Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Email is being used to send Spam.


  • This topic is locked This topic is locked
82 replies to this topic

#1 Pop8

Pop8

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:11:03 AM

Posted 19 June 2015 - 12:33 PM

Hello, I am a new member to this forum. I have been having a problem connecting to the internet for the past three month with many “This Page can’t be displayed” notices. Recently I have been getting “Failure to Deliver” messages from Google that one of my email accounts was used to send spam to unknown email recipients. I believe that Google shut him down from their site. Nevertheless, data is still being collected and messages sent preventing me from connecting to the web sites that I need. I am running Windows 7 (32bit) and IE11. My security is Fix-it Utilities Professional and Hitman Pro. Neither of these programs has located the program that is sending out messages from one of my email accounts. Any help in stopping this is appreciated.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 24 June 2015 - 09:35 AM

Greetings Pop8 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Pop8

Pop8
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:11:03 AM

Posted 24 June 2015 - 02:42 PM

Dear Gary, my name is David.

 

Thank you for your patience. I have had a hard time this past week and had to go back to several data restore points. Today I received notices that seven messages were sent from my computer to Craig’s-list sales; all were blocked by Craig’s list or Yahoo. My passphrase on my Linksys router has been removed and my router now sends data in the clear. I have replaced the passphrase several times, and within a minute, it is set back to zero. My router isn’t supposed to work in this configuration.

 

I am a writer and have recently sent to Amazon (seven times) my manuscripts to convert to Kindle format. None of these messages arrived at Amazon. I’m wondering if the problem that I have is sending out their data by using the Subject of my message. I noted on one of the reports that my computer is/has visited several sex sites. I don’t visit sites like this.

I’ve attached the files that you asked for. I’m currently using Emsisoft for my security protection and have disabled Fix-It Utilities. If anyone is interested, I will tell them why.

Thank you for any help and time that you spend on my problem.

Sincerely,

David

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01
Ran by David (administrator) on DAVID-PC on 24-06-2015 12:05:00
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avanquest Software) C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Nova Development\Photo Explosion\Project Studio\ReminderApp.exe
(Tablet Driver) C:\Windows\System32\WTClient.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\p2phost.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] => C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [570736 2009-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 2015-02-04] (Realtek Semiconductor)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1318912 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [ReminderApp_EEAC3053-7055-4143-B8A0-306758055099] => C:\Program Files\Nova Development\Photo Explosion\Project Studio\ReminderApp.exe [145872 2012-08-10] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [WTClient] => C:\Windows\system32\WTClient.exe [41280 2012-05-30] (Tablet Driver)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [4923832 2015-06-24] (Emsisoft Ltd)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\Run: [CollaborationHost] => C:\Windows\system32\p2phost.exe [152064 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {9f4d18ce-a9de-11e2-9b89-806e6f6e6963} - E:\menu.exe
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {a3e3e560-895d-11e0-bee4-001e33c66954} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {aeac108b-7063-11e0-aa6f-001e33c66954} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {cdd1dec0-f351-11df-9c66-001e33c66954} - "E:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-06-24] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ighome.com/
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 - (No Name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} -  No File
SearchScopes: HKLM -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKLM -> {D5A9A846-D9FC-4F67-A06F-17084596B7A8} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\.DEFAULT -> {64631400-B808-4425-83C1-5FA6B99C40F2} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\.DEFAULT -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2384137
SearchScopes: HKU\.DEFAULT -> {D5A9A846-D9FC-4F67-A06F-17084596B7A8} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7MXGB_en
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7MXGB_en
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {D5A9A846-D9FC-4F67-A06F-17084596B7A8} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-27] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} -  No File
Toolbar: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} -  No File
Toolbar: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.104.160.61

