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2015-03-28 09:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {76B2488D-55A7-4BBC-83B4-7483402F5D02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-28] (Adobe Systems Incorporated)
Task: {ADC2E256-4730-414C-8909-3255980FDF0F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {BEA6081A-2AE3-4C80-8E45-9B9059621004} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-28] (Avast Software s.r.o.)
Task: {DEA905FD-FCC6-4A71-9700-9E479D4D2113} - System32\Tasks\Microsoft\Windows\RestartManager\{AA799439-3A01-438b-90AE-3263C3E89DE4} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {DEDFC322-43BE-4E48-B4C1-11B12954938C} - System32\Tasks\Acer\Acer Assist\New Message Check - Barbara => C:\Program Files\Acer Assist\AcerAssist.exe [2007-02-07] (Acer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3762424694-237179980-4226746613-1000\Control Panel\Desktop\\Wallpaper -> c:\Windows\Web\wallpaper\Acer01.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 24x7HelpSvc => 2
MSCONFIG\Services: LiveUpdate Notice Ex => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

==================== Accounts: =============================

Administrator (S-1-5-21-3762424694-237179980-4226746613-500 - Administrator - Disabled)
Barbara (S-1-5-21-3762424694-237179980-4226746613-1000 - Administrator - Enabled) => C:\Users\Barbara
Guest (S-1-5-21-3762424694-237179980-4226746613-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2015 07:30:30 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/29/2015 08:21:36 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/28/2015 08:14:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (03/28/2015 02:49:32 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/28/2015 02:32:59 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/28/2015 02:32:08 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/28/2015 11:43:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1d8
Start Time: 01d069600c4b58c2
Termination Time: 3260

Error: (03/28/2015 10:34:16 AM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: Barbara-PC)
Description: errorFailed unregistering service.

Error: (03/28/2015 10:10:06 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7770b58b-50b7-4125-9ca0-5cbd9cb0d555}

Error: (03/28/2015 10:00:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2ee05e83-30bf-41c1-a200-f2262589299c}


System errors:
=============
Error: (03/30/2015 07:31:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
spldr
Wanarpv6

Error: (03/30/2015 07:31:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068

Error: (03/30/2015 07:30:35 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/30/2015 07:30:34 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/30/2015 07:30:30 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/30/2015 07:30:23 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/30/2015 07:30:22 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.107 for the Network Card with network address 001E4C03849E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/29/2015 08:21:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/29/2015 08:21:40 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/29/2015 08:21:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-30 07:39:11.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-30 07:39:10.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-30 07:39:09.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-30 07:39:08.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-30 07:39:07.719
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-30 07:39:06.908
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-30 07:39:06.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-30 07:39:05.285
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-30 07:38:26.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-30 07:38:26.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Turion™ 64 X2 Mobile Technology TL-58
Percentage of memory in use: 31%
Total physical RAM: 1790.19 MB
Available physical RAM: 1221.67 MB
Total Pagefile: 3826.84 MB
Available Pagefile: 3398.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.03 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:69.77 GB) (Free:33.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:67.92 GB) NTFS
Drive e: (Verizon) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: D95677CE)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=69.8 GB) - (Type=06)
Partition 3: (Not Active) - (Size=69.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


 
Member of the Bleeping Computer A.I.I. early response team!

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:15 PM

Posted 30 March 2015 - 08:34 PM

Greetings loki2007 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3762424694-237179980-4226746613-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3762424694-237179980-4226746613-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {A057A204-BACC-4D26-8398-26FADCF27386} -  No File
Toolbar: HKU\S-1-5-21-3762424694-237179980-4226746613-1000 -> No Name - {A057A204-BACC-4D26-8398-26FADCF27386} -  No File
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Barbara\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKsla4b46077; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{41676389-6129-4EF6-B288-757F023AC24C}\MpKsla4b46077.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
2015-03-26 15:24 - 2006-11-02 02:32 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2015-03-26 15:24 - 2006-11-02 02:32 - 00001988 _____ () C:\Windows\system32\ticrf.rat
S2 a6e8324c; "C:\Windows\system32\rundll32.exe" "c:\Program Files\SegmentBuilder\SegmentBuilder.dll",serv
c:\Program Files\SegmentBuilder
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FSS log
  • MiniToolBox log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 loki2007

