Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help! Suspect viral infection; new tabs keep opening to redirect


  • This topic is locked This topic is locked
15 replies to this topic

#1 MrsG94

MrsG94

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 AM

Posted 20 July 2015 - 11:19 AM

Hi, no matter where I go in my browser, a new tab pops open to try to redirect me. Please help! I use Avast daily. I ran a scan with Avast and found nothing. I use Malwarebytes, and ran a scan, and found nothing malicious. Also ran Super Anti-Spyware scan which also found nothing but the usual adware. Please let me know what I can do. Thank you very much!!



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:19 AM

Posted 20 July 2015 - 11:39 AM

Hello and welcome to the Malware Removal Logs area :)

My name is Alexstrasza and I will assist you with your problem. You can call me Alex :)


Before we begin, there are a few things I want to make sure you know:
  • I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.
  • Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.
Shall we begin then?

===

Please run this tool to get information about your computer.

Farbar Recovery Scan Tool

Please download the correct version of Farbar Recovery Scan Tool and save it to your Desktop.

32-bit version here

64-bit version here

Note 1: Don't know if your Windows is 32-bit or 64-bit? Check it out here. The Automatic detection section should give you information about your OS. If it's not, use the Manual detection section.

Note 2: Temporary disable your antivirus and/or antimalware if they flag FRST as unsafe, as the tool is safe.
  • Right click on FRST/FRST64.exe and choose Run as Administrator. If you are running Windows XP then skip this step.
  • When the tool launches, choose Yes at the disclaimer.
  • Choose Scan.
  • The tool will produces a log named FRST.txt
  • in the same location where the tool is run from.
  • Please copy the log and paste it here.
  • On its first run FRST will generate an Addition.txt log in the same location as the other log. Please copy and paste that along with the main log in your reply.
Regards,
Alex

Edited by Alexstrasza, 20 July 2015 - 11:45 AM.


#3 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 AM

Posted 20 July 2015 - 12:07 PM

Hi, Alex! Thank you so much for your fast response! The following are the FRST.txt and Addition.txt logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Heather (administrator) on HEATHER-PC on 20-07-2015 12:59:52
Running from C:\Users\Heather\Desktop
Loaded Profiles: Heather (Available Profiles: Heather)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NTI Corporation) C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(SoftThinks SAS) C:\Program Files\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(SoftThinks - Dell) C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SoftThinks - Dell) C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-07-20] (Citrix Online, a division of Citrix Systems, Inc.)
AppInit_DLLs: C:\PROGRA~1\SAVEVI~2\Datamngr\datamngr.dll => C:\PROGRA~1\SAVEVI~2\Datamngr\datamngr.dll File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2008-07-20]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = 
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {1A076F2C-822D-4858-9EB2-F82026115A85} URL = http://www.target.com/gp/search.html?field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {340037EE-C05C-4B39-820B-4443A3FD10D6} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {6CE78A53-2FDC-4633-912E-0FBE68FAC701} URL = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {77262F31-1DF4-4FE2-9AF0-74782B8895C0} URL = http://www.walmart.com/catalog/search-ng.gsp?search_constraint=0&search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {8F922F6B-257A-400B-BA4B-AEC146849F22} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = 
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {CCCB3669-FBE5-416F-9DF8-44AFF05EB65E} URL = http://search.about.com/fullsearch.htm?terms={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {E8F6FEC7-469C-462A-94B8-A6C3B4C2AC09} URL = http://search.lycos.com/setup.php?src=ie&query={searchTerms}
BHO: BlspcHlpr Class -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> C:\Program Files\ATT Internet Tools\blspc_win32.dll No File
BHO: No Name -> {656EC4B7-072B-4698-B504-2A414C1F0037} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-11] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO: No Name -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-11] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -  No File
Toolbar: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -  No File
Toolbar: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F11995B2-3063-40C5-BFF4-2A42302544DC}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2422294642-4059713625-2036378569-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Heather\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2422294642-4059713625-2036378569-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-06]
FF HKLM\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com
 
Chrome: 
=======
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Webpage Screenshot) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2015-01-29]
CHR Extension: (Empty New Tab Page) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2013-09-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-26]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-01-25] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-20] (Avast Software)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-07-20] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-07-27] (Alcatel-Lucent) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NTI BackupNowEZSvr; C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45768 2014-11-11] (NTI Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 6250spi; C:\Windows\System32\Drivers\6250spi.sys [11465 2006-09-19] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-20] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-20] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-07-20] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-20] (AVAST Software)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-07-20] (AVAST Software)
S3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror.sys [11168 2012-08-13] (Windows ® Win 7 DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-20] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Heather\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 XE104Sp50; System32\Drivers\XE104Sp50.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-20 12:59 - 2015-07-20 13:00 - 00022112 _____ C:\Users\Heather\Desktop\FRST.txt
2015-07-20 12:59 - 2015-07-20 12:59 - 00000000 ____D C:\FRST
2015-07-20 12:58 - 2015-07-20 12:58 - 01638912 _____ (Farbar) C:\Users\Heather\Desktop\FRST.exe
2015-07-20 10:28 - 2015-07-20 10:28 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-20 10:28 - 2015-07-20 10:28 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-07-20 10:28 - 2015-07-20 10:28 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-20 10:28 - 2015-07-20 10:27 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-16 00:13 - 2015-07-03 12:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-16 00:13 - 2015-06-24 22:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-16 00:12 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-16 00:12 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-16 00:11 - 2015-06-12 12:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 23:58 - 2015-07-07 11:58 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 23:58 - 2015-07-07 10:22 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 23:57 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 23:55 - 2015-06-27 12:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 23:55 - 2015-06-27 12:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 23:55 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 23:55 - 2015-06-27 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 23:55 - 2015-06-27 10:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 23:55 - 2015-06-27 10:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 23:55 - 2015-06-12 09:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 23:55 - 2015-01-08 20:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 11:10 - 2015-07-03 01:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 11:10 - 2015-07-03 01:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 11:10 - 2015-06-16 21:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 11:10 - 2015-06-16 21:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 11:10 - 2015-06-16 21:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 11:10 - 2015-06-16 21:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 11:10 - 2015-06-16 21:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 11:10 - 2015-06-16 21:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 11:10 - 2015-06-16 21:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 11:10 - 2015-06-16 21:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 11:10 - 2015-06-16 21:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-15 11:10 - 2015-06-16 21:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-10 11:15 - 2015-07-10 11:15 - 00000000 ____D C:\Users\Heather\AppData\Local\{22A3D95E-6743-49FA-987F-C00B984ED389}
2015-07-09 13:05 - 2015-07-09 13:05 - 00000000 ____D C:\Users\Heather\AppData\Local\{95FA45F9-F988-4044-A760-7B61ADAED802}
2015-07-07 16:01 - 2015-07-07 16:01 - 00000000 ____D C:\Users\Heather\AppData\Local\{6B5A4986-4117-42C1-8FB5-31548B9FEEFC}
2015-07-01 12:58 - 2015-07-01 12:58 - 00001688 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-01 12:57 - 2015-07-01 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-01 12:57 - 2015-07-01 12:58 - 00000000 ____D C:\Program Files\QuickTime
2015-06-21 13:13 - 2015-06-21 13:13 - 00000000 ____D C:\Users\Heather\AppData\Local\{33CCD8AE-3CEB-4010-AF77-DBC470186FB6}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-20 12:45 - 2012-04-11 10:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-20 12:36 - 2012-05-15 21:24 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-20 12:22 - 2015-01-25 15:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-20 12:05 - 2008-07-19 22:44 - 01580694 _____ C:\Windows\WindowsUpdate.log
2015-07-20 12:02 - 2008-12-25 17:48 - 00000000 ____D C:\MDT
2015-07-20 12:01 - 2012-05-15 21:24 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-20 12:01 - 2010-11-17 14:23 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-07-20 12:01 - 2010-11-17 14:23 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-07-20 12:01 - 2010-11-16 22:54 - 00000000 ____D C:\Program Files\Dell DataSafe Local Backup
2015-07-20 12:01 - 2006-11-02 08:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 12:01 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 12:01 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 11:50 - 2006-11-02 08:58 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-20 11:07 - 2015-03-26 18:15 - 00000000 ____D C:\Windows\system32\vbox
2015-07-20 10:31 - 2008-01-20 23:02 - 00212676 _____ C:\Windows\PFRO.log
2015-07-20 10:30 - 2012-08-06 16:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-20 10:28 - 2014-04-30 14:46 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-20 10:28 - 2013-03-23 20:59 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-20 10:28 - 2013-03-23 20:59 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-07-16 09:11 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 09:05 - 2006-11-02 08:44 - 00280720 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 00:11 - 2013-07-30 12:25 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 23:59 - 2008-07-20 02:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 15:45 - 2012-04-11 10:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 15:45 - 2011-05-14 12:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 15:34 - 2012-08-06 16:55 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 10:35 - 2012-05-15 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-11 10:40 - 2011-05-23 19:49 - 00000000 ____D C:\Windows\pss
2015-07-10 16:10 - 2013-04-01 13:01 - 00000000 ____D C:\Users\Heather\Desktop\thePICTUREfolder
2015-07-09 11:41 - 2008-12-15 12:54 - 00002587 _____ C:\Users\Heather\Desktop\Microsoft Office Word 2007.lnk
2015-07-07 12:06 - 2008-12-05 12:49 - 00000000 ____D C:\Users\Heather\AppData\Local\Adobe
2015-07-03 08:49 - 2006-11-02 06:24 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-30 19:40 - 2014-11-13 22:08 - 00000000 ____D C:\Users\Heather\Desktop\FRANKIELYLESTUFF
2015-06-23 14:19 - 2014-06-20 10:03 - 00000000 ____D C:\Users\Heather\Desktop\JAKESPAPERS
2015-06-22 11:27 - 2010-01-21 14:40 - 00000000 ____D C:\Users\Heather\Desktop\HKiddiePics
 