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pckus167.default
FF Homepage: hxxp://www.ighome.com/
FF NetworkProxy: "type", 0
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-20] (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-13] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Privacy Badger Firefox - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pckus167.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2014-05-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-06]
FF Extension: No Name - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pckus167.default\extensions\iobitascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-20]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-20]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-20]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-20]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-20]
CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-20]
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 .AVQWindowsMonitorService; C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe [249192 2014-07-30] (Avanquest Software)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5155576 2015-06-24] (Emsisoft Ltd)
S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 AQFileRestoreSrv; C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe [82816 2014-07-30] (Avanquest Software)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S4 Fix-It Task Manager; C:\Program Files\Avanquest\Fix-It\MXTask.exe [534472 2014-07-30] (Avanquest Software)
S4 GlassWire; C:\Program Files\GlassWire\GWCtlSrv.exe [7152128 2015-05-28] (SecureMix LLC)
S4 HeimdalSecureDNS; C:\Program Files\Heimdal\HeimdalSecureDNS\DnsService.exe [93808 2015-05-06] (Microsoft)
S4 HeimdalService; C:\Program Files\Heimdal\Service\HeimdalAgentService.exe [133736 2015-05-06] (CSIS Security Group)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [78104 2010-04-14] (iWin Inc.)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-11-26] (IObit)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [57344 2009-02-19] (TOSHIBA Corporation) [File not signed]
S4 SBAMSvc; C:\Program Files\Avanquest\Fix-It\Antivirus\SBAMSvc.exe [3677000 2012-11-06] (GFI Software)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-14] (TOSHIBA Corporation) [File not signed]
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)
R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-09] (TOSHIBA Corporation)
S4 VCOMCloudAgent; C:\Program Files\Avanquest\Fix-It\VcomCloudAgent.exe [133504 2014-07-30] (Avanquest Software North America)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [82240 2012-05-30] (Tablet Driver)
S4 IMFservice; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2014-12-27] (Advanced Micro Devices Inc.)
R3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [18488 2014-07-30] ()
R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-03-24] (Emsisoft GmbH)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [27568 2015-05-28] (SecureMix LLC)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-02-04] (REALiX™)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12904 2013-10-24] (UVNC BVBA)
R3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [28480 2012-05-30] (PenTablet Driver)
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [19776 2012-05-30] (PenTablet Driver)
S4 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-08-16] ()
S4 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-08-16] ()
R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [376320 2014-12-27] (Realtek Semiconductor Corporation                           )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows ® Codename Longhorn DDK provider)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2012-10-24] (GFI Software)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
S3 TClass2k; C:\Windows\System32\DRIVERS\TClass2k.sys [28480 2012-05-30] (Tablet Driver)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation)
S3 UCTblHid; C:\Windows\System32\DRIVERS\UCTblHid.sys [24896 2012-05-30] (Tablet Driver)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2010-04-19] (Apple, Inc.) [File not signed]
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam.sys [11520 2008-05-06] (Western Digital Technologies) [File not signed]
S4 cpuz134; \??\C:\Users\David\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S4 FileMonitor; No ImagePath
S4 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S4 RegFilter; No ImagePath
S4 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S4 UrlFilter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-24 12:05 - 2015-06-24 12:05 - 00021122 _____ C:\Users\David\Desktop\FRST.txt
2015-06-24 12:03 - 2015-06-24 12:03 - 01148928 _____ (Farbar) C:\Users\David\Desktop\FRST.exe
2015-06-24 11:55 - 2015-06-24 11:55 - 00000165 _____ C:\Windows\Reimage.ini
2015-06-24 11:51 - 2015-06-24 11:51 - 00000000 ____D C:\Users\David\AppData\Local\{A04484B2-375A-47DF-A503-3E2E6746CE51}
2015-06-24 03:46 - 2015-06-24 03:46 - 00001188 _____ C:\Windows\system32\ServiceConfig.xml
2015-06-24 03:13 - 2015-06-24 03:13 - 00001020 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-06-24 03:12 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-06-24 03:03 - 2015-06-24 03:03 - 00001818 _____ C:\Users\David\Desktop\GlassWire.lnk
2015-06-24 03:03 - 2015-06-24 03:03 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire
2015-06-24 03:03 - 2015-06-24 03:03 - 00000000 ____D C:\Program Files\GlassWire
2015-06-24 03:03 - 2015-05-28 22:30 - 00008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
2015-06-24 03:03 - 2015-05-28 22:15 - 00027568 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2015-06-24 02:57 - 2015-06-24 02:57 - 05740334 _____ C:\Users\David\Desktop\DAVID-PC.arn
2015-06-24 02:04 - 2015-06-24 02:04 - 00001786 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-06-24 02:04 - 2015-06-24 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-06-24 02:04 - 2015-06-24 02:04 - 00000000 ____D C:\Program Files\QuickTime
2015-06-24 02:03 - 2015-06-24 02:03 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-24 01:58 - 2015-06-24 01:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSIS Heimdal
2015-06-24 01:56 - 2015-06-24 01:58 - 00000000 ____D C:\Program Files\Heimdal
2015-06-24 01:56 - 2015-06-24 01:56 - 00000000 ____D C:\ProgramData\CSIS
2015-06-24 01:26 - 2015-06-24 01:26 - 02244096 _____ C:\Users\David\Desktop\AdwCleaner.exe
2015-06-24 01:20 - 2015-06-24 01:20 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\David\Desktop\autoruns.exe
2015-06-24 01:12 - 2015-06-24 01:12 - 04177016 _____ (CSIS Security Group) C:\Users\David\Desktop\HeimdalSetup.exe
2015-06-24 00:55 - 2015-06-24 00:56 - 00004332 _____ C:\Users\David\Desktop\Rkill.txt
2015-06-24 00:55 - 2015-06-24 00:55 - 00000000 ____D C:\Users\David\Desktop\rkill
2015-06-24 00:53 - 2015-06-24 00:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\David\Desktop\rkill.com
2015-06-24 00:35 - 2015-06-24 00:42 - 159485920 _____ (Emsisoft Ltd. ) C:\Users\David\Desktop\EmsisoftAntiMalwareSetup.exe
2015-06-23 18:50 - 2015-06-23 18:50 - 00000000 ____D C:\Users\David\AppData\Local\{D00CADA4-17B2-4907-884A-931571C14DD7}
2015-06-23 17:37 - 2015-06-23 17:37 - 00000000 ____D C:\Users\Default\AppData\Roaming\Gtek
2015-06-23 17:37 - 2015-06-23 17:37 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Gtek
2015-06-23 17:36 - 2015-06-23 17:37 - 00000000 ___HD C:\Users\David\AppData\Roaming\GTek
2015-06-23 17:34 - 2015-06-23 18:04 - 00000000 ____D C:\Program Files\Linksys EasyLink Advisor
2015-06-23 17:34 - 2015-06-23 17:40 - 00000000 ___HD C:\ProgramData\GTek
2015-06-23 16:05 - 2015-06-23 16:05 - 00000000 ____D C:\ProgramData\Emsisoft
2015-06-23 14:51 - 2015-06-24 11:54 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-06-23 14:51 - 2015-06-24 03:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-06-23 04:55 - 2015-06-23 04:55 - 00000000 ____D C:\Users\David\AppData\Local\{B95B9080-3AC9-4A7D-9758-F2B5B2A3358F}
2015-06-23 01:28 - 2015-06-23 01:31 - 00052949 _____ C:\Users\David\Downloads\Addition.txt
2015-06-23 01:26 - 2015-06-24 12:05 - 00000000 ____D C:\FRST
2015-06-23 01:26 - 2015-06-23 01:31 - 00065691 _____ C:\Users\David\Downloads\FRST.txt
2015-06-22 23:57 - 2015-06-22 23:57 - 00000000 ____D C:\Users\David\AppData\Local\{A8614AE1-D2D0-4FEF-BE8D-961478E413A1}
2015-06-22 11:47 - 2015-06-22 11:47 - 00000000 ____D C:\Users\David\AppData\Local\{F10540D0-648A-44EC-934D-6B2CA767CF10}
2015-06-21 15:57 - 2015-06-21 15:57 - 00000000 ____D C:\Users\David\AppData\Local\{DEA3B8C2-17A1-42B7-B30B-CA36E224285D}
2015-06-21 02:38 - 2015-06-21 02:38 - 00000000 ____D C:\Users\David\AppData\Local\{A69D2C1D-4D40-40C7-B785-9CBE06C1B04F}
2015-06-20 13:19 - 2015-06-20 13:19 - 00000000 ____D C:\Users\David\AppData\Local\{F6FC22BF-57FB-41C0-9F59-32F2C9303CCE}
2015-06-20 00:25 - 2015-06-20 00:25 - 00000000 ____D C:\Users\David\AppData\Local\{A9028239-E7A3-4DE2-A9AC-1F9ABEFD37FD}
2015-06-19 09:37 - 2015-06-19 09:37 - 00000000 ____D C:\Users\David\AppData\Local\{A8FED174-3DAA-4DE1-8401-FCCB357B5D4F}
2015-06-18 16:15 - 2015-06-23 20:22 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-18 15:50 - 2015-06-18 15:50 - 00000000 ____D C:\Users\David\AppData\Local\GlassWire
2015-06-18 15:49 - 2015-06-18 15:49 - 00000000 ____D C:\ProgramData\GlassWire
2015-06-18 15:34 - 2015-06-18 15:34 - 00000000 ____D C:\Users\David\AppData\Local\{F797BE2B-F833-401B-AF42-3EBB2488F77B}
2015-06-18 02:26 - 2015-06-18 02:26 - 00000000 ____D C:\Users\David\AppData\Local\{AA6904C9-A11D-4BE1-B76C-E67A139188C7}
2015-06-17 23:38 - 2015-06-17 23:38 - 00000000 ____D C:\Users\David\AppData\Local\{3ED2F40A-9CDD-44B4-B2DF-8B959FD127C7}
2015-06-17 20:59 - 2015-06-17 21:03 - 00000000 ____D C:\Users\David\Desktop\Books
2015-06-17 11:32 - 2015-06-17 11:33 - 00000000 ____D C:\Users\David\AppData\Local\{00A85CFE-105D-486E-BCEA-E6D396A745A1}
2015-06-16 17:02 - 2015-06-24 01:35 - 00000000 ____D C:\AdwCleaner
2015-06-16 16:52 - 2015-06-23 18:00 - 00000000 ____D C:\Users\David\AppData\Local\LogMeIn Rescue Applet
2015-06-16 15:56 - 2015-06-16 15:56 - 00000000 ____D C:\Users\David\AppData\Local\GWX
2015-06-16 13:17 - 2015-06-16 13:18 - 00000000 ____D C:\Users\David\AppData\Local\{B3CB8B19-529F-4C39-BAB1-88CB59492B37}
2015-06-16 12:06 - 2015-06-16 12:16 - 00000000 ____D C:\Program Files\Epubor
2015-06-16 12:05 - 2015-06-16 12:06 - 00000000 ____D C:\Users\David\AppData\Roaming\.Ultimate
2015-06-16 12:05 - 2015-06-16 12:05 - 00000000 ____D C:\Users\David\Ultimate
2015-06-16 12:05 - 2015-06-16 12:05 - 00000000 ____D C:\Users\David\decrypt
2015-06-16 12:05 - 2015-06-16 12:05 - 00000000 ____D C:\Users\David\AppData\Roaming\Ultimate
2015-06-16 12:05 - 2015-06-16 12:05 - 00000000 ____D C:\Users\David\AppData\Roaming\.decrypter
2015-06-16 12:04 - 2015-06-23 20:22 - 00000000 ____D C:\Program Files\ultimate
2015-06-16 03:31 - 2015-06-23 03:58 - 00000000 ____D C:\Users\David\AppData\Local\Amazon Cloud Drive
2015-06-16 03:23 - 2015-06-23 17:59 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-16 01:48 - 2015-06-23 17:59 - 00000000 ____D C:\ProgramData\Epubsoft
2015-06-16 01:48 - 2015-06-16 01:48 - 00000000 ____D C:\Users\David\Documents\Epubsoft
2015-06-16 01:16 - 2015-06-16 01:17 - 00000000 ____D C:\Users\David\AppData\Local\{941F8385-5AF3-4D58-A4DC-3EFB6FAD1B2E}
2015-06-15 19:08 - 2015-06-15 19:08 - 00000000 ____D C:\Users\David\AppData\Local\Amazon.com Inc
2015-06-15 17:49 - 2015-06-23 20:23 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-15 17:37 - 2012-08-24 07:26 - 00006182 _____ C:\Users\David\Documents\M23IJPGRYFDZL6IBOPL5XCD6EP4FWEGI_PDOC.mbp
2015-06-15 17:28 - 2015-06-02 13:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-15 17:28 - 2015-05-22 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-15 17:28 - 2015-05-22 21:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-15 17:28 - 2015-05-22 21:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-15 17:28 - 2015-05-22 21:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-15 17:28 - 2015-05-22 21:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-15 17:28 - 2015-05-22 21:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-15 17:28 - 2015-05-22 21:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-15 17:28 - 2015-05-22 21:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-15 17:28 - 2015-05-22 21:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-15 17:28 - 2015-05-22 21:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-15 17:28 - 2015-05-22 21:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-15 17:28 - 2015-05-22 21:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-15 17:28 - 2015-05-22 21:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-15 17:28 - 2015-05-22 21:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-15 17:28 - 2015-05-22 20:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-15 17:28 - 2015-05-22 20:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-15 17:28 - 2015-05-22 20:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-15 17:28 - 2015-05-22 20:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-15 17:28 - 2015-05-22 20:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-15 17:28 - 2015-05-22 20:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-15 17:28 - 2015-05-22 20:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-15 17:28 - 2015-05-22 20:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-15 17:28 - 2015-05-22 20:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-15 17:28 - 2015-05-22 20:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-15 17:28 - 2015-05-22 20:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-15 17:28 - 2015-05-22 20:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-15 17:28 - 2015-05-22 20:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-15 17:27 - 2015-05-27 08:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-15 17:27 - 2015-05-22 21:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-15 17:27 - 2015-05-22 21:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-15 17:27 - 2015-05-22 20:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-15 11:27 - 2015-06-15 11:28 - 00000000 ____D C:\Users\David\AppData\Local\{EBBE472F-D671-4329-916F-2C98CB52CF6B}
2015-06-14 21:58 - 2015-06-13 11:36 - 00001298 _____ C:\Users\David\Documents\TDSOTM 1 different MTM font size 1 for publishing A (Autosaved).LNK
2015-06-14 21:21 - 2015-06-14 21:21 - 00000000 ____D C:\Users\David\AppData\Local\{D1971127-DC86-46A0-BD58-BE447F02C4C8}
2015-06-14 13:21 - 2015-05-01 07:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-14 03:52 - 2015-06-14 03:53 - 00000000 ____D C:\Users\David\AppData\Local\{D06FD01A-F7FF-4AD9-9385-EC129297867F}
2015-06-14 01:29 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-06-14 01:28 - 2015-06-14 01:28 - 00000000 _RSHD C:\_Backup.RC
2015-06-14 00:51 - 2014-07-30 12:12 - 00018488 _____ C:\Windows\system32\Drivers\AQFileRestore.sys
2015-06-14 00:51 - 2012-02-09 13:58 - 00035000 _____ C:\Windows\system32\mxntdfg.exe
2015-06-14 00:50 - 2015-06-23 20:23 - 00000000 ____D C:\Windows\system32\Drivers\VDD
2015-06-14 00:50 - 2015-06-14 01:28 - 00000000 ____D C:\ProgramData\Avanquest
2015-06-14 00:50 - 2015-06-14 00:50 - 00001936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fix-It Utilities Professional.lnk
2015-06-14 00:50 - 2015-06-14 00:50 - 00000000 ____D C:\Users\Public\Documents\Avanquest Software
2015-06-14 00:50 - 2015-06-14 00:50 - 00000000 ____D C:\Users\David\AppData\Roaming\Avanquest
2015-06-14 00:50 - 2013-10-24 15:03 - 00024680 _____ (UVNC BVBA) C:\Windows\system32\mv2.dll
2015-06-14 00:50 - 2013-10-24 15:03 - 00012904 _____ (UVNC BVBA) C:\Windows\system32\Drivers\mv2.sys
2015-06-14 00:42 - 2015-06-14 00:42 - 00000000 ____D C:\Program Files\Avanquest
2015-06-14 00:32 - 2015-06-24 00:03 - 00000000 ____D C:\_Backup
2015-06-14 00:32 - 2015-06-14 00:36 - 73333328 _____ (Avanquest) C:\Users\David\Desktop\Fix-It_Professional_ENU_signed.exe
2015-06-13 14:57 - 2015-06-13 14:58 - 00000000 ____D C:\Users\David\AppData\Local\{B6E15CF5-36F9-4C53-8286-347BEABEAEE0}
2015-06-13 13:03 - 2015-02-02 21:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-06-13 13:03 - 2015-02-02 21:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-06-13 13:03 - 2015-02-02 21:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-06-13 13:03 - 2015-02-02 21:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-13 13:03 - 2015-02-02 21:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-06-13 13:03 - 2015-02-02 21:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-06-13 13:03 - 2015-02-02 21:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-06-13 13:03 - 2015-02-02 21:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-06-13 13:03 - 2015-02-02 20:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-06-13 13:03 - 2015-01-30 17:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-13 13:03 - 2014-10-31 16:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-06-13 13:03 - 2014-06-27 18:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-06-13 13:03 - 2014-06-27 18:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-13 13:02 - 2015-02-02 21:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-13 13:02 - 2015-02-02 21:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-06-13 13:02 - 2015-02-02 21:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-06-13 13:02 - 2015-02-02 21:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-06-13 13:02 - 2015-02-02 21:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-06-13 13:02 - 2015-02-02 21:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-06-13 13:02 - 2015-02-02 21:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-06-13 13:02 - 2015-02-02 21:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-06-13 13:01 - 2015-05-25 11:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-13 13:01 - 2015-05-22 12:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-13 13:01 - 2015-05-22 12:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-13 13:01 - 2015-05-22 12:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-13 13:01 - 2015-05-22 12:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-13 13:01 - 2015-05-22 12:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-13 13:01 - 2015-05-22 12:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-13 13:01 - 2015-05-22 11:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-13 13:01 - 2015-05-21 07:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-13 13:01 - 2015-04-24 11:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-13 13:01 - 2015-04-10 21:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-13 13:01 - 2015-03-04 22:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-13 13:01 - 2015-03-03 22:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-13 13:01 - 2015-03-03 22:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-13 13:01 - 2015-02-02 21:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-13 13:01 - 2015-01-30 21:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-13 13:01 - 2015-01-30 21:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-13 13:01 - 2015-01-30 18:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-13 13:01 - 2015-01-28 21:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-13 13:00 - 2015-05-25 12:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-13 13:00 - 2015-05-25 12:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-13 13:00 - 2015-05-25 12:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-13 13:00 - 2015-05-25 12:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-13 13:00 - 2015-05-25 12:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-13 13:00 - 2015-05-25 12:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-13 13:00 - 2015-05-25 12:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-13 13:00 - 2015-05-25 12:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-13 13:00 - 2015-05-25 12:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-13 13:00 - 2015-05-25 12:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-13 13:00 - 2015-05-25 12:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-13 13:00 - 2015-05-25 12:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-13 13:00 - 2015-05-25 12:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-13 13:00 - 2015-05-25 12:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-13 13:00 - 2015-05-25 12:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-13 13:00 - 2015-05-25 11:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-13 13:00 - 2015-05-25 11:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-13 13:00 - 2015-05-25 11:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-13 13:00 - 2015-05-25 11:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-13 13:00 - 2015-05-25 10:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-13 13:00 - 2015-01-16 20:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-13 12:56 - 2015-04-19 20:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-13 12:56 - 2015-04-19 20:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-13 12:56 - 2015-02-12 23:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-13 12:55 - 2015-04-17 20:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-13 12:52 - 2015-04-12 21:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-13 12:52 - 2015-03-03 22:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-13 12:52 - 2015-03-03 22:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-13 12:52 - 2015-03-03 22:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-13 12:52 - 2015-03-03 22:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-13 12:51 - 2015-04-07 21:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-13 12:51 - 2015-04-07 21:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-13 12:51 - 2015-03-24 21:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-13 12:51 - 2015-03-24 21:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-13 12:51 - 2015-03-24 21:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-13 12:51 - 2015-03-24 21:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-13 12:51 - 2015-03-24 21:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-13 12:51 - 2015-03-24 21:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-13 12:51 - 2015-03-24 21:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-13 12:51 - 2015-03-24 21:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-13 12:51 - 2015-03-24 21:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-13 12:51 - 2015-03-24 21:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-13 12:51 - 2015-03-24 21:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-13 12:51 - 2015-02-02 21:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-13 12:49 - 2015-02-18 01:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-13 12:48 - 2015-02-24 21:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-13 12:48 - 2015-02-19 22:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-13 12:48 - 2015-02-19 22:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-13 12:48 - 2015-02-19 22:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-13 12:48 - 2015-02-19 22:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-13 12:48 - 2015-02-19 21:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-13 12:47 - 2015-05-08 21:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-13 12:47 - 2015-05-08 21:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-13 12:47 - 2015-05-08 21:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-13 12:47 - 2015-05-08 21:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-13 12:47 - 2015-05-08 21:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 21:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 19:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 19:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 19:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-13 12:47 - 2015-05-08 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-13 12:47 - 2015-02-03 20:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-13 12:41 - 2015-03-09 21:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-13 12:41 - 2015-03-09 21:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-13 02:20 - 2015-06-13 02:20 - 00000825 _____ C:\Users\David\.recently-used.xbel
2015-06-13 02:15 - 2015-06-13 02:15 - 00000000 ____D C:\Users\David\.fontconfig
2015-06-13 01:53 - 2015-06-13 01:53 - 00000000 ____D C:\Users\David\AppData\Local\{90A81EBA-DFB8-4B75-AF22-BF4F618BB873}
2015-06-13 00:23 - 2015-06-14 00:18 - 00008028 _____ C:\Windows\PFRO.log
2015-06-13 00:08 - 2015-06-24 11:46 - 00051098 _____ C:\Windows\setupact.log
2015-06-13 00:08 - 2015-06-13 00:08 - 00000000 _____ C:\Windows\setuperr.log