loki2007
  • Topic Starter

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:09:15 PM

Posted 30 March 2015 - 09:02 PM

Thanks for your help Oh My! Here are the logs as requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Barbara at 2015-03-30 21:49:42 Run:1
Running from C:\Users\Barbara\Desktop
Loaded Profiles: Barbara (Available profiles: Barbara)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3762424694-237179980-4226746613-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3762424694-237179980-4226746613-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {A057A204-BACC-4D26-8398-26FADCF27386} -  No File
Toolbar: HKU\S-1-5-21-3762424694-237179980-4226746613-1000 -> No Name - {A057A204-BACC-4D26-8398-26FADCF27386} -  No File
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Barbara\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKsla4b46077; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{41676389-6129-4EF6-B288-757F023AC24C}\MpKsla4b46077.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
2015-03-26 15:24 - 2006-11-02 02:32 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2015-03-26 15:24 - 2006-11-02 02:32 - 00001988 _____ () C:\Windows\system32\ticrf.rat
S2 a6e8324c; "C:\Windows\system32\rundll32.exe" "c:\Program Files\SegmentBuilder\SegmentBuilder.dll",serv
c:\Program Files\SegmentBuilder
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3762424694-237179980-4226746613-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3762424694-237179980-4226746613-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A057A204-BACC-4D26-8398-26FADCF27386} => value deleted successfully.
HKCR\CLSID\{A057A204-BACC-4D26-8398-26FADCF27386} => Key not found.
HKU\S-1-5-21-3762424694-237179980-4226746613-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-8398-26FADCF27386} => value deleted successfully.
HKCR\CLSID\{A057A204-BACC-4D26-8398-26FADCF27386} => Key not found.
blbdrive => Service deleted successfully.
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
MpKsla4b46077 => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
UIUSys => Service deleted successfully.
C:\Windows\system32\icrav03.rat => Moved successfully.
C:\Windows\system32\ticrf.rat => Moved successfully.
a6e8324c => Service deleted successfully.
"c:\Program Files\SegmentBuilder" => File/Directory not found.

==== End of Fixlog 21:49:43 ====

 

Farbar Service Scanner Version: 17-01-2015
Ran by Barbara (administrator) on 30-03-2015 at 21:51:07
Running from "C:\Users\Barbara\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

 

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Barbara (administrator) on 30-03-2015 at 21:52:47
Running from "C:\Users\Barbara\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Model: Aspire 5520 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Loopback Pseudo-Interface 1" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Barbara-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-1B-38-64-F4-0C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 00-1E-4C-03-84-9E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c5af:6305:72e7:f109%8(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, March 30, 2015 9:44:56 PM
   Lease Expires . . . . . . . . . . : Tuesday, March 31, 2015 9:44:55 PM
   Default Gateway . . . . . . . . . : fe80::9afc:11ff:fe8b:e278%8
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 167778686
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-BC-91-83-00-1B-38-64-F4-0C
   DNS Servers . . . . . . . . . . . : 64.222.165.243
                                       64.222.84.243
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  irdns.manh.myfairpoint.net
Address:  64.222.165.243

Name:    google.com
Addresses:  74.125.226.39
      74.125.226.37
      74.125.226.40
      74.125.226.33
      74.125.226.38
      74.125.226.36
      74.125.226.35
      74.125.226.34
      74.125.226.32
      74.125.226.46
      74.125.226.41



Pinging google.com [74.125.226.34] with 32 bytes of data:

Reply from 74.125.226.34: bytes=32 time=28ms TTL=53

Reply from 74.125.226.34: bytes=32 time=30ms TTL=53



Ping statistics for 74.125.226.34:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 28ms, Maximum = 30ms, Average = 29ms

Server:  irdns.manh.myfairpoint.net
Address:  64.222.165.243

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=108ms TTL=45

Reply from 206.190.36.45: bytes=32 time=112ms TTL=45



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 108ms, Maximum = 112ms, Average = 110ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 1ms, Average = 0ms