==================== Files in the root of some directories =======
 
2013-02-04 22:16 - 2013-02-04 23:01 - 0000163 _____ () C:\Users\Heather\AppData\Roaming\hpmirrordriver.log
2009-01-14 22:17 - 2010-01-26 20:33 - 0024085 _____ () C:\Users\Heather\AppData\Roaming\UserTile.png
2009-03-13 07:48 - 2014-06-10 12:48 - 0005892 _____ () C:\Users\Heather\AppData\Local\d3d9caps.dat
2008-12-09 17:16 - 2015-05-19 16:00 - 0044544 _____ () C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-11-30 19:18 - 2011-02-26 15:32 - 0008248 _____ () C:\Users\Heather\AppData\Local\en.ini
2013-02-04 17:22 - 2013-02-04 17:22 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-30 15:26 - 2010-12-30 15:26 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2008-12-01 22:11 - 2015-01-22 18:01 - 0017366 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-20 12:07
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by Heather at 2015-07-20 13:01:05
Running from C:\Users\Heather\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2422294642-4059713625-2036378569-500 - Administrator - Disabled)
Guest (S-1-5-21-2422294642-4059713625-2036378569-501 - Limited - Disabled)
Heather (S-1-5-21-2422294642-4059713625-2036378569-1000 - Administrator - Enabled) => C:\Users\Heather
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Agent Ransack Version 1.7.3 (HKLM\...\Agent Ransack_is1) (Version:  - )
Aimersoft DVD Creator(Build 3.0.0) (HKLM\...\Aimersoft DVD Creator_is1) (Version:  - Aimersoft Software)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2223 - AVAST Software)
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
AXIS Media Control Embedded Installer (HKLM\...\{FD727056-F0C4-4811-9688-9EBF450D22C4}) (Version: 4.1.4 - Axis Communications)
Barbie™ as Rapunzel (HKLM\...\Barbie™ as Rapunzel) (Version:  - )
Barbie™ of Swan Lake Demo (HKLM\...\Barbie™ of Swan Lake Demo) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
ESSBrwr (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Family Tree Maker 2006 (HKLM\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version:  - )
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
FlipShare (HKLM\...\{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}) (Version: 5.10.25.0 - Flip Video)
FTMVistaUpdater (HKLM\...\{EE295D30-A10C-44F6-B14C-05E0D99429E4}) (Version: 1.0.0 - Family Tree Maker)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
HP Deskjet 2510 series Basic Device Software (HKLM\...\{867988FA-BCE7-46E9-A7E8-DC084A843319}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{79992AEE-6F58-4DAB-97D0-ADDF278F08F4}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JumpStart Typing (HKLM\...\JumpStart Typing) (Version:  - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mega Mission Helmet (HKLM\...\{73216C34-57DF-4BED-A7E3-BD11A1C5D8FB}) (Version: 2.00 - Bandai America)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Moraff's Maximum MahJongg (HKLM\...\Moraff's Maximum MahJongg) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
NTI Backup Now EZ (HKLM\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.66 - NTI Corporation)
NTI Backup Now EZ (Version: 3.0.2.66 - NTI Corporation) Hidden
OfotoXMI (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Phonogram Sounds version 1.1 (HKLM\...\{C44CF80B-4A5C-445B-8C58-36011EE8363D}_is1) (Version: 1.1 - All About Learning Press)
Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Publix Preschool Pals (HKLM\...\Publix Preschool Pals) (Version:  - )
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Reader Rabbit Thinking Adventures Ages 4-6 (HKLM\...\Reader Rabbit Thinking Adventures Ages 4-6) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RootsMagic 7.0.5.0 (HKLM\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.5.0 - RootsMagic, Inc.)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung USB Driver (MCCI 4.34) WHQL v3.4 (HKLM\...\InstallShield_{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}) (Version: 4.34.4 - Samsung Electronics)
Samsung USB Driver (MCCI 4.34) WHQL v3.4 (Version: 4.34.4 - Samsung Electronics) Hidden
SaveVid Plug-in (HKLM\...\SaveVid Plug-in) (Version: 2.0.0.443 - Bandoo Media, Inc)
SaveVid Plug-in (Version: 2.0.0.443 - Bandoo Media, Inc) Hidden
Savevid Toolbar (HKLM\...\Savevid Toolbar) (Version: 3.0.0.123706 - Bandoo Media, Inc)
screensaver_1280x1024 (HKLM\...\screensaver_1280x1024) (Version:  - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SFR (Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden
SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
staticcr (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TablEdit 2.69 (HKLM\...\TablEdit_is1) (Version:  - TablEdit)
TEFView 2.69 (HKLM\...\TEFView_is1) (Version:  - TablEdit)
Unity Web Player (HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version:  - Sakar)
VPRINTOL (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WIRELESS (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Heather\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
 
