Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer still slow after removing Malware/PUPs


  • This topic is locked This topic is locked
5 replies to this topic

#1 chfairnh

chfairnh

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 18 July 2015 - 09:02 AM

Working on a family friends computer. Found some stuff with Malwarebytes and ESET. Still slow and unresponsive at times. Could some one please check my FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015
Ran by rfior_000 (administrator) on COMPUTERROOMPC on 18-07-2015 09:19:14
Running from C:\Users\rfior_000\Desktop
Loaded Profiles: rfior_000 (Available Profiles: rfior_000)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.3.0.32_x86__v68kp9n051hdp\mmaMain.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7017032 2013-02-19] (Realtek Semiconductor)
HKLM\...\Run: [WrtMon.exe] => C:\windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-04] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE [136600 2010-03-11] (Corel Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [843776 2009-06-05] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE [55120 2008-12-09] (NewSoft Technology Corporation)
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\Run: [EPSON WorkForce 610 Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\Run: [Dropbox Update] => C:\Users\rfior_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\RunOnce: [Uninstall C:\Users\rfior_000\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rfior_000\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64"
Startup: C:\Users\rfior_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-30]
ShortcutTarget: Dropbox.lnk -> C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\rfior_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk [2014-04-14]
ShortcutTarget: Epson all-in-one Registration.lnk -> E:\Common\EpsonReg\EpsonReg.exe (No File)
Startup: C:\Users\rfior_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrendsGeniusAgent.lnk [2014-03-05]
ShortcutTarget: TrendsGeniusAgent.lnk -> C:\Users\rfior_000\AppData\Roaming\TGF Interactive LLC\Trends Genius\TrendsGeniusAgent.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-07-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-07-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-07-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-04] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-07-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-07-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-07-04] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {D98A6C0D-7273-4BEC-9B14-A6BBCE6B239B} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-04] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-05-30] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-04] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-05-30] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-05-30] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-05-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.222.165.243 64.222.84.243 192.168.1.1
Tcpip\..\Interfaces\{0C1E384F-F109-4F4A-81CD-9225C65B0321}: [DhcpNameServer] 64.222.165.243 64.222.84.243 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\rfior_000\AppData\Roaming\Mozilla\Firefox\Profiles\ybex3iez.default-1397820851480
FF DefaultSearchEngine: Yahoo US
FF DefaultSearchEngine.US: Yahoo US
FF SelectedSearchEngine: Yahoo US
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-09-30] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4123962748-2008712872-3209523492-1001: @citrixonline.com/appdetectorplugin -> C:\Users\rfior_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-10] (Citrix Online)
FF Plugin HKU\S-1-5-21-4123962748-2008712872-3209523492-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\rfior_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Garmin Communicator - C:\Users\rfior_000\AppData\Roaming\Mozilla\Firefox\Profiles\ybex3iez.default-1397820851480\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-10-10]
FF Extension: Disconnect - C:\Users\rfior_000\AppData\Roaming\Mozilla\Firefox\Profiles\ybex3iez.default-1397820851480\Extensions\2.0@disconnect.me.xpi [2014-10-30]
FF Extension: Popup ALT Attribute - C:\Users\rfior_000\AppData\Roaming\Mozilla\Firefox\Profiles\ybex3iez.default-1397820851480\Extensions\{61FD08D8-A2CB-46c0-B36D-3F531AC53C12}.xpi [2014-08-13]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-04]