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-24 11:54 - 2010-03-05 19:52 - 00019664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-24 11:54 - 2010-03-05 19:52 - 00019664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-24 11:49 - 2012-01-09 04:31 - 01561644 _____ C:\Windows\WindowsUpdate.log
2015-06-24 11:47 - 2012-05-07 13:08 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-24 11:46 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-24 11:34 - 2011-05-15 02:22 - 00000000 ____D C:\Windows\pss
2015-06-24 11:25 - 2012-05-07 13:08 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-24 03:45 - 2011-03-03 08:29 - 00000000 ____D C:\Users\David\AppData\Roaming\Hoyle Puzzle and Board Games
2015-06-24 03:15 - 2010-11-12 22:56 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT
2015-06-24 02:59 - 2010-08-29 22:25 - 00000384 _____ C:\Windows\Tasks\SmartDefrag.job
2015-06-24 02:59 - 2010-03-05 11:41 - 00000348 _____ C:\Windows\Tasks\File Helper.job
2015-06-24 02:02 - 2013-11-22 19:21 - 00000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-06-24 01:35 - 2014-09-27 02:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-23 20:34 - 2009-07-14 01:48 - 00000000 ____D C:\Windows\ShellNew
2015-06-23 20:23 - 2014-12-27 03:38 - 00000000 ____D C:\Users\David\AppData\Roaming\ProductData
2015-06-23 20:23 - 2014-03-14 15:15 - 00000000 ____D C:\Windows\system32\TabletPmt
2015-06-23 20:23 - 2013-09-12 17:17 - 00000000 ____D C:\Users\David\AppData\Roaming\ImTOO
2015-06-23 20:23 - 2012-10-24 09:04 - 00000000 ____D C:\Users\David\Desktop\1 Color Master THE DARKSIDE OF THE MEDALLION A DOCX AAA_files
2015-06-23 20:23 - 2012-09-24 01:46 - 00000000 ____D C:\Windows\system32\gs
2015-06-23 20:23 - 2011-06-02 14:59 - 00000000 ____D C:\Windows\system32\SPReview
2015-06-23 20:23 - 2011-04-12 19:27 - 00000000 ____D C:\Users\David\Desktop\MG Glyphs Jpeg
2015-06-23 20:23 - 2010-03-07 20:23 - 00000000 ____D C:\Windows\system32\RTCOM
2015-06-23 20:23 - 2010-03-05 11:53 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-23 20:23 - 2009-10-10 19:56 - 00000000 ____D C:\Windows\system32\EventProviders
2015-06-23 20:23 - 2009-10-06 19:08 - 00000000 ____D C:\Windows\system32\Drivers\Avg
2015-06-23 20:23 - 2009-10-06 14:29 - 00000000 ____D C:\Windows\system32\sda
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\zh-TW
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\zh-HK
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\wfp
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\tr-TR
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\sv-SE
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\pt-BR
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\nl-NL
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\nb-NO
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\ko-KR
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\it-IT
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\he-IL
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\fr-FR
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\fi-FI
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\el-GR
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\ar-SA
2015-06-23 20:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2015-06-23 20:23 - 2009-05-03 21:43 - 00000000 ____D C:\Windows\system32\Macromed
2015-06-23 20:22 - 2014-12-27 04:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-23 20:22 - 2014-12-27 03:37 - 00000000 ____D C:\ProgramData\ProductData
2015-06-23 20:22 - 2014-10-17 22:33 - 00000000 ____D C:\ProgramData\xPdGbZbjQql
2015-06-23 20:22 - 2014-04-11 15:31 - 00000000 ____D C:\Users\David\Desktop\Allen2014 homework
2015-06-23 20:22 - 2013-09-12 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iStonsoft
2015-06-23 20:22 - 2013-09-12 17:41 - 00000000 ____D C:\Program Files\iStonsoft
2015-06-23 20:22 - 2013-09-12 17:17 - 00000000 ____D C:\Program Files\ImTOO
2015-06-23 20:22 - 2012-11-25 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Explosion 5
2015-06-23 20:22 - 2012-11-25 20:01 - 00000000 ____D C:\Program Files\Common Files\Nova Development
2015-06-23 20:22 - 2012-11-25 19:55 - 00000000 ____D C:\Program Files\Nova Development
2015-06-23 20:22 - 2012-10-03 20:43 - 00000000 ____D C:\Program Files\Mobipocket.com
2015-06-23 20:22 - 2012-08-11 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-06-23 20:22 - 2012-08-11 18:57 - 00000000 ____D C:\Program Files\VideoLAN
2015-06-23 20:22 - 2012-05-07 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-23 20:22 - 2011-02-10 06:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFtoEPUB
2015-06-23 20:22 - 2011-02-10 06:28 - 00000000 ____D C:\Program Files\PDFtoEPUB
2015-06-23 20:22 - 2010-10-29 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-23 20:22 - 2010-03-27 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-06-23 20:22 - 2010-03-27 16:31 - 00000000 ____D C:\Program Files\Calibre2
2015-06-23 20:22 - 2010-03-05 11:53 - 00000000 ____D C:\Program Files\CCleaner
2015-06-23 20:22 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\registration
2015-06-23 20:22 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-23 20:21 - 2009-07-13 22:56 - 00000000 ____D C:\Windows\system32\winrm
2015-06-23 20:21 - 2009-07-13 22:56 - 00000000 ____D C:\Windows\system32\WCN
2015-06-23 20:21 - 2009-07-13 22:56 - 00000000 ____D C:\Windows\system32\slmgr
2015-06-23 20:21 - 2009-07-13 22:56 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2015-06-23 20:21 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2015-06-23 20:21 - 2009-07-13 22:52 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-06-23 20:21 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\spp
2015-06-23 20:21 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\spool
2015-06-23 20:21 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\Speech
2015-06-23 20:21 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\SMI
2015-06-23 20:21 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NetworkList
2015-06-23 20:21 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\MUI
2015-06-23 20:21 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\Msdtc
2015-06-23 20:21 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\IME
2015-06-23 20:20 - 2014-05-07 10:53 - 00000000 ____D C:\Windows\system32\CompatTel
2015-06-23 20:20 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\com
2015-06-23 20:19 - 2009-10-16 19:24 - 00000000 ____D C:\Users\David\AppData\Local\Adobe
2015-06-23 20:19 - 2009-10-06 15:05 - 00000000 ____D C:\Users\David\AppData\Local\Google
2015-06-23 20:18 - 2009-05-03 21:30 - 00000000 ____D C:\Program Files\Java
2015-06-23 20:17 - 2015-01-24 15:10 - 00000000 ____D C:\Program Files\Common Files\Java
2015-06-23 20:17 - 2009-05-03 21:45 - 00000000 ____D C:\Program Files\Google
2015-06-23 18:41 - 2010-03-05 19:54 - 00000000 ____D C:\Users\David
2015-06-23 17:59 - 2010-03-05 10:13 - 00000000 ____D C:\Users\David\AppData\Local\Amazon
2015-06-23 15:54 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-06-23 13:18 - 2013-02-16 17:25 - 10313728 _____ C:\Users\David\ntuser.BAK
2015-06-23 13:18 - 2009-07-13 20:03 - 62914560 _____ C:\Windows\system32\config\software.BAK
2015-06-23 13:18 - 2009-07-13 20:03 - 19922944 _____ C:\Windows\system32\config\system.BAK
2015-06-23 13:18 - 2009-07-13 20:03 - 00098304 _____ C:\Windows\system32\config\sam.BAK
2015-06-21 18:37 - 2014-10-18 00:41 - 00000000 ____D C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499
2015-06-21 11:48 - 2014-01-05 09:46 - 00000000 ____D C:\ProgramData\Oracle
2015-06-20 12:30 - 2013-04-11 19:57 - 00000000 ____D C:\Users\David\AppData\Local\Deployment
2015-06-18 00:40 - 2011-05-23 08:28 - 00031744 ___SH C:\Users\David\Thumbs.db
2015-06-17 23:31 - 2014-02-26 15:35 - 00000000 ____D C:\Windows\Panther
2015-06-17 21:03 - 2014-05-30 23:38 - 00000000 ____D C:\Users\David\Desktop\Familey Photos
2015-06-17 21:01 - 2014-10-11 17:02 - 00000000 ____D C:\Users\David\Desktop\Electronics
2015-06-17 21:00 - 2013-01-05 14:41 - 00000000 ____D C:\Users\David\Desktop\Instructions
2015-06-16 13:12 - 2010-03-27 16:32 - 00000000 ____D C:\Users\David\Calibre Library
2015-06-16 01:20 - 2014-11-12 11:06 - 00000000 __SHD C:\Users\David\AppData\Local\EmieBrowserModeList
2015-06-16 01:20 - 2014-04-16 14:29 - 00000000 __SHD C:\Users\David\AppData\Local\EmieUserList
2015-06-16 01:20 - 2014-04-16 14:29 - 00000000 __SHD C:\Users\David\AppData\Local\EmieSiteList
2015-06-15 18:28 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-15 17:51 - 2010-03-05 20:46 - 00781318 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-15 17:37 - 2010-03-05 10:13 - 00000000 ____D C:\Users\David\Documents\My Kindle Content
2015-06-15 06:05 - 2012-09-24 18:58 - 00000000 ____D C:\Users\David\PDFCreator
2015-06-15 03:54 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\AppCompat
2015-06-14 21:21 - 2011-09-14 13:10 - 00144040 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-14 20:22 - 2011-09-14 20:00 - 03840104 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-14 18:59 - 2010-08-21 17:23 - 00000000 ____D C:\Program Files\Sony
2015-06-14 13:23 - 2014-12-27 12:12 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-14 13:23 - 2009-07-14 01:49 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-14 13:23 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-14 13:22 - 2009-10-06 14:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-14 01:40 - 2012-09-24 01:46 - 00000000 ____D C:\temp
2015-06-14 00:50 - 2009-05-03 21:26 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-06-14 00:30 - 2014-10-11 22:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-14 00:13 - 2010-11-12 22:57 - 00000000 ____D C:\Program Files\Common Files\Nikon
2015-06-14 00:10 - 2009-10-06 14:49 - 00000000 ____D C:\ProgramData\Google
2015-06-13 11:32 - 2014-12-28 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2015-06-13 11:32 - 2011-09-27 19:33 - 00000000 ____D C:\ProgramData\AVG2012
2015-06-13 11:32 - 2010-02-27 21:15 - 00000000 ____D C:\ProgramData\IObit
2015-06-13 11:32 - 2009-11-17 00:56 - 00000000 ____D C:\Users\David\AppData\Roaming\IObit
2015-06-13 11:28 - 2009-11-17 00:56 - 00000000 ____D C:\Program Files\IObit
2015-06-13 02:21 - 2013-08-24 16:03 - 00000000 ____D C:\Users\David\.gimp-2.6
2015-06-13 00:58 - 2009-10-06 19:08 - 00000000 ____D C:\Program Files\AVG
2015-06-13 00:43 - 2012-09-21 22:45 - 00001945 _____ C:\Windows\epplauncher.mif
2015-06-13 00:36 - 2011-05-23 04:45 - 00007607 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg
2015-06-13 00:29 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\winevt
2015-06-13 00:21 - 2010-10-18 12:11 - 00000000 ____D C:\ProgramData\MFAData
2015-05-27 00:03 - 2010-03-10 11:06 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-12-20 23:25 - 2012-02-24 13:17 - 0002235 _____ () C:\Users\David\AppData\Roaming\SAS7_000.DAT
2009-11-21 14:29 - 2010-03-05 20:51 - 0024106 _____ () C:\Users\David\AppData\Roaming\UserTile.png
2014-10-17 23:29 - 2014-10-18 04:29 - 0000095 _____ () C:\Users\David\AppData\Roaming\WB.CFG
2009-10-07 22:05 - 2012-09-30 02:43 - 0001290 _____ () C:\Users\David\AppData\Roaming\wklnhst.dat
2010-11-12 22:56 - 2013-07-08 01:53 - 0000268 ___RH () C:\Users\David\AppData\Roaming\Woodwind
2010-11-12 22:59 - 2010-11-12 22:59 - 0000268 ___RH () C:\Users\David\AppData\Roaming\Work - Home
2011-08-30 22:08 - 2011-08-30 22:08 - 0004608 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-11 18:45 - 2015-02-11 18:45 - 0002107 _____ () C:\Users\David\AppData\Local\recently-used.xbel
2011-05-23 04:45 - 2015-06-13 00:36 - 0007607 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2013-07-08 01:53 - 2013-07-08 01:53 - 0000268 ___RH () C:\ProgramData\business-inkjet
2010-11-12 22:59 - 2010-11-12 22:59 - 0000268 ___RH () C:\ProgramData\deskjet
2014-12-27 03:59 - 2014-12-27 03:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-07-08 01:53 - 2013-07-08 01:53 - 0000012 ___RH () C:\ProgramData\howto
2010-11-12 22:59 - 2010-11-12 22:59 - 0000012 ___RH () C:\ProgramData\manual
2012-11-25 20:03 - 2012-11-25 20:03 - 0000116 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2010-11-12 22:56 - 2015-06-24 03:15 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2010-11-12 22:59 - 2014-09-16 03:58 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT

Files to move or delete:
====================
C:\Users\David\WhiteSmoke_Enrichment_Full.exe


Some files in TEMP:
====================
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-22 19:36