==================== Restore Points =========================
 
15-07-2015 23:50:15 Windows Update
20-07-2015 10:25:27 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2012-08-05 22:21 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FA89C23-505F-46CF-9E8E-FAE776A0A28D} - System32\Tasks\{E6804F8C-D88E-430E-B4C9-148DABE1FB30} => pcalua.exe -a E:\AutoRunPro.exe -d E:\
Task: {112A42E4-9FFF-4432-A3D7-96595032B7D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-15] (Google Inc.)
Task: {1671184C-6890-4B11-ADAB-43F6FD12966C} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {19D5E3E1-530D-432B-BAC6-96A9E03CACCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {1D116214-DFDE-4C69-85F0-0BC08203C2CC} - System32\Tasks\{8B08C022-1F7F-4312-A081-27D52E037E6B} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {23747F2C-51EE-4A2D-8CB8-87C7C966F0FB} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: {48CDBBAA-CA78-4FC3-AAA5-5D3265A9115F} - System32\Tasks\{FC1C9DC4-30E2-4153-B6DA-1D600FAE6EDD} => pcalua.exe -a "C:\ProgramData\Aimersoft\Video Converter Ultimate\pluginInstall.exe" -d "C:\ProgramData\Aimersoft\Video Converter Ultimate" -c "i" "firefox"
Task: {5B1C2C96-C9E9-4A74-B1B1-50002F66473E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {70DA7570-522B-4202-80EB-3AA1185A2049} - System32\Tasks\{6ABDBCA2-CF53-43AE-881C-063FCE7720B0} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {88F1CDA6-A1B8-4C6A-A605-E19916786510} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {9E9E4FD1-75AD-4D6D-A3B8-F9DF6CAE7EB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-15] (Google Inc.)
Task: {A1362C68-7874-445F-BE15-938FA1DA16BA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {AF859889-AB4F-4751-A8F2-6D92E691FCE7} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {BF58CC70-6112-4084-BE44-7E945623E3DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-26 18:04 - 2015-07-20 10:28 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-26 18:04 - 2015-07-20 10:28 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-20 08:18 - 2015-07-20 08:18 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15072000\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-15 14:31 - 2010-12-15 14:31 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
2010-12-15 14:31 - 2010-12-15 14:31 - 04300800 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
2010-12-15 14:26 - 2010-12-15 14:26 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
2010-10-26 08:34 - 2010-10-26 08:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
2010-10-26 00:37 - 2010-10-26 00:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
2010-12-15 14:22 - 2010-12-15 14:22 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
2014-11-11 17:05 - 2014-11-11 17:05 - 00466032 _____ () C:\Program Files\NTI\NTI Backup Now EZ\sqlite3.dll
2010-11-16 22:54 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-03-13 20:15 - 2015-03-26 18:04 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-11 11:10 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Heather\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-11 11:10 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Heather\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7753 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 2510 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 2510 series.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: ATT-SST_McciTrayApp => "C:\Program Files\ATT-SST\McciTrayApp.exe"
MSCONFIG\startupreg: BackupNowEZ Tray => "C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
MSCONFIG\startupreg: blspcloader => C:\Program Files\ATT Internet Tools\blsloader.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpdateFlow.ATT-SST => C:\Program Files\ATT-SST\McciBrowser.exe -AppKey=ATT-SST -URL=file://C:\Program Files\ATT-SST\OfflineUpdate\redirector.htm
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{06F63C76-D13E-4A46-BB95-EFA6F2572394}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{0CEC5C03-3757-45BA-BFBA-4238212BDCE9}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{5486D72F-569A-4140-9E63-08F2D6146FDB}] => (Allow) C:\Program Files\ATT-HSI\McciBrowser.exe
FirewallRules: [{D0B4A75E-BA7C-4A7E-9986-9EA1322AE384}] => (Allow) C:\Program Files\ATT-HSI\McciBrowser.exe
FirewallRules: [{BF9E9FB7-AB68-48C7-A3F3-DC81ABE61BE3}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [{CCD5C229-22A2-416A-BFCE-5CD9F0AD8DFA}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [TCP Query User{6A28B40B-B248-428B-B2B8-03CD6BC934F6}C:\program files\kodak\kodak easyshare software\bin\easyshare.exe] => (Block) C:\program files\kodak\kodak easyshare software\bin\easyshare.exe
FirewallRules: [UDP Query User{F81BE3DB-E462-4B81-A2C2-E42E9A4A9935}C:\program files\kodak\kodak easyshare software\bin\easyshare.exe] => (Block) C:\program files\kodak\kodak easyshare software\bin\easyshare.exe
FirewallRules: [{3BEAF255-DE28-4639-A09A-76C2EBDBF8AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB723629-635E-41BE-A486-53253EBE4FEF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B1E6BC71-E10D-4104-BAC9-49A96C1F106B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{49395D95-2795-4170-AAF7-974A2199C585}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB2F7D65-910C-42AC-A5BD-3088AB7F302C}] => (Allow) LPort=2869
FirewallRules: [{DC51807D-F3CE-4EB5-808D-17FBDB734510}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{BEA172A8-916F-49CC-B2D3-ED6278C55C6A}C:\program files\limewire\limewire.exe] => (Block) C:\program files\limewire\limewire.exe
FirewallRules: [UDP Query User{E1945EFC-F479-4C9F-8856-F52D4AE22484}C:\program files\limewire\limewire.exe] => (Block) C:\program files\limewire\limewire.exe
FirewallRules: [{8E3DBCF0-6020-4A3A-9FA3-66E49C8AB6BA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2426E2AC-4DF0-459F-B380-CCC0F69850C0}] => (Allow) LPort=24726
FirewallRules: [{FA3CB84D-E775-489C-88D4-EDEDC15AD926}] => (Allow) LPort=24727
FirewallRules: [{4D3B4780-5DFD-478D-9246-9577EED1B420}] => (Allow) LPort=80
FirewallRules: [{F7D4650E-FDB7-45F1-A74B-48918819EDA7}] => (Allow) LPort=80
FirewallRules: [{357B47F8-4656-4240-918C-3D339F1F5647}] => (Allow) LPort=80
FirewallRules: [{D7BDA479-6BF7-4C9D-A333-F0285C4133D6}] => (Allow) C:\Program Files\Savevid Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{2582E1F1-8689-43DD-94AE-B804BDCE18C6}] => (Allow) C:\Program Files\Savevid Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{B1068DF0-F1C5-4A70-A7A4-3FADE939BB31}] => (Allow) C:\Users\Heather\AppData\Local\temp\7zS58AD\HPDiagnosticCoreUI.exe
FirewallRules: [{B42B2716-680D-4DA8-8E24-36710DF75C3A}] => (Allow) C:\Users\Heather\AppData\Local\temp\7zS58AD\HPDiagnosticCoreUI.exe
FirewallRules: [{6A92212B-3540-490F-9019-AE3B2F896C71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B68958C7-4FD3-4E76-BBFE-1E002BE65B43}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D52EDD01-1B4D-4551-B606-8260AE086D92}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C2246FB5-1076-4A13-BE28-B0789556E39D}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{1FC28D6D-B98E-429D-BD2A-63DC5F10AEDA}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{3ADDC340-0553-4030-B39E-D95B34ED5E05}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [{050B3C4B-375F-4FD5-B5F9-59DFD8235936}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{79D9F79B-6422-45C5-A7FB-618AE7CF8CFD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{070CD0A6-6712-43DB-A5C9-CFFBFAF288E0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/20/2015 12:08:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinMail.exe version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: eb0
Start Time: 01d0c305d5728df6
Termination Time: 437
 
Error: (07/20/2015 12:01:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/20/2015 10:32:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/20/2015 10:25:27 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {444f3149-41b0-44f8-8d26-d8688ee38d1e}
 
Error: (07/20/2015 10:25:16 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ced079ee-44d2-4b67-bc57-bc5d561d753c}
 
Error: (07/20/2015 10:25:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {444f3149-41b0-44f8-8d26-d8688ee38d1e}
 
Error: (07/20/2015 08:16:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/19/2015 02:31:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11934
 
Error: (07/19/2015 02:31:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11934
 
Error: (07/19/2015 02:31:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (07/20/2015 12:01:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (07/20/2015 10:33:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AvastVBox COM Service%%1053
 
Error: (07/20/2015 10:33:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000AvastVBox COM Service
 
Error: (07/20/2015 10:33:31 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053AvastVBoxSvc{F319F1B8-7587-4146-AF9C-0D6D77819BF1}
 
Error: (07/20/2015 10:32:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (07/20/2015 08:16:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (07/19/2015 08:11:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000FlipShare Service
 
Error: (07/19/2015 07:10:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000FlipShare Service
 
Error: (07/19/2015 02:32:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SftService
 
Error: (07/19/2015 09:24:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
 
Microsoft Office:
=========================
Error: (05/29/2015 09:40:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3636 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error: (05/22/2015 10:09:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 975 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error: (05/18/2015 03:49:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2681 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error: (05/18/2015 02:04:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1256 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error: (05/07/2015 12:27:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2550 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (05/04/2015 10:01:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 275 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (04/13/2015 01:35:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 493 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/31/2015 02:45:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2320 seconds with 1320 seconds of active time.  This session ended with a crash.
 
Error: (02/19/2015 09:45:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14088 seconds with 3060 seconds of active time.  This session ended with a crash.
 
Error: (02/17/2015 05:29:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 673 seconds with 420 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-20 13:00:14.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 13:00:13.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 13:00:11.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 13:00:10.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 11:30:58.254
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 11:30:53.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 11:30:48.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 11:30:43.137
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 10:06:41.713
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 10:06:40.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 440 @ 2.00GHz
Percentage of memory in use: 60%
Total physical RAM: 2036.45 MB
Available physical RAM: 795.96 MB
Total Virtual: 4320.15 MB
Available Virtual: 2892.18 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:122.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
 
Thanks again! I will just wait for your response.


#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:19 AM

Posted 21 July 2015 - 03:08 PM

Hello Heather,

Safari for Windows is no longer supported and thus pose a security risk if you use it, so we will need to remove that. Also Google Toolbar is bundled with several products and is commonly consider unwanted.

We need to remove programs using "Programs and Features"

Click the Start orb on the taskbar, and then click Control Panel.
  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

screensaver_1280x1024
Google Toolbar for Internet Explorer
Safari


Additional instructions can be found here if needed.

Do you use these software? If not, please uninstall them using instructions above.

Coupon Printer for Windows
Savevid Toolbar


===

AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Regards,
Alex

Edited by Alexstrasza, 21 July 2015 - 03:09 PM.


#5 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 AM

Posted 21 July 2015 - 04:25 PM

Hi again, Alex.

 

This is my adwCleaner.txt logfile:

 

# AdwCleaner v4.208 - Logfile created 21/07/2015 at 16:53:01
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (x86)
# Username : Heather - HEATHER-PC
# Running from : C:\Users\Heather\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Found : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
Folder Found : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
Folder Found : C:\Users\Heather\AppData\Local\PackageAware
 
***** [ Scheduled tasks ] *****
 
Task Found : IHUninstallTrackingTASK
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SAVEVI~2\Datamngr\datamngr.dll
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows4.0
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16669
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
 
-\\ Google Chrome v43.0.2357.134
 
 
*************************
 
AdwCleaner[R0].txt - [3096 bytes] - [21/07/2015 16:53:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3155 bytes] ##########
 
 
Please let me know what to do next. Thank you!!


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:19 AM

Posted 22 July 2015 - 02:45 AM

Hello Heather,

Did you uninstall the programs I mentioned in my last post?  :)

AdwCleaner - Scan & Clean
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished... Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
After you are done, please create a new set of FRST logs for me. Remember to put a checkmark in Addition.txt!.