Chrome:
=======
CHR Profile: C:\Users\rfior_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast SafePrice) - C:\Users\rfior_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\rfior_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-31]
CHR Extension: (Google Wallet) - C:\Users\rfior_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-04]
CHR HKLM-x32\...\Chrome\Extension: [femmkmcmibejidalglcokbifmojpaaob] - C:\Users\rfior_000\AppData\Roaming\TGF Interactive LLC\Trends Genius\trendsgenius.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-04] (Avast Software s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-10-03] (Macrovision Europe Ltd.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-09-05] (WildTangent)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-28] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-04] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-18 09:19 - 2015-07-18 09:19 - 00026275 _____ C:\Users\rfior_000\Desktop\FRST.txt
2015-07-18 09:19 - 2015-07-18 09:19 - 00000000 ____D C:\FRST
2015-07-18 09:18 - 2015-07-18 09:18 - 02134016 _____ (Farbar) C:\Users\rfior_000\Desktop\FRST64.exe
2015-07-17 20:17 - 2015-07-13 17:22 - 00792032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-17 20:17 - 2015-07-13 17:22 - 00177632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 18:02 - 2015-07-16 18:02 - 00000000 ____D C:\b11fd9150f3bb6a5f955
2015-07-15 08:47 - 2015-06-27 09:55 - 02865152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-15 08:47 - 2015-06-27 09:46 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-15 08:47 - 2015-04-30 09:44 - 00478296 _____ C:\windows\SysWOW64\locale.nls
2015-07-15 08:47 - 2015-04-30 09:44 - 00478296 _____ C:\windows\system32\locale.nls
2015-07-15 08:46 - 2015-06-27 12:36 - 00171352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-15 08:46 - 2015-06-27 09:56 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2015-07-15 08:46 - 2015-06-27 09:55 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-15 08:46 - 2015-06-27 09:55 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-15 08:46 - 2015-06-27 09:46 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-15 08:46 - 2015-06-27 09:46 - 00829952 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-15 08:46 - 2015-06-27 09:46 - 00588800 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2015-07-15 08:46 - 2015-06-27 09:46 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-15 08:46 - 2015-06-27 09:23 - 00694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-15 08:46 - 2015-06-25 14:29 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-15 08:46 - 2015-06-25 14:27 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-15 08:45 - 2015-07-03 09:33 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-15 08:45 - 2015-07-03 09:32 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-15 08:45 - 2015-07-03 09:17 - 00366592 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-15 08:45 - 2015-07-03 09:16 - 00304128 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-15 08:45 - 2015-07-02 16:31 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-15 08:45 - 2015-07-02 15:15 - 14384640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-15 08:44 - 2015-01-07 00:25 - 00403456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-15 08:43 - 2015-06-15 11:22 - 13771264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-15 08:43 - 2015-06-15 11:20 - 15415296 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-15 08:42 - 2015-06-29 12:18 - 00026288 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-07-15 08:42 - 2015-06-29 09:28 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-07-15 08:42 - 2015-06-29 09:27 - 01084928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-07-15 08:42 - 2015-06-29 09:27 - 00764928 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-07-15 08:42 - 2015-06-29 09:27 - 00433152 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-07-15 08:42 - 2015-06-29 09:27 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-15 08:42 - 2015-06-29 09:27 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-07-15 08:42 - 2015-06-26 09:07 - 01145856 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-07-15 08:42 - 2015-06-24 21:54 - 04064768 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-15 08:42 - 2015-06-17 10:13 - 01150264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-15 08:42 - 2015-06-17 09:44 - 01567560 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 02416640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 02056704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 00737280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-15 08:42 - 2015-06-15 11:22 - 00062976 