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by David at 2015-06-24 12:06:51
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1978644998-1616513128-776759303-500 - Administrator - Disabled)
David (S-1-5-21-1978644998-1616513128-776759303-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1978644998-1616513128-776759303-501 - Administrator - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avanquest Fix-It (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avanquest Fix-It (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
calibre (HKLM\...\{7AF6603B-28B4-41FE-B862-D7D711645C80}) (Version: 1.4.0 - Kovid Goyal)
ccc-core-static (Version: 2009.0729.2238.38827 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (Version: 7.0.0 - Corel Corporation) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Fix-It (HKLM\...\{12FA6720-D4CF-4FFE-968D-133653AC1B1B}) (Version: 15.0.32.37 - Avanquest)
Fix-It (Version: 15.0.32.37 - Avanquest) Hidden
Free NaturalReader (HKLM\...\{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}) (Version: 9.0 - NaturalSoft Limited)
GIMP 2.6.10 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
GIMP LqR Plug-In (HKLM\...\GimpLqRPlugIn) (Version: PlugIn: 0.7.1 - Lib: 0.4.1 - Carlo Baldassi)
GlassWire 1.1 (remove only) (HKLM\...\GlassWire 1.1) (Version: 1.1.15 - SecureMix LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
H&R Block Deluxe + Efile + State 2014 (HKLM\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.6401 - HRB Technology, LLC.)
H&R Block Nebraska 2014 (HKLM\...\{8FC2CAF3-043B-4BAB-BE39-2A0C6BCE2A08}) (Version: 1.14.2201 - HRB Technology, LLC.)
Heimdal (HKLM\...\Heimdal) (Version: 1.10.3.704 - CSIS Security Group)
Hoyle Puzzle and Board Games 2011 (remove only) (HKLM\...\Hoyle Puzzle and Board Games 2011) (Version:  - )
ImTOO PDF to EPUB Converter (HKLM\...\ImTOO PDF to EPUB Converter) (Version: 1.0.5.20120522 - ImTOO)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
iStonsoft Word to ePub Converter build(2.1.23) (HKLM\...\iStonsoft Word to ePub Converter_is1) (Version: 2.1.23 - iStonsoft)
iWin Games (remove only) (HKLM\...\iWinArcade) (Version:  - )
Java 7 Update 72 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Manga Studio (HKLM\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.3 - Smith Micro)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ Run Time  Lib Setup (HKLM\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mobipocket Creator 4.2 (HKLM\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDFtoEPUB (HKLM\...\PDFtoEPUB) (Version: 1.5.0 - DNAML Pty Ltd.)
Photo Explosion 5 Deluxe (HKLM\...\{EA218B33-C803-43EF-B4E0-B344D4553DA6}) (Version: 5.0.2.4 - Nova Development)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
PlayReady PC runtime (HKLM\...\{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}) (Version: 1 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PRS-500 USB driver (HKLM\...\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}) (Version: 1.0.00.08110 - Sony)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20130 - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0003 - Realtek)
SnowflakePro 1.0.3 (HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\SnowflakePro 1_0_3) (Version:  - )
TOSHIBA Agreement Notification Utility (HKLM\...\InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}) (Version: 1.0.11.0 - TOSHIBA Corporation)
Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 8.0.0.4 - Toshiba)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.23 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.0.2.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.2 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.00 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.1.0 - TOSHIBA Corporation)
Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
Toshiba Resources Page (HKLM\...\{21526716-DFD8-4B90-86D9-EF9F47057B3E}) (Version: 1.0.2.1 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.02 - TOSHIBA Corporation)
TOSHIBA Upgrade Assistant (HKLM\...\{41773726-92D0-4265-A0F8-DD980CA1AEC4}) (Version: 1.1.9 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.28 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.2 - Nikon)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006 1.0.03.08080) (HKLM\...\75070B1806113224B16C70296B90DD1AD8A53479) (Version: 08/08/2006 1.0.03.08080 - Sony Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Word Menus (HKLM\...\Wright_Works_WordMenus) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-06-2015 16:28:36 Checkpoint by HitmanPro
18-06-2015 16:30:57 Checkpoint by HitmanPro
21-06-2015 11:46:00 Removed Java 7 Update 72
21-06-2015 15:12:24 Restore Operation
22-06-2015 12:27:44 Uniblue PC Mechanic installation
22-06-2015 21:56:10 Checkpoint by HitmanPro
23-06-2015 04:37:34 Restore Operation
23-06-2015 05:03:58 Windows Backup
23-06-2015 13:42:23 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-03-03 04:06 - 2010-05-13 18:53 - 00001204 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0825EA1E-7212-4EC3-B787-C425F47EAA2E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {0A36F7DF-4CAF-4803-9B31-36494B6C38AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {128E571A-60F8-47FB-897C-1A88F14974AF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1978644998-1616513128-776759303-1000
Task: {16FDDE03-9008-45EF-AA10-129655A22705} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {17632FDC-76EE-4789-9550-428CE1E4637D} - System32\Tasks\SmartDefrag_Startup => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {17AD4E04-B407-45C4-B476-881B37A265FF} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {1D059341-FDB7-4E1F-AA8A-C4976A806A06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {2642099E-5C68-493A-B8C3-C3AA1ECAE2C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {272C57F4-B4C6-4E53-9AD6-2401BD47ECB4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {2B8F1053-04B1-4F9C-8365-373AC7665548} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {323BB383-54D3-46B3-8B62-8D396CBA40C3} - System32\Tasks\{C65A3F17-F441-4A0C-82C8-7CEDD4F3F646} => pcalua.exe -a "G:\Windows\Setup eBook Library.exe" -d G:\Windows
Task: {365B16E7-C503-47FC-8A82-8954E1DFAD60} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - David => C:\Program Files\Windows Calendar\wincal.exe
Task: {3D581001-CB71-4DE2-94AB-3300E93807CD} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-09-03] (TOSHIBA CORPORATION)
Task: {3E3B3DD6-8465-4133-A176-6A847C5EB6A9} - System32\Tasks\{1947E8D2-734A-4BB7-A503-1F831D8EEE8B} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Nikon\Nikon Transfer\NktTransfer.exe"
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5A3C0F3B-5E35-43A1-BBE5-2380329676E7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {6861E8F9-EFB5-4FFD-B5AA-9A52CC745674} - System32\Tasks\{FBFB131E-FFDC-4CBA-9421-766F67F22CA1} => C:\Windows\System32\java.exe [2014-12-27] (Oracle Corporation)
Task: {71193F14-F9A5-4056-B83E-3BD8200CCAA9} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {77445471-C06E-4EE1-9A4A-46EB5A8B20EB} - System32\Tasks\{54018623-632E-4C68-93D1-6527AC8683CA} => pcalua.exe -a "C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1O79I8T4\AddThis_Toolbar_Phase1[1].exe" -d C:\Users\David\Desktop
Task: {7C5CC0D5-2ABE-4C5B-AE22-B16D3B02EE37} - System32\Tasks\{D7C5CEFA-24D0-4BF7-B36D-4BD12E688AF5} => pcalua.exe -a D:\SETUP.EXE -d D:\ -c /AUTORUN
Task: {7C8AE15E-6FB1-4B79-A13A-64796A3559FB} - System32\Tasks\AdobeAAMUpdater-1.0-David-PC-David => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {7EC819B2-29C9-4F91-9A1B-8D0CDED87BA9} - System32\Tasks\{AB5932C1-E449-4185-946D-48744535D819} => pcalua.exe -a "C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U8U95GN\S-NKTR__-153WF-INTEN-32BIT_.exe" -d C:\Users\David\Desktop
Task: {88358905-75DA-498F-A68E-2BA0DCB456A0} - System32\Tasks\{40D5F7F5-8556-4D85-9D72-E76A6CAED07F} => pcalua.exe -a C:\Users\David\Downloads\QuickWordtoPDF.EXE -d C:\Users\David\Downloads
Task: {90401D53-A275-465E-ADD3-425F18048250} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {916444E7-999C-4F08-9487-E191BD3C5B27} - System32\Tasks\{9E94259C-238C-4E25-BC80-38ADB470999E} => C:\Windows\System32\java.exe [2014-12-27] (Oracle Corporation)
Task: {986D13E7-522B-44B5-A771-8FAE00956C88} - System32\Tasks\{1201857D-1AA4-428C-ABD7-4E03962388DC} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{50F68032-B5B7-4513-9116-C978DBD8F27A}\setup.exe" -c -runfromtemp -l0x0409
Task: {9E8BD1ED-64DE-4CEA-BF8F-766D18D220CC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {A3F5062E-E238-4A9F-A92F-A93CA4EEA00F} - System32\Tasks\SmartDefrag => C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: {A6AF3CCB-2D09-4821-8EF2-697B9F56027F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {A9AAEBA6-413F-46AB-8830-B0C1E08A15CA} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {A9CC1C4D-7F47-452B-92F4-161A94121FFD} - System32\Tasks\Uninstaller_SkipUac_David => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {AA04AF8F-45A4-43E0-9331-03F9FC387CFB} - System32\Tasks\Driver Booster SkipUAC (David) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {AEBB3BAC-CDB7-4D66-BF42-4877B3A1931C} - System32\Tasks\{1187DB44-276D-4B29-8871-8DE0A04F978B} => C:\Windows\System32\java.exe [2014-12-27] (Oracle Corporation)
Task: {AECE88E1-001E-43CC-AB6C-EC172748FA52} - System32\Tasks\{93E015AE-B4BA-4A31-9760-E43F5685AE2E} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Sony\Reader\Data\bin\Reader Library.exe"
Task: {B3AB7A2A-FA71-4298-9A21-4A65F29A47FC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B8C07CA9-6690-42BB-87DD-ECB01B64615B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {BE665ACA-B0AF-4E58-821B-CCA44FD6E2FE} - System32\Tasks\{4526388B-4916-47FB-93BD-DEB03F212C22} => C:\Program Files\Sony\Reader\Data\bin\Reader Library.exe
Task: {C4833318-3204-426E-80D3-AEB96CBC58E5} - System32\Tasks\{ECE79AE6-7677-4E9E-851C-005C6DE90D33} => C:\Program Files\Nikon\Nikon Transfer\NktTransfer.exe [2009-10-30] (Nikon Corporation)
Task: {D2E4E1F6-76C2-439F-99D9-3A6C1356A74F} - System32\Tasks\{61D4438D-5C1E-49E2-8745-5826057F2F84} => pcalua.exe -a "C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0Z2MMST\S-NKTR__-153WF-NSAEN-32BIT_.exe" -d C:\Users\David\Desktop
Task: {DF05D193-2BCA-488A-AF08-06CDF1CDEF14} - System32\Tasks\File Helper => C:\Program Files\File Helper\2.2.0.3\FileHelper.exe
Task: {E0C49C8D-F86C-488A-B17B-8EBEF01D1F77} - System32\Tasks\{0DFB9BEB-AF0B-4DE4-83A9-46A4FD2A1DAA} => C:\Program Files\Nikon\Nikon Transfer\NktTransfer.exe [2009-10-30] (Nikon Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {F21CCE1A-140E-43D7-A539-2D2FFB22F82A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F25C7AAE-112B-4F8D-B9EA-C400B8743B92} - System32\Tasks\{A81159C7-C06C-4BED-A9A7-77BCF4897A47} => pcalua.exe -a D:\WinXP_EN_HOM_BF.EXE -d D:\
Task: {FD4A7D61-3FBE-4787-A386-CFBFB8F2B63B} - System32\Tasks\{477FB643-45B7-4626-8500-B0F9C93EB659} => pcalua.exe -a C:\Users\David\PDFCreator\setup.exe -d C:\Users\David\AppData\Local\Temp -c -s -dc:\Progra~1\PDFCreator\Actual\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\File Helper.job => C:\Program Files\File Helper\2.2.0.3\FileHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SmartDefrag.job => C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

==================== Loaded Modules (Whitelisted) ==============

2012-05-30 06:09 - 2012-05-30 06:09 - 00249664 _____ () C:\Windows\system32\WinTab32.DLL
2012-08-10 12:08 - 2012-08-10 12:08 - 00145872 _____ () C:\Program Files\Nova Development\Photo Explosion\Project Studio\ReminderApp.exe
2012-05-30 06:09 - 2012-05-30 06:09 - 00249664 _____ () C:\Windows\System32\WinTab32.DLL
2012-05-30 06:09 - 2012-05-30 06:09 - 00241472 _____ () C:\Windows\System32\MyDrawLineWindowDll.dll
2009-09-17 16:36 - 2009-09-17 16:36 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\David\Documents\Rick Perry Strong_ Urban Word of the Day.eml:OECustomProperty
AlternateDataStreams: C:\Users\Public\Documents\2 Days Only--VIP's Save 25%!.eml:OECustomProperty
AlternateDataStreams: C:\Users\Public\Documents\How to Make Your Website Mobile Friendly (And Keep Your Readers Happy).eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4837 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1978644998-1616513128-776759303-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.104.160.61