Regards,
Alex 

#7 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 AM

Posted 22 July 2015 - 08:24 AM

Hi Alex,

 

Yes, I was able to uninstall the programs you mentioned in your post. Sorry, I forgot to tell you!  :o

 

The following is the latest AdwCleaner.txt logfile:

 

# AdwCleaner v4.208 - Logfile created 22/07/2015 at 08:59:21
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (x86)
# Username : Heather - HEATHER-PC
# Running from : C:\Users\Heather\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Heather\AppData\Local\PackageAware
Folder Deleted : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
File Deleted : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Deleted : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
File Deleted : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : IHUninstallTrackingTASK
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows4.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SAVEVI~2\Datamngr\datamngr.dll
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16669
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Google Chrome v43.0.2357.134
 
 
*************************
 
AdwCleaner[R0].txt - [3234 bytes] - [21/07/2015 16:53:01]
AdwCleaner[R1].txt - [3293 bytes] - [22/07/2015 08:57:11]
AdwCleaner[S0].txt - [3169 bytes] - [22/07/2015 08:59:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3228  bytes] ##########
 
 
 
 
The following is the latest FRST.txt log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Heather (administrator) on HEATHER-PC on 22-07-2015 09:15:16
Running from C:\Users\Heather\Desktop
Loaded Profiles: Heather (Available Profiles: Heather)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NTI Corporation) C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(SoftThinks SAS) C:\Program Files\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(SoftThinks - Dell) C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(SoftThinks - Dell) C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-07-20] (Citrix Online, a division of Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2008-07-20]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {1A076F2C-822D-4858-9EB2-F82026115A85} URL = http://www.target.com/gp/search.html?field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {340037EE-C05C-4B39-820B-4443A3FD10D6} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {6CE78A53-2FDC-4633-912E-0FBE68FAC701} URL = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {77262F31-1DF4-4FE2-9AF0-74782B8895C0} URL = http://www.walmart.com/catalog/search-ng.gsp?search_constraint=0&search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {8F922F6B-257A-400B-BA4B-AEC146849F22} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = 
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {CCCB3669-FBE5-416F-9DF8-44AFF05EB65E} URL = http://search.about.com/fullsearch.htm?terms={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {E8F6FEC7-469C-462A-94B8-A6C3B4C2AC09} URL = http://search.lycos.com/setup.php?src=ie&query={searchTerms}
BHO: BlspcHlpr Class -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> C:\Program Files\ATT Internet Tools\blspc_win32.dll No File
BHO: No Name -> {656EC4B7-072B-4698-B504-2A414C1F0037} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-11] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO: No Name -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-11] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -  No File
Toolbar: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F11995B2-3063-40C5-BFF4-2A42302544DC}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2422294642-4059713625-2036378569-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Heather\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2422294642-4059713625-2036378569-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-06]
FF HKLM\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com
 
Chrome: 
=======
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Webpage Screenshot) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2015-01-29]
CHR Extension: (No Name) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2015-07-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-26]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-01-25] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-20] (Avast Software)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-07-20] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-07-27] (Alcatel-Lucent) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NTI BackupNowEZSvr; C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45768 2014-11-11] (NTI Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 6250spi; C:\Windows\System32\Drivers\6250spi.sys [11465 2006-09-19] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-20] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-20] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-07-20] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-20] (AVAST Software)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-07-20] (AVAST Software)
S3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror.sys [11168 2012-08-13] (Windows ® Win 7 DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-20] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Heather\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 XE104Sp50; System32\Drivers\XE104Sp50.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-22 09:15 - 2015-07-22 09:16 - 00020825 _____ C:\Users\Heather\Desktop\FRST.txt
2015-07-21 20:58 - 2015-07-14 12:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 20:58 - 2015-07-14 10:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 16:52 - 2015-07-22 09:00 - 00000000 ____D C:\AdwCleaner
2015-07-21 16:52 - 2015-07-21 16:52 - 02248704 _____ C:\Users\Heather\Desktop\AdwCleaner.exe
2015-07-21 11:34 - 2015-07-21 11:34 - 02027456 _____ C:\Users\Heather\Desktop\image1.jpeg
2015-07-20 13:31 - 2015-07-20 13:53 - 00000000 ____D C:\snapshots
2015-07-20 13:01 - 2015-07-20 13:02 - 00046887 _____ C:\Users\Heather\Desktop\Addition1.txt
2015-07-20 12:59 - 2015-07-22 09:15 - 00000000 ____D C:\FRST
2015-07-20 12:59 - 2015-07-20 13:02 - 00033719 _____ C:\Users\Heather\Desktop\FRST1.txt
2015-07-20 12:58 - 2015-07-20 12:58 - 01638912 _____ (Farbar) C:\Users\Heather\Desktop\FRST.exe
2015-07-20 10:28 - 2015-07-20 10:28 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-20 10:28 - 2015-07-20 10:28 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-07-20 10:28 - 2015-07-20 10:28 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-20 10:28 - 2015-07-20 10:27 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-16 00:13 - 2015-07-03 12:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-16 00:13 - 2015-06-24 22:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-16 00:12 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-16 00:12 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-16 00:11 - 2015-06-12 12:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 23:57 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 23:55 - 2015-06-27 12:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 23:55 - 2015-06-27 12:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 23:55 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 23:55 - 2015-06-27 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 23:55 - 2015-06-27 10:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 23:55 - 2015-06-27 10:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 23:55 - 2015-06-12 09:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 23:55 - 2015-01-08 20:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 11:10 - 2015-07-03 01:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 11:10 - 2015-07-03 01:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 11:10 - 2015-06-16 21:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 11:10 - 2015-06-16 21:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 11:10 - 2015-06-16 21:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 11:10 - 2015-06-16 21:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 11:10 - 2015-06-16 21:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 11:10 - 2015-06-16 21:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 11:10 - 2015-06-16 21:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 11:10 - 2015-06-16 21:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 11:10 - 2015-06-16 21:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-15 11:10 - 2015-06-16 21:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-10 11:15 - 2015-07-10 11:15 - 00000000 ____D C:\Users\Heather\AppData\Local\{22A3D95E-6743-49FA-987F-C00B984ED389}
2015-07-09 13:05 - 2015-07-09 13:05 - 00000000 ____D C:\Users\Heather\AppData\Local\{95FA45F9-F988-4044-A760-7B61ADAED802}
2015-07-07 16:01 - 2015-07-07 16:01 - 00000000 ____D C:\Users\Heather\AppData\Local\{6B5A4986-4117-42C1-8FB5-31548B9FEEFC}
2015-07-01 12:58 - 2015-07-01 12:58 - 00001688 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-01 12:57 - 2015-07-01 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-01 12:57 - 2015-07-01 12:58 - 00000000 ____D C:\Program Files\QuickTime
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-22 09:08 - 2008-07-19 22:44 - 01688516 _____ C:\Windows\WindowsUpdate.log
2015-07-22 09:04 - 2008-12-25 17:48 - 00000000 ____D C:\MDT
2015-07-22 09:03 - 2010-11-17 14:23 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-07-22 09:03 - 2010-11-17 14:23 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-07-22 09:03 - 2010-11-16 22:54 - 00000000 ____D C:\Program Files\Dell DataSafe Local Backup
2015-07-22 09:02 - 2012-05-15 21:24 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 09:02 - 2006-11-02 08:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 09:02 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-22 09:02 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-22 09:01 - 2006-11-02 08:58 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-22 08:45 - 2012-04-11 10:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-22 08:37 - 2012-05-15 21:24 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 08:17 - 2006-11-02 08:44 - 00280720 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-22 08:16 - 2012-05-15 21:24 - 00000000 ____D C:\Program Files\Google
2015-07-22 08:16 - 2008-01-20 23:02 - 00213648 _____ C:\Windows\PFRO.log
2015-07-21 16:48 - 2012-08-03 17:01 - 00000000 ____D C:\Program Files\Savevid Toolbar
2015-07-21 16:47 - 2009-02-27 22:02 - 00000000 ____D C:\Windows\system32\screensaver_1280x1024 dir
2015-07-21 16:45 - 2009-08-21 14:19 - 00000000 ____D C:\Program Files\Safari
2015-07-21 16:39 - 2012-05-15 21:23 - 00000000 ____D C:\Users\Heather\AppData\Local\Google
2015-07-21 11:36 - 2014-06-26 17:02 - 00000000 ____D C:\Users\Heather\Desktop\JACOBSLOANINFO
2015-07-20 12:22 - 2015-01-25 15:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-20 11:07 - 2015-03-26 18:15 - 00000000 ____D C:\Windows\system32\vbox
2015-07-20 10:30 - 2012-08-06 16:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-20 10:28 - 2014-04-30 14:46 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-20 10:28 - 2013-03-23 20:59 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-20 10:28 - 2013-03-23 20:59 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-07-16 09:11 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 00:11 - 2013-07-30 12:25 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 23:59 - 2008-07-20 02:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 15:45 - 2012-04-11 10:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 15:45 - 2011-05-14 12:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 15:34 - 2012-08-06 16:55 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 10:35 - 2012-05-15 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-11 10:40 - 2011-05-23 19:49 - 00000000 ____D C:\Windows\pss
2015-07-10 16:10 - 2013-04-01 13:01 - 00000000 ____D C:\Users\Heather\Desktop\thePICTUREfolder
2015-07-09 11:41 - 2008-12-15 12:54 - 00002587 _____ C:\Users\Heather\Desktop\Microsoft Office Word 2007.lnk
2015-07-07 12:06 - 2008-12-05 12:49 - 00000000 ____D C:\Users\Heather\AppData\Local\Adobe
2015-07-03 08:49 - 2006-11-02 06:24 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-30 19:40 - 2014-11-13 22:08 - 00000000 ____D C:\Users\Heather\Desktop\FRANKIELYLESTUFF
2015-06-23 14:19 - 2014-06-20 10:03 - 00000000 ____D C:\Users\Heather\Desktop\JAKESPAPERS
2015-06-22 11:27 - 2010-01-21 14:40 - 00000000 ____D C:\Users\Heather\Desktop\HKiddiePics
 