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-15 08:42 - 2015-06-15 11:21 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-15 08:42 - 2015-06-15 11:20 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2015-07-15 08:42 - 2015-06-15 11:20 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-15 08:42 - 2015-06-15 11:20 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-15 08:42 - 2015-06-15 11:20 - 02237440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-15 08:42 - 2015-06-15 11:20 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-15 08:42 - 2015-06-15 11:20 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-07-15 08:42 - 2015-06-15 11:20 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-15 08:42 - 2015-06-15 11:20 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-15 08:42 - 2015-06-15 11:20 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-15 08:42 - 2015-06-15 11:20 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-07-15 08:42 - 2015-06-15 11:20 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-15 08:42 - 2015-06-15 11:19 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-15 08:42 - 2015-06-15 11:19 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-15 08:42 - 2015-06-15 11:19 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-15 08:42 - 2015-06-11 16:29 - 01302528 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-15 08:42 - 2015-06-11 12:27 - 01024000 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-15 08:42 - 2015-06-09 09:57 - 03248640 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-07-15 08:42 - 2015-05-07 09:05 - 00410739 _____ C:\windows\system32\ApnDatabase.xml
2015-07-15 08:42 - 2015-04-21 09:53 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-07-14 16:36 - 2015-07-14 16:36 - 02248704 _____ C:\Users\rfior_000\Downloads\adwcleaner_4.208.exe
2015-07-12 20:05 - 2015-07-12 20:14 - 00010428 _____ C:\Users\rfior_000\Desktop\fair start up cash.xlsx
2015-07-12 19:49 - 2015-07-12 19:49 - 00000000 ____D C:\Users\rfior_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-08 14:49 - 2015-07-09 07:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-04 16:06 - 2015-07-04 16:06 - 00002287 _____ C:\Users\rfior_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-07-04 16:06 - 2015-07-04 16:06 - 00000000 ___RD C:\Users\rfior_000\OneDrive
2015-07-04 16:05 - 2015-07-04 16:05 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-06-28 09:22 - 2015-07-18 08:24 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-28 09:22 - 2015-06-28 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-28 09:21 - 2015-07-18 08:24 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-28 09:16 - 2015-06-28 09:16 - 00561248 _____ (Oracle Corporation) C:\Users\rfior_000\Downloads\jxpiinstall.exe
2015-06-28 09:10 - 2015-06-28 09:10 - 00001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-28 09:09 - 2015-06-04 12:23 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-06-28 08:58 - 2015-06-28 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-23 08:48 - 2015-06-29 16:27 - 00000000 ____D C:\Users\rfior_000\Desktop\state show
2015-06-23 08:42 - 2015-07-18 08:53 - 00000964 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001UA.job
2015-06-23 08:42 - 2015-07-18 01:53 - 00000912 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001Core.job
2015-06-23 08:42 - 2015-07-18 01:48 - 00003918 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001UA
2015-06-23 08:42 - 2015-07-18 01:48 - 00003538 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001Core
2015-06-23 08:42 - 2015-06-23 08:42 - 00000000 ____D C:\Users\rfior_000\AppData\Local\Dropbox
2015-06-23 08:42 - 2015-06-23 08:42 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-18 09:13 - 2013-10-01 07:24 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-18 09:02 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\sru
2015-07-18 09:01 - 2013-09-30 21:05 - 01432542 _____ C:\windows\WindowsUpdate.log
2015-07-18 08:49 - 2013-09-30 21:15 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4123962748-2008712872-3209523492-1001
2015-07-18 08:42 - 2014-03-06 22:45 - 00000936 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-18 08:28 - 2014-10-30 09:59 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-18 08:25 - 2014-02-17 21:15 - 00000000 ____D C:\ProgramData\Oracle
2015-07-18 08:17 - 2015-05-29 17:14 - 00000000 ____D C:\Users\rfior_000\AppData\Roaming\.oit
2015-07-18 08:17 - 2014-03-06 22:45 - 00000932 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-18 08:15 - 2014-08-01 12:13 - 00000378 _____ C:\windows\Tasks\HPCeeScheduleForrfior_000.job
2015-07-18 08:15 - 2013-06-06 02:39 - 00000000 ____D C:\ProgramData\Norton
2015-07-18 08:15 - 2012-08-10 19:49 - 02866770 _____ C:\windows\PFRO.log