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: .AVQWindowsMonitorService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService5 => 2
MSCONFIG\Services: AgereModemAudio => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ASRservice => 2
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Cleaner_Validator => 2
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DragonSvc => 2
MSCONFIG\Services: Fix-It Task Manager => 2
MSCONFIG\Services: GlassWire => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HeimdalSecureDNS => 2
MSCONFIG\Services: HeimdalService => 2
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: iWinTrusted => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: ReimageRealTimeProtector => 2
MSCONFIG\Services: SBAMSvc => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: Sony SCSI Helper Service => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: VCOMCloudAgent => 2
MSCONFIG\Services: WDDMService => 2
MSCONFIG\Services: WDFME => 2
MSCONFIG\Services: WDSC => 2
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Heimdal.lnk => C:\Windows\pss\Heimdal.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launch WhiteSmoke.lnk => C:\Windows\pss\Launch WhiteSmoke.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Launch WhiteSmoke.lnk => C:\Windows\pss\Launch WhiteSmoke.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Advanced Spyware Remover => "C:\Program Files\IObit\Advanced Spyware Remover\ASRtray.exe" /autostart
MSCONFIG\startupreg: Advanced SystemCare 5 => "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Advanced SystemCare 8 => "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\David\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files\AVG\AVG2012\avgtray.exe"
MSCONFIG\startupreg: boincmgr => "C:\Program Files\BOINC\boincmgr.exe" /a /s
MSCONFIG\startupreg: boinctray => "C:\Program Files\BOINC\boinctray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
MSCONFIG\startupreg: Google Quick Search Box => "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor =>
MSCONFIG\startupreg: MyWebSearch Email Plugin =>
MSCONFIG\startupreg: MyWebSearch Plugin =>
MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Reader Library Launcher => C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
MSCONFIG\startupreg: ReminderApp_EEAC3053-7055-4143-B8A0-306758055099 => C:\Program Files\Nova Development\Photo Explosion\Project Studio\ReminderApp.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{2EF2518F-6AE7-442C-88C3-810FF9A5DD49}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{250E8714-51AA-4421-96F1-2C04BE25FCD4}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{7FBE28B9-3502-4F99-BC25-1A284C4D328A}C:\program files\printershare\paconsole.exe] => (Allow) C:\program files\printershare\paconsole.exe
FirewallRules: [TCP Query User{609247D3-E10F-4AA4-962A-A1F3E982B740}C:\program files\printershare\paconsole.exe] => (Allow) C:\program files\printershare\paconsole.exe
FirewallRules: [{E2FE77E7-2F81-4514-897B-EAF0CD0F3149}] => (Allow) C:\Program Files\AVG\AVG8\avgnsx.exe
FirewallRules: [{28331E80-BC34-42CA-9A5D-6854D0316144}] => (Allow) C:\Program Files\AVG\AVG8\avgupd.exe
FirewallRules: [{1177C3F9-8046-4C2A-B6C8-A4D7CBC8BD4A}] => (Allow) C:\Program Files\AVG\AVG8\avgemc.exe
FirewallRules: [{1CDEE60E-3983-4AAC-A34E-1A8B05796CF1}] => (Allow) C:\Program Files\iWin Games\iWinGames.exe
FirewallRules: [{6CB1FF6E-0115-4B4B-8D87-4422A295F0D5}] => (Allow) C:\Program Files\iWin Games\iWinGames.exe
FirewallRules: [{4BC271D2-C916-4D0D-8CDE-38585EC33F37}] => (Allow) C:\Program Files\iWin Games\WebUpdater.exe
FirewallRules: [{A29B9719-73C0-4B57-B638-DF21A51E7091}] => (Allow) C:\Program Files\iWin Games\WebUpdater.exe
FirewallRules: [{CC5BB01F-DCCE-4218-8B08-A7A3A1B537B3}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{435E24CD-8D8C-4669-A15D-0EBB200AAE41}] => (Allow) LPort=2869
FirewallRules: [{3972B162-D915-4A78-8C29-9D41F6411E58}] => (Allow) LPort=1900
FirewallRules: [{D0D38FF6-FB85-4A27-B1B3-B2ACB1F6FD20}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{A249DA13-AE02-4203-9A2F-1D4F4A58C67A}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{753AB761-237D-4548-AC27-DF3CCDCF61D1}] => (Allow) C:\Program Files\WhiteSmoke\WSEnrichment.exe
FirewallRules: [{8B1556A8-4C23-488F-83AB-83D2B406FF36}] => (Allow) C:\Program Files\WhiteSmoke\WSEnrichment.exe
FirewallRules: [{15F84727-EFB2-42CB-A80A-9930614FFD93}] => (Allow) C:\Program Files\WhiteSmoke\WSEnrichment.exe
FirewallRules: [{10C45F85-2E06-436D-B05D-4DE9C131C94C}] => (Allow) C:\Program Files\WhiteSmoke\WSEnrichment.exe
FirewallRules: [{9B405E10-10DF-4913-AA80-7E5709A07786}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{08B5576E-286A-43C5-B6E9-39215344525D}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{20EF7E77-F4C7-448E-9249-9DEA1B42001B}] => (Allow) C:\Users\David\Downloads\PDFConverterSetup.exe
FirewallRules: [{485FED9F-C694-4888-A028-2B3C42864468}] => (Allow) C:\Users\David\Downloads\PDFConverterSetup.exe
FirewallRules: [{4E25773F-058E-49C4-9DE9-E13BFC65C346}] => (Allow) C:\Users\David\Desktop\PDFConverterSetup.exe
FirewallRules: [{E13DF032-3FCA-4AA8-9C5B-BD9FF4F35AD4}] => (Allow) C:\Users\David\Desktop\PDFConverterSetup.exe
FirewallRules: [{41C72786-571B-4D6F-9170-53CD7D27736C}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{48D9F136-18B6-4AFC-AA19-20F6EC9F2084}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{FA11D1D7-F391-47DE-A5B9-D3D551E3547C}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{60762EF6-D997-4596-9635-62191D694775}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [TCP Query User{DF16DB29-8EBC-46C1-ABF6-4F9A4A478D03}C:\users\david\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\david\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{52620D81-9825-41D5-9610-EE71CA26EDD9}C:\users\david\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\david\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{CFFC4BE6-BB29-4C6C-8B2E-9E7B25ED100F}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{A533EC98-D5AB-4645-827F-DECB89C3E92E}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [{15388F7A-9B8A-4E63-BC39-C35194A861AC}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{4BD88D3A-E8F9-4D13-857E-20D18FC7955E}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [TCP Query User{82CCCF23-0696-42CE-BB1B-31AD845AF1EA}C:\users\david\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\david\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{55B22AB4-52BF-4C86-B5F8-4FC9E4721D4F}C:\users\david\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\david\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B9FF0666-7702-4326-AB45-F90DEB0341B2}] => (Allow) LPort=49231
FirewallRules: [{22888225-B52F-4556-B3D9-C6EEC3E50459}] => (Allow) LPort=5000
FirewallRules: [TCP Query User{7D90763B-A1FC-4D04-BA62-CBC3643C1E73}C:\users\david\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\david\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{6CCD4D2E-8078-4184-83E2-B6E57568ECFD}C:\users\david\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\david\appdata\local\akamai\netsession_win.exe
FirewallRules: [{E577AC9E-B190-43E5-A73B-28510CDE4CCF}] => (Allow) C:\Users\David\AppData\Roaming\Smilebox\sbtb_install.exe
FirewallRules: [{157227A5-19FE-4990-BF5C-5991C38173D5}] => (Allow) C:\Users\David\AppData\Roaming\Smilebox\sbtb_install.exe
FirewallRules: [{12D2E0E4-F02A-430E-839F-11F8913BF546}] => (Allow) C:\Program Files\AVG\AVG2012\avgnsx.exe
FirewallRules: [{481EC483-6E59-4784-B7DE-A6E479751E94}] => (Allow) C:\Program Files\AVG\AVG2012\avgnsx.exe
FirewallRules: [{E102ACFE-CA7F-4A18-902E-A275B470DA64}] => (Allow) C:\Program Files\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{5291A9C6-63F1-4328-97C2-F12C41C2622E}] => (Allow) C:\Program Files\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{2A95DE0B-6EA4-4C27-A532-38B4FD843D62}] => (Allow) C:\Program Files\AVG\AVG2012\avgemcx.exe
FirewallRules: [{FB92F71F-E713-4206-8912-12A7E9703F4E}] => (Allow) C:\Program Files\AVG\AVG2012\avgemcx.exe
FirewallRules: [{32F4F29B-DB5E-42E0-AB07-AC8980D02D81}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{DD2E3762-377E-4C8E-8185-6082E624B7AB}C:\program files\moozy\webaud.exe] => (Allow) C:\program files\moozy\webaud.exe
FirewallRules: [UDP Query User{00E9D8F7-3F3C-4EB0-83E9-C0BB9EF8D7B0}C:\program files\moozy\webaud.exe] => (Allow) C:\program files\moozy\webaud.exe
FirewallRules: [{68DBEB80-E4F0-418A-8A49-74D7AEEAB80C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2E14B74F-CD5D-428F-9FB1-36E50869AED5}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6473DD70-B695-4F60-8782-5BDA5E4096CA}] => (Allow) C:\Program Files\GlassWire\GWCtlSrv.exe
FirewallRules: [{A4A18844-8AA3-47C7-8D17-0789B9BC3E2D}] => (Allow) C:\Program Files\GlassWire\GWCtlSrv.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2015 01:55:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2015 01:38:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 11:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 11:18:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (06/23/2015 06:42:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 04:30:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 02:29:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 01:21:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: InAppNotify.exe, version: 15.0.32.37, time stamp: 0x53d9356b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7b00
Exception code: 0xe0434352
Fault offset: 0x0000812f
Faulting process id: 0x1090
Faulting application start time: 0xInAppNotify.exe0
Faulting application path: InAppNotify.exe1
Faulting module path: InAppNotify.exe2
Report Id: InAppNotify.exe3

Error: (06/23/2015 01:21:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: InAppNotify.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.BadImageFormatException
Stack:
   at System.RuntimeTypeHandle.CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandleInternal ByRef, Boolean ByRef)
   at System.RuntimeType.CreateInstanceSlow(Boolean, Boolean, Boolean, System.Threading.StackCrawlMark ByRef)
   at System.RuntimeType.CreateInstanceDefaultCtor(Boolean, Boolean, Boolean, System.Threading.StackCrawlMark ByRef)
   at System.Activator.CreateInstance(System.Type, Boolean)
   at System.Activator.CreateInstance(System.Type)
   at System.Windows.Controls.WebBrowser+WebOCHostingAdaptor.CreateWebOC()
   at System.Windows.Controls.WebBrowser.CreateActiveXObject(System.Guid)
   at System.Windows.Interop.ActiveXHost.TransitionFromPassiveToLoaded()
   at System.Windows.Interop.ActiveXHost.TransitionUpTo(ActiveXState)
   at System.Windows.Interop.ActiveXHost.BuildWindowCore(System.Runtime.InteropServices.HandleRef)
   at System.Windows.Interop.HwndHost.BuildWindow(System.Runtime.InteropServices.HandleRef)
   at System.Windows.Interop.HwndHost.BuildOrReparentWindow()
   at System.Windows.Interop.HwndHost.OnSourceChanged(System.Object, System.Windows.SourceChangedEventArgs)
   at System.Windows.SourceChangedEventArgs.InvokeEventHandler(System.Delegate, System.Object)
   at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
   at System.Windows.PresentationSource.UpdateSourceOfElement(System.Windows.DependencyObject, System.Windows.DependencyObject, System.Windows.DependencyObject)
   at System.Windows.PresentationSource.OnVisualAncestorChanged(System.Windows.DependencyObject, System.Windows.Media.AncestorChangedEventArgs)
   at System.Windows.UIElement.OnVisualAncestorChanged(System.Object, System.Windows.Media.AncestorChangedEventArgs)
   at System.Windows.Media.Visual.ProcessAncestorChangedNotificationRecursive(System.Windows.DependencyObject, System.Windows.Media.AncestorChangedEventArgs)
   at System.Windows.Media.Visual.FireOnVisualParentChanged(System.Windows.DependencyObject)
   at System.Windows.Media.Visual.AddVisualChild(System.Windows.Media.Visual)
   at System.Windows.FrameworkElement.set_TemplateChild(System.Windows.UIElement)
   at System.Windows.Controls.ContentPresenter+UseContentTemplate.BuildVisualTree(System.Windows.FrameworkElement)
   at System.Windows.StyleHelper.ApplyTemplateContent(System.Windows.UncommonField`1<System.Collections.Specialized.HybridDictionary[]>, System.Windows.DependencyObject, System.Windows.FrameworkElementFactory, Int32, System.Collections.Specialized.HybridDictionary, System.Windows.FrameworkTemplate)
   at System.Windows.FrameworkTemplate.ApplyTemplateContent(System.Windows.UncommonField`1<System.Collections.Specialized.HybridDictionary[]>, System.Windows.FrameworkElement)
   at System.Windows.FrameworkElement.ApplyTemplate()
   at System.Windows.FrameworkElement.MeasureCore(System.Windows.Size)
   at System.Windows.UIElement.Measure(System.Windows.Size)
   at System.Windows.Documents.AdornerDecorator.MeasureOverride(System.Windows.Size)
   at System.Windows.FrameworkElement.MeasureCore(System.Windows.Size)
   at System.Windows.UIElement.Measure(System.Windows.Size)
   at System.Windows.Controls.Border.MeasureOverride(System.Windows.Size)
   at System.Windows.FrameworkElement.MeasureCore(System.Windows.Size)
   at System.Windows.UIElement.Measure(System.Windows.Size)
   at System.Windows.Window.MeasureOverrideHelper(System.Windows.Size)
   at System.Windows.Window.MeasureOverride(System.Windows.Size)
   at System.Windows.FrameworkElement.MeasureCore(System.Windows.Size)
   at System.Windows.UIElement.Measure(System.Windows.Size)
   at System.Windows.Interop.HwndSource.SetLayoutSize()
   at System.Windows.Interop.HwndSource.set_RootVisualInternal(System.Windows.Media.Visual)
   at System.Windows.Interop.HwndSource.set_RootVisual(System.Windows.Media.Visual)
   at System.Windows.Window.SetRootVisual()
   at System.Windows.Window.SetRootVisualAndUpdateSTC()
   at System.Windows.Window.SetupInitialState(Double, Double, Double, Double)
   at System.Windows.Window.CreateSourceWindow(Boolean)
   at System.Windows.Window.CreateSourceWindowDuringShow()
   at System.Windows.Window.SafeCreateWindowDuringShow()
   at System.Windows.Window.ShowHelper(System.Object)
   at System.Windows.Window.Show()
   at InAppMessage.InAppMessageWindow..ctor(Type, System.Windows.Window)
   at InAppNotify.App..ctor()
   at InAppNotify.App.Main()


System errors:
=============
Error: (06/24/2015 11:46:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1068

Error: (06/24/2015 11:46:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (06/24/2015 11:45:57 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/24/2015 11:45:57 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/24/2015 11:45:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Fix-It Utilities Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/24/2015 11:26:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1068

Error: (06/24/2015 11:26:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (06/24/2015 11:24:35 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/24/2015 11:24:35 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/24/2015 11:24:44 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:22:33 AM on ‎6/‎24/‎2015 was unexpected.


Microsoft Office:
=========================
Error: (12/18/2013 02:13:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 17569 seconds with 2220 seconds of active time.  This session ended with a crash.

Error: (02/16/2013 05:12:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 176 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/01/2012 00:11:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 105 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (08/03/2012 04:27:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1036 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (03/01/2012 00:04:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 204 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (12/26/2011 11:03:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/21/2011 06:02:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/20/2011 11:10:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/20/2011 11:09:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/16/2011 00:31:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2010-02-27 21:53:34.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-27 21:53:34.604
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-27 21:53:34.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-27 21:53:34.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-27 21:53:34.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-27 21:53:33.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-27 21:53:33.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-27 21:53:33.664
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-27 21:53:33.470
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-27 21:53:33.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ X2 Dual-Core QL-65
Percentage of memory in use: 29%
Total physical RAM: 3581.83 MB
Available physical RAM: 2511.46 MB
Total Pagefile: 7161.97 MB
Available Pagefile: 5733.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.87 MB

==================== Drives ================================

Drive c: (TI100760V0G) (Fixed) (Total:222.67 GB) (Free:108.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 8100A07C)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=222.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.7 GB) - (Type=17)

==================== End of log ============================

Attached Files


Edited by Oh My!, 24 June 2015 - 02:57 PM.