==================== Files in the root of some directories =======
 
2013-02-04 22:16 - 2013-02-04 23:01 - 0000163 _____ () C:\Users\Heather\AppData\Roaming\hpmirrordriver.log
2009-01-14 22:17 - 2010-01-26 20:33 - 0024085 _____ () C:\Users\Heather\AppData\Roaming\UserTile.png
2009-03-13 07:48 - 2014-06-10 12:48 - 0005892 _____ () C:\Users\Heather\AppData\Local\d3d9caps.dat
2008-12-09 17:16 - 2015-05-19 16:00 - 0044544 _____ () C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-11-30 19:18 - 2011-02-26 15:32 - 0008248 _____ () C:\Users\Heather\AppData\Local\en.ini
2013-02-04 17:22 - 2013-02-04 17:22 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-30 15:26 - 2010-12-30 15:26 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2008-12-01 22:11 - 2015-01-22 18:01 - 0017366 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Heather\AppData\Local\temp\Quarantine.exe
C:\Users\Heather\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-22 09:07
 
==================== End of log ============================
 
 
 
 
 
The following is the latest Addition.txt log:
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by Heather at 2015-07-22 09:17:07
Running from C:\Users\Heather\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2422294642-4059713625-2036378569-500 - Administrator - Disabled)
Guest (S-1-5-21-2422294642-4059713625-2036378569-501 - Limited - Disabled)
Heather (S-1-5-21-2422294642-4059713625-2036378569-1000 - Administrator - Enabled) => C:\Users\Heather
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Agent Ransack Version 1.7.3 (HKLM\...\Agent Ransack_is1) (Version:  - )
Aimersoft DVD Creator(Build 3.0.0) (HKLM\...\Aimersoft DVD Creator_is1) (Version:  - Aimersoft Software)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2223 - AVAST Software)
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
AXIS Media Control Embedded Installer (HKLM\...\{FD727056-F0C4-4811-9688-9EBF450D22C4}) (Version: 4.1.4 - Axis Communications)
Barbie™ as Rapunzel (HKLM\...\Barbie™ as Rapunzel) (Version:  - )
Barbie™ of Swan Lake Demo (HKLM\...\Barbie™ of Swan Lake Demo) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
ESSBrwr (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Family Tree Maker 2006 (HKLM\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version:  - )
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
FlipShare (HKLM\...\{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}) (Version: 5.10.25.0 - Flip Video)
FTMVistaUpdater (HKLM\...\{EE295D30-A10C-44F6-B14C-05E0D99429E4}) (Version: 1.0.0 - Family Tree Maker)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
HP Deskjet 2510 series Basic Device Software (HKLM\...\{867988FA-BCE7-46E9-A7E8-DC084A843319}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{79992AEE-6F58-4DAB-97D0-ADDF278F08F4}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JumpStart Typing (HKLM\...\JumpStart Typing) (Version:  - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mega Mission Helmet (HKLM\...\{73216C34-57DF-4BED-A7E3-BD11A1C5D8FB}) (Version: 2.00 - Bandai America)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Moraff's Maximum MahJongg (HKLM\...\Moraff's Maximum MahJongg) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
NTI Backup Now EZ (HKLM\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.66 - NTI Corporation)
NTI Backup Now EZ (Version: 3.0.2.66 - NTI Corporation) Hidden
OfotoXMI (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Phonogram Sounds version 1.1 (HKLM\...\{C44CF80B-4A5C-445B-8C58-36011EE8363D}_is1) (Version: 1.1 - All About Learning Press)
Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Publix Preschool Pals (HKLM\...\Publix Preschool Pals) (Version:  - )
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Reader Rabbit Thinking Adventures Ages 4-6 (HKLM\...\Reader Rabbit Thinking Adventures Ages 4-6) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RootsMagic 7.0.5.0 (HKLM\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.5.0 - RootsMagic, Inc.)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Samsung USB Driver (MCCI 4.34) WHQL v3.4 (HKLM\...\InstallShield_{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}) (Version: 4.34.4 - Samsung Electronics)
Samsung USB Driver (MCCI 4.34) WHQL v3.4 (Version: 4.34.4 - Samsung Electronics) Hidden
SaveVid Plug-in (HKLM\...\SaveVid Plug-in) (Version: 2.0.0.443 - Bandoo Media, Inc)
SaveVid Plug-in (Version: 2.0.0.443 - Bandoo Media, Inc) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SFR (Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden
SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
staticcr (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TablEdit 2.69 (HKLM\...\TablEdit_is1) (Version:  - TablEdit)
TEFView 2.69 (HKLM\...\TEFView_is1) (Version:  - TablEdit)
Unity Web Player (HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version:  - Sakar)
VPRINTOL (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WIRELESS (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Heather\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
 