2015-07-18 08:15 - 2012-07-26 03:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-18 08:14 - 2012-07-26 01:26 - 00524288 ___SH C:\windows\system32\config\BBI
2015-07-18 08:11 - 2012-07-26 04:12 - 00000000 ___HD C:\windows\ELAMBKUP
2015-07-18 08:11 - 2012-07-26 01:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-07-18 08:03 - 2013-10-14 19:58 - 00000974 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001UA.job
2015-07-18 02:29 - 2014-04-06 11:39 - 00003966 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{C8F228F8-49E1-4968-B4B4-AAFD9A0A55C6}
2015-07-18 01:39 - 2012-07-26 04:12 - 00000000 ____D C:\windows\rescache
2015-07-17 23:06 - 2014-08-01 12:13 - 00003200 _____ C:\windows\System32\Tasks\HPCeeScheduleForrfior_000
2015-07-17 23:06 - 2013-09-30 21:05 - 00000000 ____D C:\Users\rfior_000
2015-07-17 20:46 - 2012-07-26 04:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-07-17 20:14 - 2015-03-17 22:22 - 05198864 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-17 20:11 - 2014-12-30 00:00 - 00000000 ____D C:\windows\system32\appraiser
2015-07-17 20:11 - 2014-07-26 15:07 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-17 20:11 - 2012-07-26 04:12 - 00000000 ___RD C:\windows\ToastData
2015-07-16 18:02 - 2013-10-05 03:03 - 00000000 ____D C:\windows\system32\MRT
2015-07-16 17:18 - 2013-10-03 18:05 - 00000000 ___RD C:\Users\rfior_000\Desktop\Diana's Files
2015-07-16 15:17 - 2013-10-03 09:51 - 00000000 ____D C:\Users\rfior_000\Documents\Outlook Files
2015-07-16 10:48 - 2013-10-06 21:19 - 04551680 ___SH C:\Users\rfior_000\Desktop\Thumbs.db
2015-07-16 10:45 - 2013-10-02 15:13 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 10:44 - 2015-05-12 21:30 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-16 08:48 - 2012-07-26 03:59 - 00000000 ____D C:\windows\CbsTemp
2015-07-16 00:46 - 2013-06-06 01:36 - 00065536 _____ C:\windows\system32\spu_storage.bin
2015-07-15 20:37 - 2014-03-06 22:45 - 00003908 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 20:37 - 2014-03-06 22:45 - 00003672 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-14 16:39 - 2014-04-18 09:17 - 00000000 ____D C:\AdwCleaner
2015-07-14 13:30 - 2013-10-03 19:13 - 00000000 ____D C:\Users\rfior_000\Desktop\clippers
2015-07-14 13:13 - 2013-10-01 07:24 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 10:42 - 2013-10-08 10:11 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-07-14 10:38 - 2013-10-01 15:06 - 00000000 ____D C:\Users\rfior_000\Documents\Youcam
2015-07-12 20:03 - 2013-10-14 19:58 - 00000952 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001Core.job
2015-07-12 19:49 - 2013-11-14 10:26 - 00000000 ____D C:\Users\rfior_000\AppData\Roaming\Dropbox
2015-07-09 12:22 - 2013-09-30 21:06 - 00000000 ____D C:\Users\rfior_000\AppData\Local\Packages
2015-07-09 07:53 - 2014-10-16 18:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-08 14:58 - 2015-05-03 18:27 - 00000000 ____D C:\Users\rfior_000\Desktop\minis too fd
2015-07-06 15:14 - 2013-12-20 15:23 - 00000000 ____D C:\Users\rfior_000\Downloads\New folder
2015-07-06 11:32 - 2013-10-23 07:51 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-05 07:38 - 2013-10-03 19:14 - 00000000 ____D C:\Users\rfior_000\Desktop\fair
2015-07-05 07:38 - 2013-10-03 19:13 - 00000000 ____D C:\Users\rfior_000\Desktop\Zareba fencing
2015-07-05 07:38 - 2013-10-03 19:13 - 00000000 ____D C:\Users\rfior_000\Desktop\Russ
2015-07-04 16:05 - 2013-10-01 13:05 - 00000000 ___RD C:\Users\rfior_000\SkyDrive
2015-07-04 16:05 - 2013-10-01 07:47 - 00482304 ___SH C:\Users\rfior_000\Downloads\Thumbs.db
2015-07-03 08:43 - 2013-10-05 03:03 - 130333168 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-07-01 08:35 - 2013-11-07 15:06 - 00000000 ___RD C:\Users\rfior_000\Desktop\Carolers
2015-06-30 11:39 - 2014-11-06 10:10 - 00000000 ___RD C:\Users\rfior_000\Desktop\Shop
2015-06-29 19:46 - 2013-10-01 08:43 - 00124432 _____ C:\Users\rfior_000\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-29 16:02 - 2013-11-02 10:29 - 00003766 ___SH C:\ProgramData\KGyGaAvL.sys
2015-06-29 16:02 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\FxsTmp
2015-06-29 13:34 - 2012-07-26 03:28 - 00896950 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-28 09:09 - 2015-06-04 12:24 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-06-28 09:09 - 2014-02-14 13:25 - 00000000 ____D C:\Users\rfior_000\AppData\Local\NPE
2015-06-28 08:58 - 2015-06-04 12:23 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSP.sys
2015-06-28 08:51 - 2014-06-16 14:56 - 00000000 ____D C:\NPE
2015-06-26 08:03 - 2013-10-01 13:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-23 08:45 - 2015-04-30 21:31 - 00000000 ___RD C:\Users\rfior_000\Dropbox