#4 Pop8

Pop8
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:11:03 AM

Posted 24 June 2015 - 02:48 PM

I am trouble attaching the Summary file.

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 24 June 2015 - 03:04 PM

Hi David and thanks for the information. Did you set this homepage?

 

www.ighome.com


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 24 June 2015 - 03:32 PM

Hi David, thank you for the information.

In my last post I asked about ighome. I am not going to remove those entries until I hear back from you.

We are going to start with this. Please copy and paste the information in your reply unlesss asked to attach it.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {9f4d18ce-a9de-11e2-9b89-806e6f6e6963} - E:\menu.exe
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {a3e3e560-895d-11e0-bee4-001e33c66954} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {aeac108b-7063-11e0-aa6f-001e33c66954} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {cdd1dec0-f351-11df-9c66-001e33c66954} - "E:\WD SmartWare.exe" autoplay=true
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
URLSearchHook: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 - (No Name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} -  No File
SearchScopes: HKLM -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\.DEFAULT -> {64631400-B808-4425-83C1-5FA6B99C40F2} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\.DEFAULT -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2384137
SearchScopes: HKU\.DEFAULT -> {D5A9A846-D9FC-4F67-A06F-17084596B7A8} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL =
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} -  No File
Toolbar: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} -  No File
Toolbar: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Extension: No Name - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pckus167.default\extensions\iobitascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
S4 IMFservice; No ImagePath
S4 cpuz134; \??\C:\Users\David\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S4 FileMonitor; No ImagePath
S4 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S4 RegFilter; No ImagePath
S4 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S4 UrlFilter; No ImagePath
2015-06-24 11:51 - 2015-06-24 11:51 - 00000000 ____D C:\Users\David\AppData\Local\{A04484B2-375A-47DF-A503-3E2E6746CE51}
2015-06-23 18:50 - 2015-06-23 18:50 - 00000000 ____D C:\Users\David\AppData\Local\{D00CADA4-17B2-4907-884A-931571C14DD7}
2015-06-23 04:55 - 2015-06-23 04:55 - 00000000 ____D C:\Users\David\AppData\Local\{B95B9080-3AC9-4A7D-9758-F2B5B2A3358F}
2015-06-22 23:57 - 2015-06-22 23:57 - 00000000 ____D C:\Users\David\AppData\Local\{A8614AE1-D2D0-4FEF-BE8D-961478E413A1}
2015-06-22 11:47 - 2015-06-22 11:47 - 00000000 ____D C:\Users\David\AppData\Local\{F10540D0-648A-44EC-934D-6B2CA767CF10}
2015-06-21 15:57 - 2015-06-21 15:57 - 00000000 ____D C:\Users\David\AppData\Local\{DEA3B8C2-17A1-42B7-B30B-CA36E224285D}
2015-06-21 02:38 - 2015-06-21 02:38 - 00000000 ____D C:\Users\David\AppData\Local\{A69D2C1D-4D40-40C7-B785-9CBE06C1B04F}
2015-06-20 13:19 - 2015-06-20 13:19 - 00000000 ____D C:\Users\David\AppData\Local\{F6FC22BF-57FB-41C0-9F59-32F2C9303CCE}
2015-06-20 00:25 - 2015-06-20 00:25 - 00000000 ____D C:\Users\David\AppData\Local\{A9028239-E7A3-4DE2-A9AC-1F9ABEFD37FD}
2015-06-19 09:37 - 2015-06-19 09:37 - 00000000 ____D C:\Users\David\AppData\Local\{A8FED174-3DAA-4DE1-8401-FCCB357B5D4F}
2015-06-18 15:34 - 2015-06-18 15:34 - 00000000 ____D C:\Users\David\AppData\Local\{F797BE2B-F833-401B-AF42-3EBB2488F77B}
2015-06-18 02:26 - 2015-06-18 02:26 - 00000000 ____D C:\Users\David\AppData\Local\{AA6904C9-A11D-4BE1-B76C-E67A139188C7}
2015-06-17 23:38 - 2015-06-17 23:38 - 00000000 ____D C:\Users\David\AppData\Local\{3ED2F40A-9CDD-44B4-B2DF-8B959FD127C7}
2015-06-17 11:32 - 2015-06-17 11:33 - 00000000 ____D C:\Users\David\AppData\Local\{00A85CFE-105D-486E-BCEA-E6D396A745A1}
2015-06-16 13:17 - 2015-06-16 13:18 - 00000000 ____D C:\Users\David\AppData\Local\{B3CB8B19-529F-4C39-BAB1-88CB59492B37}
2015-06-16 01:16 - 2015-06-16 01:17 - 00000000 ____D C:\Users\David\AppData\Local\{941F8385-5AF3-4D58-A4DC-3EFB6FAD1B2E}
2015-06-15 11:27 - 2015-06-15 11:28 - 00000000 ____D C:\Users\David\AppData\Local\{EBBE472F-D671-4329-916F-2C98CB52CF6B}
2015-06-14 21:21 - 2015-06-14 21:21 - 00000000 ____D C:\Users\David\AppData\Local\{D1971127-DC86-46A0-BD58-BE447F02C4C8}
2015-06-14 03:52 - 2015-06-14 03:53 - 00000000 ____D C:\Users\David\AppData\Local\{D06FD01A-F7FF-4AD9-9385-EC129297867F}
2015-06-13 14:57 - 2015-06-13 14:58 - 00000000 ____D C:\Users\David\AppData\Local\{B6E15CF5-36F9-4C53-8286-347BEABEAEE0}
2015-06-13 01:53 - 2015-06-13 01:53 - 00000000 ____D C:\Users\David\AppData\Local\{90A81EBA-DFB8-4B75-AF22-BF4F618BB873}
C:\Users\David\WhiteSmoke_Enrichment_Full.exe
Task: {17AD4E04-B407-45C4-B476-881B37A265FF} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {7C5CC0D5-2ABE-4C5B-AE22-B16D3B02EE37} - System32\Tasks\{D7C5CEFA-24D0-4BF7-B36D-4BD12E688AF5} => pcalua.exe -a D:\SETUP.EXE -d D:\ -c /AUTORUN
Task: {A9AAEBA6-413F-46AB-8830-B0C1E08A15CA} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • TDSSKiller log
  • aswMBR log
  • Result.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Pop8

Pop8
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:11:03 AM

Posted 24 June 2015 - 03:49 PM

Hello Gary,

 

I did select ighome as my homepage after Google dropped support for their home page. If you believe that this is a problem then delete it. I will follow all of your suggestions and submit the reports as soon as I can.

David



#8 Pop8

Pop8
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:11:03 AM

Posted 24 June 2015 - 04:10 PM

Gary, since this was so long I am sending it to you now.

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by David at 2015-06-24 15:00:08 Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {9f4d18ce-a9de-11e2-9b89-806e6f6e6963} - E:\menu.exe
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {a3e3e560-895d-11e0-bee4-001e33c66954} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {aeac108b-7063-11e0-aa6f-001e33c66954} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {cdd1dec0-f351-11df-9c66-001e33c66954} - "E:\WD SmartWare.exe"
autoplay=true
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
URLSearchHook: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 - (No Name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} -  No File
SearchScopes: HKLM -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\.DEFAULT -> {64631400-B808-4425-83C1-5FA6B99C40F2} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT ->
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\.DEFAULT -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2384137
SearchScopes: HKU\.DEFAULT -> {D5A9A846-D9FC-4F67-A06F-17084596B7A8} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes:
HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL =
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} -  No File
Toolbar: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} -  No File
Toolbar: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo
Gallery\NPWLPG.dll No File
FF Extension: No Name - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pckus167.default\extensions\iobitascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
S4 IMFservice; No ImagePath
S4 cpuz134; \??\C:\Users\David\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S4 FileMonitor; No ImagePath
S4 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S4 RegFilter; No ImagePath
S4 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S4 UrlFilter; No ImagePath
2015-06-24 11:51 - 2015-06-24 11:51 - 00000000 ____D C:\Users\David\AppData\Local\{A04484B2-375A-47DF-A503-3E2E6746CE51}
2015-06-23 18:50
- 2015-06-23 18:50 - 00000000 ____D C:\Users\David\AppData\Local\{D00CADA4-17B2-4907-884A-931571C14DD7}
2015-06-23 04:55 - 2015-06-23 04:55 - 00000000 ____D C:\Users\David\AppData\Local\{B95B9080-3AC9-4A7D-9758-F2B5B2A3358F}
2015-06-22 23:57 - 2015-06-22 23:57 - 00000000 ____D C:\Users\David\AppData\Local\{A8614AE1-D2D0-4FEF-BE8D-961478E413A1}
2015-06-22 11:47 - 2015-06-22 11:47 - 00000000 ____D C:\Users\David\AppData\Local\{F10540D0-648A-44EC-934D-6B2CA767CF10}
2015-06-21 15:57 - 2015-06-21 15:57 - 00000000 ____D C:\Users\David\AppData\Local\{DEA3B8C2-17A1-42B7-B30B-CA36E224285D}
2015-06-21 02:38 - 2015-06-21 02:38 - 00000000 ____D C:\Users\David\AppData\Local\{A69D2C1D-4D40-40C7-B785-9CBE06C1B04F}
2015-06-20 13:19 - 2015-06-20 13:19 - 00000000 ____D C:\Users\David\AppData\Local\{F6FC22BF-57FB-41C0-9F59-32F2C9303CCE}
2015-06-20 00:25 - 2015-06-20 00:25 - 00000000 ____D C:\Users\David\AppData\Local\{A9028239-E7A3-4DE2-A9AC-1F9ABEFD37FD}
2015-06-19 09:37 - 2015-06-19 09:37 -
00000000 ____D C:\Users\David\AppData\Local\{A8FED174-3DAA-4DE1-8401-FCCB357B5D4F}
2015-06-18 15:34 - 2015-06-18 15:34 - 00000000 ____D C:\Users\David\AppData\Local\{F797BE2B-F833-401B-AF42-3EBB2488F77B}
2015-06-18 02:26 - 2015-06-18 02:26 - 00000000 ____D C:\Users\David\AppData\Local\{AA6904C9-A11D-4BE1-B76C-E67A139188C7}
2015-06-17 23:38 - 2015-06-17 23:38 - 00000000 ____D C:\Users\David\AppData\Local\{3ED2F40A-9CDD-44B4-B2DF-8B959FD127C7}
2015-06-17 11:32 - 2015-06-17 11:33 - 00000000 ____D C:\Users\David\AppData\Local\{00A85CFE-105D-486E-BCEA-E6D396A745A1}
2015-06-16 13:17 - 2015-06-16 13:18 - 00000000 ____D C:\Users\David\AppData\Local\{B3CB8B19-529F-4C39-BAB1-88CB59492B37}
2015-06-16 01:16 - 2015-06-16 01:17 - 00000000 ____D C:\Users\David\AppData\Local\{941F8385-5AF3-4D58-A4DC-3EFB6FAD1B2E}
2015-06-15 11:27 - 2015-06-15 11:28 - 00000000 ____D C:\Users\David\AppData\Local\{EBBE472F-D671-4329-916F-2C98CB52CF6B}
2015-06-14 21:21 - 2015-06-14 21:21 - 00000000 ____D
C:\Users\David\AppData\Local\{D1971127-DC86-46A0-BD58-BE447F02C4C8}
2015-06-14 03:52 - 2015-06-14 03:53 - 00000000 ____D C:\Users\David\AppData\Local\{D06FD01A-F7FF-4AD9-9385-EC129297867F}
2015-06-13 14:57 - 2015-06-13 14:58 - 00000000 ____D C:\Users\David\AppData\Local\{B6E15CF5-36F9-4C53-8286-347BEABEAEE0}
2015-06-13 01:53 - 2015-06-13 01:53 - 00000000 ____D C:\Users\David\AppData\Local\{90A81EBA-DFB8-4B75-AF22-BF4F618BB873}
C:\Users\David\WhiteSmoke_Enrichment_Full.exe
Task: {17AD4E04-B407-45C4-B476-881B37A265FF} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {7C5CC0D5-2ABE-4C5B-AE22-B16D3B02EE37} - System32\Tasks\{D7C5CEFA-24D0-4BF7-B36D-4BD12E688AF5} => pcalua.exe -a D:\SETUP.EXE -d D:\ -c /AUTORUN
Task: {A9AAEBA6-413F-46AB-8830-B0C1E08A15CA} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Hosts:

*****************

"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f4d18ce-a9de-11e2-9b89-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{9f4d18ce-a9de-11e2-9b89-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3e3e560-895d-11e0-bee4-001e33c66954}" => key removed successfully.
HKCR\CLSID\{a3e3e560-895d-11e0-bee4-001e33c66954} => key not found.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeac108b-7063-11e0-aa6f-001e33c66954}" => key removed successfully.
HKCR\CLSID\{aeac108b-7063-11e0-aa6f-001e33c66954} => key not found.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdd1dec0-f351-11df-9c66-001e33c66954}" => key removed successfully.
HKCR\CLSID\{cdd1dec0-f351-11df-9c66-001e33c66954} => key not found.
autoplay=true => Error: No automatic fix found for this entry.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f897eb0e-a3a4-46c3-80eb-2729699d8892} => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => key removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{64631400-B808-4425-83C1-5FA6B99C40F2}" => key removed successfully.
HKCR\CLSID\{64631400-B808-4425-83C1-5FA6B99C40F2} => key not found.
HKU\SearchScopes: HKU\.DEFAULT ->\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\.DEFAULT -> => value not found.
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = => Error: No automatic fix found for this entry.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D5A9A846-D9FC-4F67-A06F-17084596B7A8}" => key removed successfully.
HKCR\CLSID\{D5A9A846-D9FC-4F67-A06F-17084596B7A8} => key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => key removed successfully.
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => key not found.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.
SearchScopes: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => key removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90EEE664-34B1-422A-A782-779AF65CDF6D} => value removed successfully.
HKCR\CLSID\{90EEE664-34B1-422A-A782-779AF65CDF6D} => key not found.
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90EEE664-34B1-422A-A782-779AF65CDF6D} => value removed successfully.
HKCR\CLSID\{90EEE664-34B1-422A-A782-779AF65CDF6D} => key not found.
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109" => key removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513" => key removed successfully.
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo not found.
Gallery\NPWLPG.dll No File => Error: No automatic fix found for this entry.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pckus167.default\extensions\iobitascsurfingprotection@iobit.com => not found.
C:\Program Files\IObit Apps Toolbar\FF => not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully.
IMFservice => Service removed successfully.
cpuz134 => Service removed successfully.
FileMonitor => Service removed successfully.
MBAMSwissArmy => Service removed successfully.
RegFilter => Service removed successfully.
Tablet2k => Service removed successfully.
UrlFilter => Service removed successfully.
C:\Users\David\AppData\Local\{A04484B2-375A-47DF-A503-3E2E6746CE51} => moved successfully.
"2015-06-23 18:50" => File/Folder not found.
- 2015-06-23 18:50 - 00000000 ____D C:\Users\David\AppData\Local\{D00CADA4-17B2-4907-884A-931571C14DD7} => Error: No automatic fix found for this entry.
C:\Users\David\AppData\Local\{B95B9080-3AC9-4A7D-9758-F2B5B2A3358F} => moved successfully.
C:\Users\David\AppData\Local\{A8614AE1-D2D0-4FEF-BE8D-961478E413A1} => moved successfully.
C:\Users\David\AppData\Local\{F10540D0-648A-44EC-934D-6B2CA767CF10} => moved successfully.
C:\Users\David\AppData\Local\{DEA3B8C2-17A1-42B7-B30B-CA36E224285D} => moved successfully.
C:\Users\David\AppData\Local\{A69D2C1D-4D40-40C7-B785-9CBE06C1B04F} => moved successfully.
C:\Users\David\AppData\Local\{F6FC22BF-57FB-41C0-9F59-32F2C9303CCE} => moved successfully.
C:\Users\David\AppData\Local\{A9028239-E7A3-4DE2-A9AC-1F9ABEFD37FD} => moved successfully.
"2015-06-19 09:37 - 2015-06-19 09:37 -" => File/Folder not found.
00000000 ____D C:\Users\David\AppData\Local\{A8FED174-3DAA-4DE1-8401-FCCB357B5D4F} => Error: No automatic fix found for this entry.
C:\Users\David\AppData\Local\{F797BE2B-F833-401B-AF42-3EBB2488F77B} => moved successfully.
C:\Users\David\AppData\Local\{AA6904C9-A11D-4BE1-B76C-E67A139188C7} => moved successfully.
C:\Users\David\AppData\Local\{3ED2F40A-9CDD-44B4-B2DF-8B959FD127C7} => moved successfully.
C:\Users\David\AppData\Local\{00A85CFE-105D-486E-BCEA-E6D396A745A1} => moved successfully.
C:\Users\David\AppData\Local\{B3CB8B19-529F-4C39-BAB1-88CB59492B37} => moved successfully.
C:\Users\David\AppData\Local\{941F8385-5AF3-4D58-A4DC-3EFB6FAD1B2E} => moved successfully.
C:\Users\David\AppData\Local\{EBBE472F-D671-4329-916F-2C98CB52CF6B} => moved successfully.
"2015-06-14 21:21 - 2015-06-14 21:21 - 00000000 ____D" => File/Folder not found.
C:\Users\David\AppData\Local\{D1971127-DC86-46A0-BD58-BE447F02C4C8} => moved successfully.
C:\Users\David\AppData\Local\{D06FD01A-F7FF-4AD9-9385-EC129297867F} => moved successfully.
C:\Users\David\AppData\Local\{B6E15CF5-36F9-4C53-8286-347BEABEAEE0} => moved successfully.
C:\Users\David\AppData\Local\{90A81EBA-DFB8-4B75-AF22-BF4F618BB873} => moved successfully.
C:\Users\David\WhiteSmoke_Enrichment_Full.exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{17AD4E04-B407-45C4-B476-881B37A265FF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17AD4E04-B407-45C4-B476-881B37A265FF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C5CC0D5-2ABE-4C5B-AE22-B16D3B02EE37}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C5CC0D5-2ABE-4C5B-AE22-B16D3B02EE37}" => key removed successfully.
C:\Windows\System32\Tasks\{D7C5CEFA-24D0-4BF7-B36D-4BD12E688AF5} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D7C5CEFA-24D0-4BF7-B36D-4BD12E688AF5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9AAEBA6-413F-46AB-8830-B0C1E08A15CA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9AAEBA6-413F-46AB-8830-B0C1E08A15CA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => key removed successfully.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully..
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully..
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

==== End of Fixlog 15:00:45 ====


Gary, since this was so long I am sending it to you now.

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by David at 2015-06-24 15:00:08 Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {9f4d18ce-a9de-11e2-9b89-806e6f6e6963} - E:\menu.exe
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {a3e3e560-895d-11e0-bee4-001e33c66954} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {aeac108b-7063-11e0-aa6f-001e33c66954} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\...\MountPoints2: {cdd1dec0-f351-11df-9c66-001e33c66954} - "E:\WD SmartWare.exe"
autoplay=true
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
URLSearchHook: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 - (No Name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} -  No File
SearchScopes: HKLM -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\.DEFAULT -> {64631400-B808-4425-83C1-5FA6B99C40F2} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT ->
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\.DEFAULT -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2384137
SearchScopes: HKU\.DEFAULT -> {D5A9A846-D9FC-4F67-A06F-17084596B7A8} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes:
HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL =
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} -  No File
Toolbar: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> No Name - {90EEE664-34B1-422A-A782-779AF65CDF6D} -  No File
Toolbar: HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo
Gallery\NPWLPG.dll No File
FF Extension: No Name - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pckus167.default\extensions\iobitascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
S4 IMFservice; No ImagePath
S4 cpuz134; \??\C:\Users\David\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S4 FileMonitor; No ImagePath
S4 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S4 RegFilter; No ImagePath
S4 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S4 UrlFilter; No ImagePath
2015-06-24 11:51 - 2015-06-24 11:51 - 00000000 ____D C:\Users\David\AppData\Local\{A04484B2-375A-47DF-A503-3E2E6746CE51}
2015-06-23 18:50
- 2015-06-23 18:50 - 00000000 ____D C:\Users\David\AppData\Local\{D00CADA4-17B2-4907-884A-931571C14DD7}
2015-06-23 04:55 - 2015-06-23 04:55 - 00000000 ____D C:\Users\David\AppData\Local\{B95B9080-3AC9-4A7D-9758-F2B5B2A3358F}
2015-06-22 23:57 - 2015-06-22 23:57 - 00000000 ____D C:\Users\David\AppData\Local\{A8614AE1-D2D0-4FEF-BE8D-961478E413A1}
2015-06-22 11:47 - 2015-06-22 11:47 - 00000000 ____D C:\Users\David\AppData\Local\{F10540D0-648A-44EC-934D-6B2CA767CF10}
2015-06-21 15:57 - 2015-06-21 15:57 - 00000000 ____D C:\Users\David\AppData\Local\{DEA3B8C2-17A1-42B7-B30B-CA36E224285D}
2015-06-21 02:38 - 2015-06-21 02:38 - 00000000 ____D C:\Users\David\AppData\Local\{A69D2C1D-4D40-40C7-B785-9CBE06C1B04F}
2015-06-20 13:19 - 2015-06-20 13:19 - 00000000 ____D C:\Users\David\AppData\Local\{F6FC22BF-57FB-41C0-9F59-32F2C9303CCE}
2015-06-20 00:25 - 2015-06-20 00:25 - 00000000 ____D C:\Users\David\AppData\Local\{A9028239-E7A3-4DE2-A9AC-1F9ABEFD37FD}
2015-06-19 09:37 - 2015-06-19 09:37 -
00000000 ____D C:\Users\David\AppData\Local\{A8FED174-3DAA-4DE1-8401-FCCB357B5D4F}
2015-06-18 15:34 - 2015-06-18 15:34 - 00000000 ____D C:\Users\David\AppData\Local\{F797BE2B-F833-401B-AF42-3EBB2488F77B}
2015-06-18 02:26 - 2015-06-18 02:26 - 00000000 ____D C:\Users\David\AppData\Local\{AA6904C9-A11D-4BE1-B76C-E67A139188C7}
2015-06-17 23:38 - 2015-06-17 23:38 - 00000000 ____D C:\Users\David\AppData\Local\{3ED2F40A-9CDD-44B4-B2DF-8B959FD127C7}
2015-06-17 11:32 - 2015-06-17 11:33 - 00000000 ____D C:\Users\David\AppData\Local\{00A85CFE-105D-486E-BCEA-E6D396A745A1}
2015-06-16 13:17 - 2015-06-16 13:18 - 00000000 ____D C:\Users\David\AppData\Local\{B3CB8B19-529F-4C39-BAB1-88CB59492B37}
2015-06-16 01:16 - 2015-06-16 01:17 - 00000000 ____D C:\Users\David\AppData\Local\{941F8385-5AF3-4D58-A4DC-3EFB6FAD1B2E}
2015-06-15 11:27 - 2015-06-15 11:28 - 00000000 ____D C:\Users\David\AppData\Local\{EBBE472F-D671-4329-916F-2C98CB52CF6B}
2015-06-14 21:21 - 2015-06-14 21:21 - 00000000 ____D
C:\Users\David\AppData\Local\{D1971127-DC86-46A0-BD58-BE447F02C4C8}
2015-06-14 03:52 - 2015-06-14 03:53 - 00000000 ____D C:\Users\David\AppData\Local\{D06FD01A-F7FF-4AD9-9385-EC129297867F}
2015-06-13 14:57 - 2015-06-13 14:58 - 00000000 ____D C:\Users\David\AppData\Local\{B6E15CF5-36F9-4C53-8286-347BEABEAEE0}
2015-06-13 01:53 - 2015-06-13 01:53 - 00000000 ____D C:\Users\David\AppData\Local\{90A81EBA-DFB8-4B75-AF22-BF4F618BB873}
C:\Users\David\WhiteSmoke_Enrichment_Full.exe
Task: {17AD4E04-B407-45C4-B476-881B37A265FF} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {7C5CC0D5-2ABE-4C5B-AE22-B16D3B02EE37} - System32\Tasks\{D7C5CEFA-24D0-4BF7-B36D-4BD12E688AF5} => pcalua.exe -a D:\SETUP.EXE -d D:\ -c /AUTORUN
Task: {A9AAEBA6-413F-46AB-8830-B0C1E08A15CA} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Hosts:

*****************

"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f4d18ce-a9de-11e2-9b89-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{9f4d18ce-a9de-11e2-9b89-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3e3e560-895d-11e0-bee4-001e33c66954}" => key removed successfully.
HKCR\CLSID\{a3e3e560-895d-11e0-bee4-001e33c66954} => key not found.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeac108b-7063-11e0-aa6f-001e33c66954}" => key removed successfully.
HKCR\CLSID\{aeac108b-7063-11e0-aa6f-001e33c66954} => key not found.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdd1dec0-f351-11df-9c66-001e33c66954}" => key removed successfully.
HKCR\CLSID\{cdd1dec0-f351-11df-9c66-001e33c66954} => key not found.
autoplay=true => Error: No automatic fix found for this entry.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f897eb0e-a3a4-46c3-80eb-2729699d8892} => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => key removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{64631400-B808-4425-83C1-5FA6B99C40F2}" => key removed successfully.
HKCR\CLSID\{64631400-B808-4425-83C1-5FA6B99C40F2} => key not found.
HKU\SearchScopes: HKU\.DEFAULT ->\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\.DEFAULT -> => value not found.
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = => Error: No automatic fix found for this entry.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D5A9A846-D9FC-4F67-A06F-17084596B7A8}" => key removed successfully.
HKCR\CLSID\{D5A9A846-D9FC-4F67-A06F-17084596B7A8} => key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => key removed successfully.
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => key not found.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.
SearchScopes: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1978644998-1616513128-776759303-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => key removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90EEE664-34B1-422A-A782-779AF65CDF6D} => value removed successfully.
HKCR\CLSID\{90EEE664-34B1-422A-A782-779AF65CDF6D} => key not found.
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90EEE664-34B1-422A-A782-779AF65CDF6D} => value removed successfully.
HKCR\CLSID\{90EEE664-34B1-422A-A782-779AF65CDF6D} => key not found.
HKU\S-1-5-21-1978644998-1616513128-776759303-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109" => key removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513" => key removed successfully.
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo not found.
Gallery\NPWLPG.dll No File => Error: No automatic fix found for this entry.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pckus167.default\extensions\iobitascsurfingprotection@iobit.com => not found.
C:\Program Files\IObit Apps Toolbar\FF => not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully.
IMFservice => Service removed successfully.
cpuz134 => Service removed successfully.
FileMonitor => Service removed successfully.
MBAMSwissArmy => Service removed successfully.
RegFilter => Service removed successfully.
Tablet2k => Service removed successfully.
UrlFilter => Service removed successfully.
C:\Users\David\AppData\Local\{A04484B2-375A-47DF-A503-3E2E6746CE51} => moved successfully.
"2015-06-23 18:50" => File/Folder not found.
- 2015-06-23 18:50 - 00000000 ____D C:\Users\David\AppData\Local\{D00CADA4-17B2-4907-884A-931571C14DD7} => Error: No automatic fix found for this entry.
C:\Users\David\AppData\Local\{B95B9080-3AC9-4A7D-9758-F2B5B2A3358F} => moved successfully.
C:\Users\David\AppData\Local\{A8614AE1-D2D0-4FEF-BE8D-961478E413A1} => moved successfully.
C:\Users\David\AppData\Local\{F10540D0-648A-44EC-934D-6B2CA767CF10} => moved successfully.
C:\Users\David\AppData\Local\{DEA3B8C2-17A1-42B7-B30B-CA36E224285D} => moved successfully.
C:\Users\David\AppData\Local\{A69D2C1D-4D40-40C7-B785-9CBE06C1B04F} => moved successfully.
C:\Users\David\AppData\Local\{F6FC22BF-57FB-41C0-9F59-32F2C9303CCE} => moved successfully.
C:\Users\David\AppData\Local\{A9028239-E7A3-4DE2-A9AC-1F9ABEFD37FD} => moved successfully.
"2015-06-19 09:37 - 2015-06-19 09:37 -" => File/Folder not found.
00000000 ____D C:\Users\David\AppData\Local\{A8FED174-3DAA-4DE1-8401-FCCB357B5D4F} => Error: No automatic fix found for this entry.
C:\Users\David\AppData\Local\{F797BE2B-F833-401B-AF42-3EBB2488F77B} => moved successfully.
C:\Users\David\AppData\Local\{AA6904C9-A11D-4BE1-B76C-E67A139188C7} => moved successfully.
C:\Users\David\AppData\Local\{3ED2F40A-9CDD-44B4-B2DF-8B959FD127C7} => moved successfully.
C:\Users\David\AppData\Local\{00A85CFE-105D-486E-BCEA-E6D396A745A1} => moved successfully.
C:\Users\David\AppData\Local\{B3CB8B19-529F-4C39-BAB1-88CB59492B37} => moved successfully.
C:\Users\David\AppData\Local\{941F8385-5AF3-4D58-A4DC-3EFB6FAD1B2E} => moved successfully.
C:\Users\David\AppData\Local\{EBBE472F-D671-4329-916F-2C98CB52CF6B} => moved successfully.
"2015-06-14 21:21 - 2015-06-14 21:21 - 00000000 ____D" => File/Folder not found.
C:\Users\David\AppData\Local\{D1971127-DC86-46A0-BD58-BE447F02C4C8} => moved successfully.
C:\Users\David\AppData\Local\{D06FD01A-F7FF-4AD9-9385-EC129297867F} => moved successfully.
C:\Users\David\AppData\Local\{B6E15CF5-36F9-4C53-8286-347BEABEAEE0} => moved successfully.
C:\Users\David\AppData\Local\{90A81EBA-DFB8-4B75-AF22-BF4F618BB873} => moved successfully.
C:\Users\David\WhiteSmoke_Enrichment_Full.exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{17AD4E04-B407-45C4-B476-881B37A265FF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17AD4E04-B407-45C4-B476-881B37A265FF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C5CC0D5-2ABE-4C5B-AE22-B16D3B02EE37}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C5CC0D5-2ABE-4C5B-AE22-B16D3B02EE37}" => key removed successfully.
C:\Windows\System32\Tasks\{D7C5CEFA-24D0-4BF7-B36D-4BD12E688AF5} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D7C5CEFA-24D0-4BF7-B36D-4BD12E688AF5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9AAEBA6-413F-46AB-8830-B0C1E08A15CA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9AAEBA6-413F-46AB-8830-B0C1E08A15CA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => key removed successfully.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully..
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully..
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

==== End of Fixlog 15:00:45 ====



#9 Pop8

Pop8
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:11:03 AM

Posted 24 June 2015 - 04:35 PM

Gary I couldn.t locate this file on my computer. I did find a copy on the program and have highlighted everything that was red underlined on the report.

David

15:20:49.0280 0x0f40  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04

15:20:55.0816 0x0f40  ============================================================

15:20:55.0816 0x0f40  Current date / time: 2015/06/24 15:20:55.0816

15:20:55.0816 0x0f40  SystemInfo:

15:20:55.0816 0x0f40 

15:20:55.0816 0x0f40  OS Version: 6.1.7601 ServicePack: 1.0

15:20:55.0816 0x0f40  Product type: Workstation

15:20:55.0816 0x0f40  ComputerName: DAVID-PC

15:20:55.0816 0x0f40  UserName: David

15:20:55.0816 0x0f40  Windows directory: C:\Windows

15:20:55.0816 0x0f40  System windows directory: C:\Windows

15:20:55.0816 0x0f40  Processor architecture: Intel x86

15:20:55.0816 0x0f40  Number of processors: 2

15:20:55.0816 0x0f40  Page size: 0x1000

15:20:55.0816 0x0f40  Boot type: Normal boot

15:20:55.0816 0x0f40  ============================================================

15:20:58.0390 0x0f40  KLMD registered as C:\Windows\system32\drivers\29265431.sys

15:20:58.0609 0x0f40  System UUID: {99A5033D-911B-C896-26CE-DA5E1072B5D1}

15:20:59.0108 0x0f40  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:20:59.0108 0x0f40  ============================================================

15:20:59.0108 0x0f40  \Device\Harddisk0\DR0:

15:20:59.0108 0x0f40  MBR partitions:

15:20:59.0108 0x0f40  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BD59000

15:20:59.0108 0x0f40  ============================================================

15:20:59.0123 0x0f40  C: <-> \Device\Harddisk0\DR0\Partition1

15:20:59.0123 0x0f40  ============================================================

15:20:59.0123 0x0f40  Initialize success

15:20:59.0123 0x0f40  ============================================================



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 24 June 2015 - 05:50 PM

Hi David,

No problem with the homepage. Just double checking to make sure it wasn't hijacked.

Please run TDSSKiller again since we didn't get the full log. You can post the aswMBR report when you get a chance as well. A couple hiccups with the Fixlist so please do this as well.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\David\AppData\Local\{A8FED174-3DAA-4DE1-8401-FCCB357B5D4F}
C:\Users\David\AppData\Local\{D1971127-DC86-46A0-BD58-BE447F02C4C8}
SearchScopes: HKU\.DEFAULT -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
HKU\S-1-5-21-1978644998-1616513128-776759303-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
C:\Users\David\AppData\Local\{D00CADA4-17B2-4907-884A-931571C14DD7} 
C:\Users\David\AppData\Local\{A8FED174-3DAA-4DE1-8401-FCCB357B5D4F}
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller report
  • aswMBR report
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 26 June 2015 - 11:46 AM

Greetings,

Please do this and see if you can access your post. Let me know if you have the same problem with Firefox.

===================================================

Launching Internet Explorer Without Add-ons

----------
  • Click Start
  • Type iexplore.exe -extoff then press Enter
  • Check the browser behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 26 June 2015 - 04:58 PM

Greetings David,

I know you are having trouble posting on the site. I would like you to run the following and if you are still unable to access the site upload the file here.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Check you access to BleepingComputer
  • Please copy and paste the contents in your reply or upload it as instructed above
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Result.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 26 June 2015 - 07:24 PM

MiniToolBox by Farbar Version: 22-06-2015
Ran by David (administrator) on 26-06-2015 at 16:52:24
Running from "C:\Users\David\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Model: Satellite L505D Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


========================= IP Configuration: ================================

Realtek RTL8187SE Wireless LAN PCIE Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : David-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wildblue.com

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-22-5F-AC-58-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : wildblue.com
Description . . . . . . . . . . . : Realtek RTL8187SE Wireless LAN PCIE Network Adapter
Physical Address. . . . . . . . . : 00-22-5F-AC-58-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a407:10ca:5e50:6e86%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 26, 2015 4:37:12 PM
Lease Expires . . . . . . . . . . : Saturday, June 27, 2015 4:41:06 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234889823
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-5D-5F-8C-00-22-5F-AC-58-80
DNS Servers . . . . . . . . . . . : 75.104.160.61
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-C6-69-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.wildblue.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{55A30E48-C84D-40D1-8AEF-A0B2422CB07C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vip-cdns.wb1.lax.wldblu.net
Address: 75.104.160.61

Name: google.com
Addresses: 2607:f8b0:4007:808::200e
216.58.219.46


Pinging google.com [216.58.219.46] with 32 bytes of data:
Reply from 216.58.219.46: bytes=32 time=1735ms TTL=50
Reply from 216.58.219.46: bytes=32 time=1420ms TTL=50

Ping statistics for 216.58.219.46:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1420ms, Maximum = 1735ms, Average = 1577ms
Server: vip-cdns.wb1.lax.wldblu.net
Address: 75.104.160.61

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=1119ms TTL=45
Reply from 206.190.36.45: bytes=32 time=1379ms TTL=45

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1119ms, Maximum = 1379ms, Average = 1249ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...00 22 5f ac 58 80 ......Microsoft Virtual WiFi Miniport Adapter
10...00 22 5f ac 58 80 ......Realtek RTL8187SE Wireless LAN PCIE Network Adapter
9...00 1e 33 c6 69 54 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 281
192.168.1.101 255.255.255.255 On-link 192.168.1.101 281
192.168.1.255 255.255.255.255 On-link 192.168.1.101 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::a407:10ca:5e50:6e86/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

**** End of log ****
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Pop8

Pop8
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:11:03 AM

Posted 26 June 2015 - 08:22 PM

15:20:49.0280 0x0f40  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
15:20:55.0816 0x0f40  ============================================================
15:20:55.0816 0x0f40  Current date / time: 2015/06/24 15:20:55.0816
15:20:55.0816 0x0f40  SystemInfo:
15:20:55.0816 0x0f40  
15:20:55.0816 0x0f40  OS Version: 6.1.7601 ServicePack: 1.0
15:20:55.0816 0x0f40  Product type: Workstation
15:20:55.0816 0x0f40  ComputerName: DAVID-PC
15:20:55.0816 0x0f40  UserName: David
15:20:55.0816 0x0f40  Windows directory: C:\Windows
15:20:55.0816 0x0f40  System windows directory: C:\Windows
15:20:55.0816 0x0f40  Processor architecture: Intel x86
15:20:55.0816 0x0f40  Number of processors: 2
15:20:55.0816 0x0f40  Page size: 0x1000
15:20:55.0816 0x0f40  Boot type: Normal boot
15:20:55.0816 0x0f40  ============================================================
15:20:58.0390 0x0f40  KLMD registered as C:\Windows\system32\drivers\29265431.sys
15:20:58.0609 0x0f40  System UUID: {99A5033D-911B-C896-26CE-DA5E1072B5D1}
15:20:59.0108 0x0f40  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:20:59.0108 0x0f40  ============================================================
15:20:59.0108 0x0f40  \Device\Harddisk0\DR0:
15:20:59.0108 0x0f40  MBR partitions:
15:20:59.0108 0x0f40  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BD59000
15:20:59.0108 0x0f40  ============================================================
15:20:59.0123 0x0f40  C: <-> \Device\Harddisk0\DR0\Partition1
15:20:59.0123 0x0f40  ============================================================
15:20:59.0123 0x0f40  Initialize success
15:20:59.0123 0x0f40  ============================================================
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-06-24 15:42:03
-----------------------------
15:42:03.203    OS Version: Windows 6.1.7601 Service Pack 1
15:42:03.203    Number of processors: 2 586 0x301
15:42:03.203    ComputerName: DAVID-PC  UserName: David
15:42:25.199    Initialze error C000010E - driver not loaded
15:42:25.402    write error "aswEngin.dll". The process cannot access the file because it is being used by another process.
15:52:16.996    AVAST engine defs: 15062401
15:52:32.486    Scan error: Incorrect function.
15:52:39.787    Scan stopped
15:52:45.902    Scan error: Incorrect function.
15:52:54.436    Scan stopped
15:53:06.526    Scan error: Incorrect function.
15:53:21.018    Scan stopped
15:53:23.077    Scan error: Incorrect function.
15:54:26.850    Scan stopped
15:54:28.348    Scan error: Incorrect function.
15:54:47.676    The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"
 
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-06-24 16:03:10
-----------------------------
16:03:10.655    OS Version: Windows 6.1.7601 Service Pack 1
16:03:10.655    Number of processors: 2 586 0x301
16:03:10.655    ComputerName: DAVID-PC  UserName: David
16:03:52.370    Initialize success
16:03:52.432    VM: initialized successfully
16:03:52.432    VM: Amd CPU supported 
16:05:08.872    AVAST engine defs: 15062401
16:05:15.440    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:05:15.440    Disk 0 Vendor: TOSHIBA_MK2555GSX FG001M Size: 238475MB BusType: 11
16:05:15.674    Disk 0 MBR read successfully
16:05:15.674    Disk 0 MBR scan
16:05:15.689    Disk 0 Windows 7 default MBR code
16:05:15.705    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
16:05:15.721    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       228018 MB offset 3074048
16:05:15.736    Disk 0 default boot code
16:05:15.767    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         8956 MB offset 470054912
16:05:15.845    Disk 0 scanning sectors +488396800
16:05:16.173    Disk 0 scanning C:\Windows\system32\drivers
16:05:39.292    Service scanning
16:06:43.970    Modules scanning
16:06:43.970    Disk 0 trace - called modules:
16:06:43.986    
16:06:44.968    AVAST engine scan C:\Windows
16:06:49.258    AVAST engine scan C:\Windows\system32
16:12:29.370    AVAST engine scan C:\Windows\system32\drivers
16:12:51.257    AVAST engine scan C:\Users\David
16:42:00.237    AVAST engine scan C:\ProgramData
16:53:23.268    Disk 0 statistics 4448261/0/0 @ 0.90 MB/s
16:53:23.284    Scan finished successfully
16:57:31.777    Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
16:57:31.777    The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"
 
 
 

Attached Files



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 26 June 2015 - 08:57 PM

Hi David,

Now that you have access to another computer please post everything here rather than via Personal Message.

Please do these things. If necessary copy the logs to a USB device and use your second computer to post the results.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users