==================== Restore Points =========================
 
15-07-2015 23:50:15 Windows Update
20-07-2015 10:25:27 avast! antivirus system restore point
21-07-2015 16:41:01 Removed Safari
21-07-2015 20:58:08 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2012-08-05 22:21 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FA89C23-505F-46CF-9E8E-FAE776A0A28D} - System32\Tasks\{E6804F8C-D88E-430E-B4C9-148DABE1FB30} => pcalua.exe -a E:\AutoRunPro.exe -d E:\
Task: {112A42E4-9FFF-4432-A3D7-96595032B7D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-15] (Google Inc.)
Task: {19D5E3E1-530D-432B-BAC6-96A9E03CACCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {1D116214-DFDE-4C69-85F0-0BC08203C2CC} - System32\Tasks\{8B08C022-1F7F-4312-A081-27D52E037E6B} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {23747F2C-51EE-4A2D-8CB8-87C7C966F0FB} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: {48CDBBAA-CA78-4FC3-AAA5-5D3265A9115F} - System32\Tasks\{FC1C9DC4-30E2-4153-B6DA-1D600FAE6EDD} => pcalua.exe -a "C:\ProgramData\Aimersoft\Video Converter Ultimate\pluginInstall.exe" -d "C:\ProgramData\Aimersoft\Video Converter Ultimate" -c "i" "firefox"
Task: {5B1C2C96-C9E9-4A74-B1B1-50002F66473E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {70DA7570-522B-4202-80EB-3AA1185A2049} - System32\Tasks\{6ABDBCA2-CF53-43AE-881C-063FCE7720B0} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {88F1CDA6-A1B8-4C6A-A605-E19916786510} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {9E9E4FD1-75AD-4D6D-A3B8-F9DF6CAE7EB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-15] (Google Inc.)
Task: {A1362C68-7874-445F-BE15-938FA1DA16BA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {AF859889-AB4F-4751-A8F2-6D92E691FCE7} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {BF58CC70-6112-4084-BE44-7E945623E3DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-26 18:04 - 2015-07-20 10:28 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-26 18:04 - 2015-07-20 10:28 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-22 08:25 - 2015-07-22 08:25 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072200\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-15 14:31 - 2010-12-15 14:31 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
2010-12-15 14:31 - 2010-12-15 14:31 - 04300800 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
2010-12-15 14:26 - 2010-12-15 14:26 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
2010-10-26 08:34 - 2010-10-26 08:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
2010-10-26 00:37 - 2010-10-26 00:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
2010-12-15 14:22 - 2010-12-15 14:22 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
2014-11-11 17:05 - 2014-11-11 17:05 - 00466032 _____ () C:\Program Files\NTI\NTI Backup Now EZ\sqlite3.dll
2010-11-16 22:54 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-03-13 20:15 - 2015-03-26 18:04 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7753 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 2510 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 2510 series.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: ATT-SST_McciTrayApp => "C:\Program Files\ATT-SST\McciTrayApp.exe"
MSCONFIG\startupreg: BackupNowEZ Tray => "C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
MSCONFIG\startupreg: blspcloader => C:\Program Files\ATT Internet Tools\blsloader.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpdateFlow.ATT-SST => C:\Program Files\ATT-SST\McciBrowser.exe -AppKey=ATT-SST -URL=file://C:\Program Files\ATT-SST\OfflineUpdate\redirector.htm
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{06F63C76-D13E-4A46-BB95-EFA6F2572394}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{0CEC5C03-3757-45BA-BFBA-4238212BDCE9}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{5486D72F-569A-4140-9E63-08F2D6146FDB}] => (Allow) C:\Program Files\ATT-HSI\McciBrowser.exe
FirewallRules: [{D0B4A75E-BA7C-4A7E-9986-9EA1322AE384}] => (Allow) C:\Program Files\ATT-HSI\McciBrowser.exe
FirewallRules: [{BF9E9FB7-AB68-48C7-A3F3-DC81ABE61BE3}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [{CCD5C229-22A2-416A-BFCE-5CD9F0AD8DFA}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [TCP Query User{6A28B40B-B248-428B-B2B8-03CD6BC934F6}C:\program files\kodak\kodak easyshare software\bin\easyshare.exe] => (Block) C:\program files\kodak\kodak easyshare software\bin\easyshare.exe
FirewallRules: [UDP Query User{F81BE3DB-E462-4B81-A2C2-E42E9A4A9935}C:\program files\kodak\kodak easyshare software\bin\easyshare.exe] => (Block) C:\program files\kodak\kodak easyshare software\bin\easyshare.exe
FirewallRules: [{3BEAF255-DE28-4639-A09A-76C2EBDBF8AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB723629-635E-41BE-A486-53253EBE4FEF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B1E6BC71-E10D-4104-BAC9-49A96C1F106B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{49395D95-2795-4170-AAF7-974A2199C585}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB2F7D65-910C-42AC-A5BD-3088AB7F302C}] => (Allow) LPort=2869
FirewallRules: [{DC51807D-F3CE-4EB5-808D-17FBDB734510}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{BEA172A8-916F-49CC-B2D3-ED6278C55C6A}C:\program files\limewire\limewire.exe] => (Block) C:\program files\limewire\limewire.exe
FirewallRules: [UDP Query User{E1945EFC-F479-4C9F-8856-F52D4AE22484}C:\program files\limewire\limewire.exe] => (Block) C:\program files\limewire\limewire.exe
FirewallRules: [{8E3DBCF0-6020-4A3A-9FA3-66E49C8AB6BA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2426E2AC-4DF0-459F-B380-CCC0F69850C0}] => (Allow) LPort=24726
FirewallRules: [{FA3CB84D-E775-489C-88D4-EDEDC15AD926}] => (Allow) LPort=24727
FirewallRules: [{4D3B4780-5DFD-478D-9246-9577EED1B420}] => (Allow) LPort=80
FirewallRules: [{F7D4650E-FDB7-45F1-A74B-48918819EDA7}] => (Allow) LPort=80
FirewallRules: [{357B47F8-4656-4240-918C-3D339F1F5647}] => (Allow) LPort=80
FirewallRules: [{B1068DF0-F1C5-4A70-A7A4-3FADE939BB31}] => (Allow) C:\Users\Heather\AppData\Local\temp\7zS58AD\HPDiagnosticCoreUI.exe
FirewallRules: [{B42B2716-680D-4DA8-8E24-36710DF75C3A}] => (Allow) C:\Users\Heather\AppData\Local\temp\7zS58AD\HPDiagnosticCoreUI.exe
FirewallRules: [{6A92212B-3540-490F-9019-AE3B2F896C71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B68958C7-4FD3-4E76-BBFE-1E002BE65B43}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D52EDD01-1B4D-4551-B606-8260AE086D92}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C2246FB5-1076-4A13-BE28-B0789556E39D}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{1FC28D6D-B98E-429D-BD2A-63DC5F10AEDA}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{3ADDC340-0553-4030-B39E-D95B34ED5E05}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [{050B3C4B-375F-4FD5-B5F9-59DFD8235936}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{79D9F79B-6422-45C5-A7FB-618AE7CF8CFD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{070CD0A6-6712-43DB-A5C9-CFFBFAF288E0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/22/2015 09:03:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2015 08:18:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/21/2015 08:58:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d63cd952-fc15-4b80-b352-67003af16ea7}
 
Error: (07/21/2015 04:41:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {a7800653-500d-45e4-892f-29d07cbd434e}
 
Error: (07/21/2015 04:31:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/21/2015 09:50:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/20/2015 05:58:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinMail.exe version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: dd8
Start Time: 01d0c336f8342526
Termination Time: 0
 
Error: (07/20/2015 12:08:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinMail.exe version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: eb0
Start Time: 01d0c305d5728df6
Termination Time: 437
 
Error: (07/20/2015 12:01:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/20/2015 10:32:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/22/2015 09:03:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (07/22/2015 09:00:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search2300001Restart the service
 
Error: (07/22/2015 09:00:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Live ID Sign-in Assistant2100001Restart the service
 
Error: (07/22/2015 09:00:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: SAS Core Service110001Restart the service
 
Error: (07/22/2015 09:00:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: FlipShare Server201Restart the service
 
Error: (07/22/2015 08:59:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/22/2015 08:59:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service
 
Error: (07/22/2015 08:59:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1
 
Error: (07/22/2015 08:59:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NTI BackupNowEZSvr1
 
Error: (07/22/2015 08:59:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer11200001Restart the service
 
 
Microsoft Office:
=========================
Error: (05/29/2015 09:40:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3636 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error: (05/22/2015 10:09:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 975 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error: (05/18/2015 03:49:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2681 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error: (05/18/2015 02:04:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1256 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error: (05/07/2015 12:27:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2550 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (05/04/2015 10:01:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 275 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (04/13/2015 01:35:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 493 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/31/2015 02:45:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2320 seconds with 1320 seconds of active time.  This session ended with a crash.
 
Error: (02/19/2015 09:45:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14088 seconds with 3060 seconds of active time.  This session ended with a crash.
 
Error: (02/17/2015 05:29:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 673 seconds with 420 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-22 09:16:13.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-22 09:16:11.639
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-22 09:16:10.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-22 09:16:08.721
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 13:00:14.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 13:00:13.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 13:00:11.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 13:00:10.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 11:30:58.254
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-20 11:30:53.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 440 @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 2036.45 MB
Available physical RAM: 815.93 MB
Total Virtual: 4312.18 MB
Available Virtual: 2987.87 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:120.52 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
 
Thank you! I will just wait for your next instructions!  :)


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:19 AM

Posted 22 July 2015 - 12:41 PM

Hello Heather,

Fix with Farbar Recovery Scan Tool
  • Please click on the Start orb, type in notepad in the Search bar and press Enter. Notepad will open.
  • Copy and paste the contents of the following codebox into Notepad:
    HKLM\...\Run: [] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    BHO: BlspcHlpr Class -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> C:\Program Files\ATT Internet Tools\blspc_win32.dll No File
    BHO: No Name -> {656EC4B7-072B-4698-B504-2A414C1F0037} -> No File
    BHO: No Name -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> No File
    Toolbar: HKU\.DEFAULT -> No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
    Toolbar: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
    2015-07-21 16:48 - 2012-08-03 17:01 - 00000000 ____D C:\Program Files\Savevid Toolbar
    2015-07-21 16:47 - 2009-02-27 22:02 - 00000000 ____D C:\Windows\system32\screensaver_1280x1024 dir
    2015-07-21 16:45 - 2009-08-21 14:19 - 00000000 ____D C:\Program Files\Safari
    Task: {23747F2C-51EE-4A2D-8CB8-87C7C966F0FB} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    
  • Save the file as fixlist.txt to the same location as FRST.exe.
    Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
After you are finished, let me know how the computer is doing.

Regards,
Alex

#9 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 AM

Posted 22 July 2015 - 02:33 PM

Hi,

 

This is the Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by Heather at 2015-07-22 15:01:56 Run:1
Running from C:\Users\Heather\Desktop
Loaded Profiles: Heather (Available Profiles: Heather)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: BlspcHlpr Class -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> C:\Program Files\ATT Internet Tools\blspc_win32.dll No File
BHO: No Name -> {656EC4B7-072B-4698-B504-2A414C1F0037} -> No File
BHO: No Name -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> No File
Toolbar: HKU\.DEFAULT -> No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
Toolbar: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
2015-07-21 16:48 - 2012-08-03 17:01 - 00000000 ____D C:\Program Files\Savevid Toolbar
2015-07-21 16:47 - 2009-02-27 22:02 - 00000000 ____D C:\Windows\system32\screensaver_1280x1024 dir
2015-07-21 16:45 - 2009-08-21 14:19 - 00000000 ____D C:\Program Files\Safari
Task: {23747F2C-51EE-4A2D-8CB8-87C7C966F0FB} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15C9938F-CB96-496D-800A-B827F2E34EA1}" => key removed successfully.
"HKCR\CLSID\{15C9938F-CB96-496D-800A-B827F2E34EA1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{656EC4B7-072B-4698-B504-2A414C1F0037}" => key removed successfully.
HKCR\CLSID\{656EC4B7-072B-4698-B504-2A414C1F0037} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D879895E-2124-4ED0-BDDF-F8F8BBC98A6F}" => key removed successfully.
HKCR\CLSID\{D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} => value removed successfully.
HKCR\CLSID\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} => key not found. 
HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} => value removed successfully.
HKCR\CLSID\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} => key not found. 
C:\Program Files\Savevid Toolbar => moved successfully.
C:\Windows\system32\screensaver_1280x1024 dir => moved successfully.
C:\Program Files\Safari => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23747F2C-51EE-4A2D-8CB8-87C7C966F0FB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23747F2C-51EE-4A2D-8CB8-87C7C966F0FB}" => key removed successfully.
C:\Windows\System32\Tasks\Spybot - Search & Destroy - Scheduled Task not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Spybot - Search & Destroy - Scheduled Task => key not found. 
C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job not found.
 