==================== Files in the root of some directories =======

2014-02-27 08:17 - 2014-03-02 08:42 - 0001312 _____ () C:\Program Files\Norton Installation Files.lnk
2015-06-04 10:45 - 2015-06-04 10:45 - 0000132 _____ () C:\Users\rfior_000\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-10-03 10:53 - 2013-10-17 22:27 - 0022208 _____ () C:\Users\rfior_000\AppData\Roaming\Comma Separated Values.ADR
2013-12-19 08:41 - 2014-09-18 07:31 - 0000219 _____ () C:\Users\rfior_000\AppData\Roaming\WB.CFG
2014-08-30 12:29 - 2014-08-30 12:29 - 0000017 _____ () C:\Users\rfior_000\AppData\Local\resmon.resmoncfg
2013-12-11 11:57 - 2013-12-11 11:57 - 0000008 __RSH () C:\ProgramData\DE26FB11AD.sys
2013-11-02 10:29 - 2015-06-29 16:02 - 0003766 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\rfior_000\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\rfior_000\AppData\Local\Temp\siuninst.exe
C:\Users\rfior_000\AppData\Local\Temp\_is59E2.exe
C:\Users\rfior_000\AppData\Local\Temp\_is8B9C.exe
C:\Users\rfior_000\AppData\Local\Temp\_is9AF7.exe
C:\Users\rfior_000\AppData\Local\Temp\_isA4B7.exe
C:\Users\rfior_000\AppData\Local\Temp\_isAF3E.exe
C:\Users\rfior_000\AppData\Local\Temp\_isC63B.exe
C:\Users\rfior_000\AppData\Local\Temp\_isD799.exe
C:\Users\rfior_000\AppData\Local\Temp\_isE368.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-10 08:07

==================== End of log ============================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Suite 5 Design Standard (HKLM-x32\...\{AE29D445-8164-4CD1-8824-FCE85C0BB179}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{3296F1CA-C7E8-2A05-A835-62B4682E992C}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{BC66FD90-7BF4-4026-8119-04161D02A2F3}) (Version: 2.8.255.292 - ArcSoft)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6104 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.01 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Garmin BaseCamp (HKLM-x32\...\{7C69F731-6471-48FE-899B-1C40F80042C7}) (Version: 4.4.2 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Outlook 2013 - en-us (HKLM\...\OutlookRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Picture It! Premium 10 (HKLM-x32\...\PictureItPrem_v10) (Version: 10.0.0612 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Presto! PageManager 8.15.01 SE (HKLM-x32\...\{73CD9967-000C-49C6-A900-C87D5B2D253F}) (Version: 8.15.01 - NewSoft Technology Corporation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.11.201.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Trends Genius (HKLM-x32\...\{E5E126CD-373D-4B27-8114-FD588008D3D2}) (Version: 1.0.4.3 - TGF Interactive LLC)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WordPerfect Lightning - IPM (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (x32 Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (x32 Version: 2.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
Wordperfect Office X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Graphics (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - LegalTools (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Migration Manager (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Oxford (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - PerfectExperts EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - PR (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - QP (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Sharepoint (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Skins (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - System EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Templates (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - WP (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - WT (x32 Version: 15.0 -  Corel Corporation) Hidden
WordPerfect Office X5 (HKLM-x32\...\_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}) (Version: 15.0.0.357 - Corel Corporation)
WordPerfect Office X5 (x32 Version: 15.0 - Corel Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\rfior_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