===========================================================================
Interface List
  9 ...00 1b 38 64 f4 0c ...... NVIDIA nForce Networking Controller
  8 ...00 1e 4c 03 84 9e ...... Atheros AR5007EG Wireless Network Adapter
  1 ........................... Software Loopback Interface 1
 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.107     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.107    281
    192.168.1.107  255.255.255.255         On-link     192.168.1.107    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.107    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.107    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.107    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8   4121 ::/0                     fe80::9afc:11ff:fe8b:e278
  1    306 ::1/128                  On-link
  8    281 fe80::/64                On-link
  8    281 fe80::c5af:6305:72e7:f109/128
                                    On-link
  1    306 ff00::/8                 On-link
  8    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48640] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

**** End of log ****
 

 

 

 

 

 

Attached Files


 
Member of the Bleeping Computer A.I.I. early response team!

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:15 PM

Posted 30 March 2015 - 10:06 PM

Thank you. Can you provide an update about your computer performance?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 loki2007

loki2007
  • Topic Starter

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:09:15 PM

Posted 31 March 2015 - 07:03 AM

Hi, the computer seems to be running ok but the problem is I want to revert the computer back to a  Normal startup with msconfig and that is when I start to have problems. It won't let me select and apply a Normal startup through msconfig? I haven't tried since I have been following this post but I was wondering what your thoughts were?


 
Member of the Bleeping Computer A.I.I. early response team!

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:15 PM

Posted 31 March 2015 - 01:42 PM

Please see if you can change the settings to boot normally. If you can let me know how the computer is running.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 loki2007

loki2007
  • Topic Starter

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:09:15 PM

Posted 31 March 2015 - 01:51 PM

When I try to change the settings to boot normally and click apply it just reverts back to selective startup and doesn't change? Could msconfig somehow be corrupt?


 
Member of the Bleeping Computer A.I.I. early response team!

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:15 PM

Posted 31 March 2015 - 02:21 PM

Do you have any items unchecked in either the Services or Startup tabs?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 loki2007

loki2007
  • Topic Starter

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:09:15 PM

Posted 31 March 2015 - 02:33 PM

In startup I have two instances of the Avast startup, one that I disabled before when the wireless was not working. I did a uninstall of avast and reinstalled it. The one avast startup I disabled when I check it and hit apply it unchecks it??? Not sure how to remove that entry?


 
Member of the Bleeping Computer A.I.I. early response team!

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:15 PM

Posted 31 March 2015 - 02:44 PM

If you have any item unchecked at all then msconfig will show Selective Startup. As far as Avast your second entry is probably an orphaned registry entry and that is why you can't enable it. I am wondering if the 2 issues are actually related. Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • Copy and paste the following into the white box:

HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupreg

  • Check the Export keys radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 loki2007

loki2007
  • Topic Starter

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:09:15 PM

Posted 31 March 2015 - 02:51 PM

Below is all that was in the results file:

 

 

Windows Registry Editor Version 5.00


Edited by loki2007, 31 March 2015 - 02:52 PM.

 
Member of the Bleeping Computer A.I.I. early response team!

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:15 PM

Posted 31 March 2015 - 03:21 PM

Let's do it a different way. Download to your Desktop, double click the icon and a report should appear on your Desktop.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 loki2007

loki2007
  • Topic Starter

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:09:15 PM

Posted 31 March 2015 - 03:27 PM

Executed the file and it asked to create peek.txt, command window opens and just sits there and does nothing???


 
Member of the Bleeping Computer A.I.I. early response team!

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:15 PM

Posted 31 March 2015 - 03:43 PM

OK, let's do it the old fashioned way.

===================================================

Manually Exporting Registry Key

-------------------
  • Press windows key Windows_Logo_key.gif+ r on your keyboard at the same time
  • Type regedit and press Enter
  • Navigate to the following registry entry

HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupreg

  • Right click on the key and select Export
  • A file should be on your desktop
  • Right click on the file and select Edit
  • A Notepad document will open
  • Copy and paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Registry key information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 loki2007

loki2007
  • Topic Starter

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:09:15 PM

Posted 31 March 2015 - 03:55 PM

Sorry this is so difficult but there is no key in that folder. It just shows

 

 

Name

(default) REG_SZ (value not set)

 

There is a AvastUI.exe sub folder?


Edited by loki2007, 31 March 2015 - 03:56 PM.

 
Member of the Bleeping Computer A.I.I. early response team!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users