==== End of Fixlog 15:01:57 ====
 
I hope everything looks okay with this. It only took about 1 second to run the FRST with the fixlist. Please let me know if this fixlog doesn't look the way that it should.
 
My computer seems to be running the way that it should. There aren't any more unwanted tabs opening trying to sell me things. Haven't seen any pop-up windows, either. Still looking around to see if anything bad happens.
 
Thank you again for helping me.


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:19 AM

Posted 22 July 2015 - 02:58 PM

Hello Heather,

It's normal for FRST to complete fixing in a short time like that.  :)

Now we will run some additional scans to make sure that nothing is missing.

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)

  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Please let me know if there are any remaining problems.

Regards,
Alex 



#11 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 AM

Posted 22 July 2015 - 07:00 PM

Hi again, Alex,

 

Sorry this took so long. The following is the Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/22/2015
Scan Time: 4:26:36 PM
Logfile: malwarebytestextfile.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.22.06
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Heather
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343812
Time Elapsed: 32 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
The following is the ESET Scanner log:
 
C:\Users\All Users\{87386CEB-BC00-465C-96D6-71F13BE96DD1}\SavevidSetupV2.res a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
C:\Program Files\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application cleaned by deleting - quarantined
C:\ProgramData\{87386CEB-BC00-465C-96D6-71F13BE96DD1}\SavevidSetupV2.res a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application deleted - quarantined
C:\Users\Heather\Desktop\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 
 
The ESET found 5 threats but was only able to clean 4 of them. I hope that isn't a big deal. 
 
Still so far, my computer seems to be acting normally.
 
I will wait to hear from you again.  :)


#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:19 AM

Posted 23 July 2015 - 06:40 AM

Hello Heather,

Things are looking good.  :)

Before I pronounce you all clean, there is something I need you to take notice about.

Outdated Java Se Runtime Environment

Your version of Java is out of dateOlder versions have vulnerabilities that malicious sites can use to exploit and infect your system. See herehereand here for information on the dangers of using outdated Java.

If you do not use Java, please uninstall it via Programs and Features. It will save you the trouble of having to keep Java updated, as well as reducing the attack surface that malware can exploit to infect your system.

If you need to use Java, please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 8 and save it to your desktop.
  • Under "Java Platform, Standard Edition"...click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select (click on) the download link for your operating system (Windows x86 Offline: jre-8u25-windows-i586.exe or Windows x64: jre-8u25-windows-x64.exe) and save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-8u25-windows-i586.exe (or jre-8u25-windows-x64.exe for 64-bit) to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

When you are done, please create a new set of FRST logs for me using previous instructions.

In your next reply I will need:

  • Confirmation that you have updated or removed Java;
  • A new set of logs from FRST (FRST.txt and Addition.txt).

Regards,
Alex 



#13 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 AM

Posted 23 July 2015 - 08:16 AM

Good morning, Alex!

 

I have uninstalled the Java program using the uninstall program feature in control panel. Also, I was checking out the articles on why outdated Java is so bad, and I think that the link for The Washington Post blog might be outdated. It didn't pull up for me. Then again, it could just be me, but that particular blog wasn't there. By the way, those are good enough reasons to NOT use Java. Ever.

 

Okay, the following logs are for the latest run of FRST.txt and Addition.txt:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Heather (administrator) on HEATHER-PC on 23-07-2015 09:03:30
Running from C:\Users\Heather\Desktop
Loaded Profiles: Heather (Available Profiles: Heather)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NTI Corporation) C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(SoftThinks SAS) C:\Program Files\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
() C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-07-20] (Citrix Online, a division of Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2008-07-20]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {1A076F2C-822D-4858-9EB2-F82026115A85} URL = http://www.target.com/gp/search.html?field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {340037EE-C05C-4B39-820B-4443A3FD10D6} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {6CE78A53-2FDC-4633-912E-0FBE68FAC701} URL = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {77262F31-1DF4-4FE2-9AF0-74782B8895C0} URL = http://www.walmart.com/catalog/search-ng.gsp?search_constraint=0&search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {8F922F6B-257A-400B-BA4B-AEC146849F22} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = 
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {CCCB3669-FBE5-416F-9DF8-44AFF05EB65E} URL = http://search.about.com/fullsearch.htm?terms={searchTerms}
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000 -> {E8F6FEC7-469C-462A-94B8-A6C3B4C2AC09} URL = http://search.lycos.com/setup.php?src=ie&query={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F11995B2-3063-40C5-BFF4-2A42302544DC}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2422294642-4059713625-2036378569-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Heather\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2422294642-4059713625-2036378569-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-06]
FF HKLM\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com
 