28-06-2015 08:54:11 avast! antivirus system restore point
06-07-2015 08:16:53 Scheduled Checkpoint
15-07-2015 08:44:04 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D253C6D-3C73-4603-B8A0-7F4D53C0CE3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {247E4544-F4BA-4D7C-A45F-168284D79F71} - System32\Tasks\{6D0ABCEA-165A-4438-941E-C4A8D383C770} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {2EFB2961-6FF7-48CE-8112-04164C7FDBC7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001UA => C:\Users\rfior_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {2F4ADFC1-31AB-455C-A651-D8B58AB11A6D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001Core => C:\Users\rfior_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {35645AA3-32A6-4892-AD51-4829E5427110} - System32\Tasks\HPCeeScheduleForrfior_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3A6B1873-62AA-4564-91C7-C59363A5EC35} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001Core => C:\Users\rfior_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-14] (Facebook Inc.)
Task: {491BEEB9-82F8-49B2-BA2B-074D69FF021B} - System32\Tasks\{1A723DB3-4A5A-4467-B44F-24E074FC2C60} => pcalua.exe -a "C:\Program Files (x86)\MyPC Backup\uninst.exe"
Task: {500AB9B4-1391-4ED5-9AE2-29D0B5AB0CE3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001UA => C:\Users\rfior_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-14] (Facebook Inc.)
Task: {800A703C-3D65-445A-9644-CB1FC82C7715} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {8D08BB28-7A29-4223-A4C3-9F74FE5DC840} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {94F2E7FD-975F-4F49-8A26-BD2FD0AEF0B4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-28] (Avast Software s.r.o.)
Task: {9D250D05-47DB-4871-9AD2-949380EBA5F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9D97317B-3E40-4263-B3B8-ACE9630A80B1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {9DD0CC5A-503E-41CA-8E7F-F68ED90C39B9} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {A4AE4CE0-C108-4198-B5A9-70D6F69034BE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {B77023A9-7A78-43ED-A106-ABDB334529F2} - System32\Tasks\PCSB_WaitAndStartAfter => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
Task: {CE2109E8-B316-4F49-9B2A-E34FD3D55A6B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {D12A0144-0FE0-401F-9C4B-B7EBD2FB233D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {D35BD1D5-90A5-421A-A547-450BDA8E33E7} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-rfiorey@ne.rr.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {DC278B08-630F-4520-AA70-F7C3FF7AF08D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-12-26] (CyberLink)
Task: {E00A2BF9-9764-4E7B-9AB6-5E2C9773FD02} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {EB00C61C-8225-4A5C-9A23-7DB4471F90C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EE366FF0-1B0D-4D06-A239-530662F4275E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {EE5BCE29-62AC-4C94-866E-A9E7E8A1DEE9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {F162EAAF-E839-4ACB-94B8-27640AFB5100} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {F5B32F93-732E-4057-9B1A-77D4F3BFA17D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {F9D5C251-1256-45A0-974C-2A50DA860390} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {FE020D73-C82D-4251-A412-E602E558F804} - System32\Tasks\{A42608F1-069B-4546-883C-4BE3B2C79B0E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001Core.job => C:\Users\rfior_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001UA.job => C:\Users\rfior_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001Core.job => C:\Users\rfior_000\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4123962748-2008712872-3209523492-1001UA.job => C:\Users\rfior_000\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForrfior_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 05:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-17 22:40 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-01 22:27 - 2013-10-01 22:31 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2015-02-10 10:16 - 2015-02-10 10:16 - 00465920 _____ () C:\Users\rfior_000\AppData\Local\Packages\134D4F5B.Box_2qk4zy5s3qmee\AC\Microsoft\CLR_v4.0\NativeImages\Box.Agent.WinRT\86ad7d38a987f9bcbe94b1ed873d6ed9\Box.Agent.WinRT.ni.dll
2015-02-10 10:14 - 2015-02-10 10:14 - 01034240 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\ed0d68a51bd075d2e6dc2d265b57c6a1\Windows.ApplicationModel.ni.dll
2015-02-10 10:16 - 2015-02-10 10:16 - 00141824 _____ () C:\Users\rfior_000\AppData\Local\Packages\134D4F5B.Box_2qk4zy5s3qmee\AC\Microsoft\CLR_v4.0\NativeImages\nVentive.Um114fe9fe#\f4d05fd19591b753a134ca690cd8345b\nVentive.Umbrella.Services.Contract.WinRT.ni.dll
2015-02-10 10:14 - 2015-02-10 10:14 - 00193536 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.System\48a1c4701723573583a8c53820f80040\Windows.System.ni.dll
2015-02-10 10:17 - 2015-02-10 10:17 - 01277440 _____ () C:\Users\rfior_000\AppData\Local\Packages\134D4F5B.Box_2qk4zy5s3qmee\AC\Microsoft\CLR_v4.0\NativeImages\nVentive.Um9106121c#\45092eb8fe0fbaaf3b9bbde3f6641dad\nVentive.Umbrella.Web.WinRT.ni.dll
2015-02-10 10:15 - 2015-02-10 10:15 - 01089536 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\27e98ef57e3b267e512b91d8228ab412\Windows.Storage.ni.dll
2015-02-10 10:15 - 2015-02-10 10:15 - 00285696 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\1de2d2b0d128506c149521f6dab310fb\Windows.Foundation.ni.dll
2015-02-10 10:15 - 2015-02-10 10:15 - 01147904 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\0bdeb0544528971808b8a94e142d939c\Windows.UI.ni.dll
2015-02-10 10:15 - 2015-02-10 10:15 - 00763904 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8e30e8496de825ef0a201dbd1c57a809\Windows.Networking.ni.dll
2015-02-10 10:15 - 2015-02-10 10:15 - 00339968 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\6441b29461728c144e189224efb42578\Windows.Data.ni.dll
2015-06-04 12:23 - 2015-06-04 12:23 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-04 12:23 - 2015-06-04 12:23 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-17 20:43 - 2015-07-17 20:43 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15071700\algo.dll
2015-07-18 08:17 - 2015-07-18 08:17 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15071803\algo.dll
2013-06-06 01:56 - 2012-06-07 23:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-06-04 12:23 - 2015-06-04 12:23 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-29 17:10 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2015-05-29 17:10 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rfior_000\Desktop\2014 pictures\lizzie\James alpaca.jpg
DNS Servers: 64.222.165.243 - 64.222.84.243

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\StartupApproved\StartupFolder: => "TrendsGeniusAgent.lnk"
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_65A0D845B983F50ED26742DFD09F156E"
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\StartupApproved\Run: => "Driver Support"
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{77F3387A-D5CF-4DF4-8838-4D20CAFB61D1}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C1F0F9A9-86E8-4C02-9FDC-3E562E5E1644}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{FDDB9F43-231B-4C9C-8F20-5FD3BE4780BE}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{D1249CEC-686B-4AD6-8E5A-C01D0E334A43}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{2989B8E1-1D44-43C3-875F-FE8250D2C3EA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{DE03832D-FF5C-494B-ADB0-178FC25FFA47}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{85A08BA7-6F0A-4D01-BAA5-6AD01450BD70}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FE528AE1-5BB0-4659-9108-F1472C5A6F17}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7815CDA-FF14-4740-A15E-3F93B84201A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{44A27311-5CC1-49AB-9FEE-9F40F700EF19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E6A008F3-5223-46BB-8180-3702483AD0D7}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{15A49279-F5D7-4CDA-B0C7-8BEDD6479E60}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{47C06387-B050-45D3-B85D-095748E7D171}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{AB96DA9C-0278-4535-A0BE-1C78910A11B3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3CA6A45B-62E2-4BDD-A38C-B0C6E2B96FD8}] => (Allow) LPort=2869
FirewallRules: [{0F6E98F4-EBE7-4F01-AD5A-84BCC1139584}] => (Allow) LPort=1900
FirewallRules: [{99009939-1274-4719-84FA-ADBF8BBAA023}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [{D12E35D9-85D7-4A35-9907-A8BCD734FEB4}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe
FirewallRules: [TCP Query User{0D00CE6C-E318-4858-B06A-1139F4330328}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{24F6509F-2A03-4D28-9F48-61B8CE9BEB7F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{2ECE7645-0DB3-4279-AC0A-46345E96D02E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{84DB6F0A-F367-4F0F-93ED-F69E7E54BA1A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{7EAAED7E-F893-49C8-97BB-4076DDCF2D31}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{7E7FAAC2-B35E-4374-86B7-8FE93E15A245}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{2B739C37-E6EF-4198-816D-614F738BA187}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{00424F8D-9EB3-49BC-BFC6-2C375B407004}] => (Allow) LPort=9100
FirewallRules: [{59908C62-38DE-40C9-9B61-603EE3AE23CF}] => (Allow) LPort=427
FirewallRules: [{23FA6BF8-8ADA-4F21-8305-6B2EBF3BA1E6}] => (Allow) LPort=161
FirewallRules: [{4851BE8E-1FDD-4B00-B33B-EBE70A2C7DD2}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{03556D1B-D9AE-44CF-B01F-3918E51BD334}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{6EA5D4FC-52C8-47AE-A086-129ED6FDCCDE}] => (Allow) c:\program files\pcmax\pcmax.exe
FirewallRules: [{8DF94C09-7179-4806-86F6-6AEDAB4D4116}] => (Allow) c:\program files\pcmax\pcmax.exe
FirewallRules: [{18734C44-F0E9-42A8-A9C4-DF2644DB5CE8}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{285029ED-4582-4898-A547-DC03E2E8BE8B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{61A48362-8EA9-4603-8573-27AF276F8FF6}] => (Allow) C:\Users\rfior_000\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{BC7DBF43-5448-4400-9070-BA0CBC1DFCED}] => (Allow) C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe
FirewallRules: [{F683EC16-7DA0-4867-BABE-1B9CFA253235}] => (Allow) C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe
FirewallRules: [{3344D94E-AA20-47D7-B2AD-8EED97B72E98}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2331FCB3-3346-4A37-8744-AC752A8E63C3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D01DB445-AE4E-4CFA-BBED-565008485813}] => (Allow) C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe
FirewallRules: [{6B97BF50-51B8-4DE7-A0F8-5D01A3122623}] => (Allow) C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe
FirewallRules: [{17C87DAD-6731-4263-AAE7-80EEFF901991}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{60DADF4F-A731-4F89-BDA7-FB9D2515774E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8EB79697-8A15-4403-856F-9FA823A0E8C0}] => (Allow) C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{49980433-D89E-4E03-9998-B9CFF5C32DCF}] => (Allow) C:\Users\rfior_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E0433F83-2448-4E45-A787-BD57C9FD9DEA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{1AC91A4F-98FE-4F5D-9ACA-F6F8CDFD68D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 19 July 2015 - 08:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Epson all-in-one Registration.lnk -> E:\Common\EpsonReg\EpsonReg.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR Extension: (Avast SafePrice) - C:\Users\rfior_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-04]
CHR HKLM-x32\...\Chrome\Extension: [femmkmcmibejidalglcokbifmojpaaob] - C:\Users\rfior_000\AppData\Roaming\TGF Interactive LLC\Trends Genius\trendsgenius.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-04]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 chfairnh

chfairnh
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 19 July 2015 - 08:46 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015
Ran by rfior_000 at 2015-07-19 09:34:38 Run:1
Running from C:\Users\rfior_000\Desktop
Loaded Profiles: rfior_000 (Available Profiles: rfior_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Epson all-in-one Registration.lnk -> E:\Common\EpsonReg\EpsonReg.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-4123962748-2008712872-3209523492-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR Extension: (Avast SafePrice) - C:\Users\rfior_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-04]
CHR HKLM-x32\...\Chrome\Extension: [femmkmcmibejidalglcokbifmojpaaob] - C:\Users\rfior_000\AppData\Roaming\TGF Interactive LLC\Trends Genius\trendsgenius.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-04]

End

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
E:\Common\EpsonReg\EpsonReg.exe not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-4123962748-2008712872-3209523492-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
C:\Users\rfior_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\femmkmcmibejidalglcokbifmojpaaob" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
EmptyTemp: => 841.5 MB temporary data Removed.
 

 

Thanks for your help nasdaq! The computer so far seems ok. Startup is still really slow. I'll have to do some more browsing to see how that goes.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 20 July 2015 - 07:33 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

How is the start up now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 25 July 2015 - 07:22 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 30 July 2015 - 09:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users