Chrome: 
=======
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Webpage Screenshot) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2015-01-29]
CHR Extension: (Empty New Tab Page) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2015-07-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-26]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-01-25] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-20] (Avast Software)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-07-20] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-07-27] (Alcatel-Lucent) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NTI BackupNowEZSvr; C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45768 2014-11-11] (NTI Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 6250spi; C:\Windows\System32\Drivers\6250spi.sys [11465 2006-09-19] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-20] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-20] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-07-20] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-20] (AVAST Software)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-07-20] (AVAST Software)
S3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror.sys [11168 2012-08-13] (Windows ® Win 7 DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-20] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Heather\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 XE104Sp50; System32\Drivers\XE104Sp50.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-23 09:03 - 2015-07-23 09:04 - 00019372 _____ C:\Users\Heather\Desktop\FRST.txt
2015-07-22 17:07 - 2015-07-22 17:07 - 00000000 ____D C:\Program Files\ESET
2015-07-22 17:06 - 2015-07-22 17:06 - 02870984 _____ (ESET) C:\Users\Heather\Desktop\esetsmartinstaller_enu.exe
2015-07-22 17:04 - 2015-07-22 17:04 - 00001075 _____ C:\Users\Heather\Desktop\malwarebytestextfile.txt
2015-07-22 09:17 - 2015-07-22 09:19 - 00045697 _____ C:\Users\Heather\Desktop\Addition2.txt
2015-07-22 09:15 - 2015-07-22 09:19 - 00033487 _____ C:\Users\Heather\Desktop\FRST2.txt
2015-07-21 20:58 - 2015-07-14 12:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 20:58 - 2015-07-14 10:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 16:52 - 2015-07-22 09:00 - 00000000 ____D C:\AdwCleaner
2015-07-21 16:52 - 2015-07-21 16:52 - 02248704 _____ C:\Users\Heather\Desktop\AdwCleaner.exe
2015-07-21 11:34 - 2015-07-21 11:34 - 02027456 _____ C:\Users\Heather\Desktop\image1.jpeg
2015-07-20 13:31 - 2015-07-20 13:53 - 00000000 ____D C:\snapshots
2015-07-20 13:01 - 2015-07-20 13:02 - 00046887 _____ C:\Users\Heather\Desktop\Addition1.txt
2015-07-20 12:59 - 2015-07-23 09:03 - 00000000 ____D C:\FRST
2015-07-20 12:59 - 2015-07-20 13:02 - 00033719 _____ C:\Users\Heather\Desktop\FRST1.txt
2015-07-20 12:58 - 2015-07-20 12:58 - 01638912 _____ (Farbar) C:\Users\Heather\Desktop\FRST.exe
2015-07-20 10:28 - 2015-07-20 10:28 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-20 10:28 - 2015-07-20 10:28 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-07-20 10:28 - 2015-07-20 10:28 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-20 10:28 - 2015-07-20 10:27 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-16 00:13 - 2015-07-03 12:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-16 00:13 - 2015-06-24 22:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-16 00:12 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-16 00:12 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-16 00:11 - 2015-06-12 12:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 23:57 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 23:55 - 2015-06-27 12:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 23:55 - 2015-06-27 12:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 23:55 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 23:55 - 2015-06-27 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 23:55 - 2015-06-27 10:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 23:55 - 2015-06-27 10:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 23:55 - 2015-06-12 09:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 23:55 - 2015-01-08 20:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 11:10 - 2015-07-03 01:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 11:10 - 2015-07-03 01:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 11:10 - 2015-06-16 21:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 11:10 - 2015-06-16 21:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 11:10 - 2015-06-16 21:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 11:10 - 2015-06-16 21:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 11:10 - 2015-06-16 21:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 11:10 - 2015-06-16 21:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 11:10 - 2015-06-16 21:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 11:10 - 2015-06-16 21:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 11:10 - 2015-06-16 21:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 11:10 - 2015-06-16 21:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-15 11:10 - 2015-06-16 21:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-10 11:15 - 2015-07-10 11:15 - 00000000 ____D C:\Users\Heather\AppData\Local\{22A3D95E-6743-49FA-987F-C00B984ED389}
2015-07-09 13:05 - 2015-07-09 13:05 - 00000000 ____D C:\Users\Heather\AppData\Local\{95FA45F9-F988-4044-A760-7B61ADAED802}
2015-07-07 16:01 - 2015-07-07 16:01 - 00000000 ____D C:\Users\Heather\AppData\Local\{6B5A4986-4117-42C1-8FB5-31548B9FEEFC}
2015-07-01 12:58 - 2015-07-01 12:58 - 00001688 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-01 12:57 - 2015-07-01 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-01 12:57 - 2015-07-01 12:58 - 00000000 ____D C:\Program Files\QuickTime
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-23 09:01 - 2008-07-20 02:53 - 00000000 ____D C:\Program Files\Java
2015-07-23 08:45 - 2012-04-11 10:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-23 08:41 - 2012-05-15 21:24 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-23 08:40 - 2012-08-06 16:55 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-23 08:21 - 2008-07-19 22:44 - 01720470 _____ C:\Windows\WindowsUpdate.log
2015-07-23 08:12 - 2010-11-17 14:23 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-07-23 08:12 - 2010-11-17 14:23 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-07-23 08:12 - 2010-11-16 22:54 - 00000000 ____D C:\Program Files\Dell DataSafe Local Backup
2015-07-23 08:11 - 2012-05-15 21:24 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-23 08:11 - 2008-12-25 17:48 - 00000000 ____D C:\MDT
2015-07-23 08:11 - 2006-11-02 08:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-23 08:11 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-23 08:11 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-22 21:23 - 2006-11-02 08:58 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-22 20:48 - 2008-12-05 12:31 - 00077544 _____ C:\Windows\DPINST.LOG
2015-07-22 20:48 - 2008-12-05 12:29 - 00000000 ____D C:\Program Files\Kodak
2015-07-22 20:48 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Help
2015-07-22 19:34 - 2012-08-03 17:01 - 00000000 __HDC C:\ProgramData\{87386CEB-BC00-465C-96D6-71F13BE96DD1}
2015-07-22 16:26 - 2015-01-25 15:56 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-22 16:19 - 2015-01-25 15:54 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-22 16:19 - 2015-01-25 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-22 16:19 - 2015-01-25 15:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-22 08:17 - 2006-11-02 08:44 - 00280720 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-22 08:16 - 2012-05-15 21:24 - 00000000 ____D C:\Program Files\Google
2015-07-22 08:16 - 2008-01-20 23:02 - 00213648 _____ C:\Windows\PFRO.log
2015-07-21 16:39 - 2012-05-15 21:23 - 00000000 ____D C:\Users\Heather\AppData\Local\Google
2015-07-21 11:36 - 2014-06-26 17:02 - 00000000 ____D C:\Users\Heather\Desktop\JACOBSLOANINFO
2015-07-20 11:07 - 2015-03-26 18:15 - 00000000 ____D C:\Windows\system32\vbox
2015-07-20 10:30 - 2012-08-06 16:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-20 10:28 - 2014-04-30 14:46 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-20 10:28 - 2013-03-23 20:59 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-20 10:28 - 2013-03-23 20:59 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-07-20 10:28 - 2012-08-06 16:05 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-07-16 09:11 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 00:11 - 2013-07-30 12:25 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 23:59 - 2008-07-20 02:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 15:45 - 2012-04-11 10:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 15:45 - 2011-05-14 12:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 10:35 - 2012-05-15 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-11 10:40 - 2011-05-23 19:49 - 00000000 ____D C:\Windows\pss
2015-07-10 16:10 - 2013-04-01 13:01 - 00000000 ____D C:\Users\Heather\Desktop\thePICTUREfolder
2015-07-09 11:41 - 2008-12-15 12:54 - 00002587 _____ C:\Users\Heather\Desktop\Microsoft Office Word 2007.lnk
2015-07-07 12:06 - 2008-12-05 12:49 - 00000000 ____D C:\Users\Heather\AppData\Local\Adobe
2015-07-03 08:49 - 2006-11-02 06:24 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-30 19:40 - 2014-11-13 22:08 - 00000000 ____D C:\Users\Heather\Desktop\FRANKIELYLESTUFF
2015-06-23 14:19 - 2014-06-20 10:03 - 00000000 ____D C:\Users\Heather\Desktop\JAKESPAPERS
 
==================== Files in the root of some directories =======
 
2013-02-04 22:16 - 2013-02-04 23:01 - 0000163 _____ () C:\Users\Heather\AppData\Roaming\hpmirrordriver.log
2009-01-14 22:17 - 2010-01-26 20:33 - 0024085 _____ () C:\Users\Heather\AppData\Roaming\UserTile.png
2009-03-13 07:48 - 2014-06-10 12:48 - 0005892 _____ () C:\Users\Heather\AppData\Local\d3d9caps.dat
2008-12-09 17:16 - 2015-05-19 16:00 - 0044544 _____ () C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-11-30 19:18 - 2011-02-26 15:32 - 0008248 _____ () C:\Users\Heather\AppData\Local\en.ini
2013-02-04 17:22 - 2013-02-04 17:22 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-30 15:26 - 2010-12-30 15:26 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2008-12-01 22:11 - 2015-01-22 18:01 - 0017366 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Heather\AppData\Local\temp\8.0.30.1-EasyShrx.Dll
C:\Users\Heather\AppData\Local\temp\Quarantine.exe
C:\Users\Heather\AppData\Local\temp\sqlite3.dll
C:\Users\Heather\AppData\Local\temp\VistaLib32_1.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-23 08:18
 
==================== End of log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by Heather at 2015-07-23 09:05:02
Running from C:\Users\Heather\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2422294642-4059713625-2036378569-500 - Administrator - Disabled)
Guest (S-1-5-21-2422294642-4059713625-2036378569-501 - Limited - Disabled)
Heather (S-1-5-21-2422294642-4059713625-2036378569-1000 - Administrator - Enabled) => C:\Users\Heather
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Agent Ransack Version 1.7.3 (HKLM\...\Agent Ransack_is1) (Version:  - )
Aimersoft DVD Creator(Build 3.0.0) (HKLM\...\Aimersoft DVD Creator_is1) (Version:  - Aimersoft Software)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2223 - AVAST Software)
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
AXIS Media Control Embedded Installer (HKLM\...\{FD727056-F0C4-4811-9688-9EBF450D22C4}) (Version: 4.1.4 - Axis Communications)
Barbie™ as Rapunzel (HKLM\...\Barbie™ as Rapunzel) (Version:  - )
Barbie™ of Swan Lake Demo (HKLM\...\Barbie™ of Swan Lake Demo) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Family Tree Maker 2006 (HKLM\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version:  - )
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FlipShare (HKLM\...\{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}) (Version: 5.10.25.0 - Flip Video)
FTMVistaUpdater (HKLM\...\{EE295D30-A10C-44F6-B14C-05E0D99429E4}) (Version: 1.0.0 - Family Tree Maker)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.89 - Google Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
HP Deskjet 2510 series Basic Device Software (HKLM\...\{867988FA-BCE7-46E9-A7E8-DC084A843319}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{79992AEE-6F58-4DAB-97D0-ADDF278F08F4}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
JumpStart Typing (HKLM\...\JumpStart Typing) (Version:  - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mega Mission Helmet (HKLM\...\{73216C34-57DF-4BED-A7E3-BD11A1C5D8FB}) (Version: 2.00 - Bandai America)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Moraff's Maximum MahJongg (HKLM\...\Moraff's Maximum MahJongg) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
NTI Backup Now EZ (HKLM\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.66 - NTI Corporation)
NTI Backup Now EZ (Version: 3.0.2.66 - NTI Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Phonogram Sounds version 1.1 (HKLM\...\{C44CF80B-4A5C-445B-8C58-36011EE8363D}_is1) (Version: 1.1 - All About Learning Press)
Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0 - Dell)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Publix Preschool Pals (HKLM\...\Publix Preschool Pals) (Version:  - )
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Reader Rabbit Thinking Adventures Ages 4-6 (HKLM\...\Reader Rabbit Thinking Adventures Ages 4-6) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RootsMagic 7.0.5.0 (HKLM\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.5.0 - RootsMagic, Inc.)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Samsung USB Driver (MCCI 4.34) WHQL v3.4 (HKLM\...\InstallShield_{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}) (Version: 4.34.4 - Samsung Electronics)
Samsung USB Driver (MCCI 4.34) WHQL v3.4 (Version: 4.34.4 - Samsung Electronics) Hidden
SaveVid Plug-in (HKLM\...\SaveVid Plug-in) (Version: 2.0.0.443 - Bandoo Media, Inc)
SaveVid Plug-in (Version: 2.0.0.443 - Bandoo Media, Inc) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TablEdit 2.69 (HKLM\...\TablEdit_is1) (Version:  - TablEdit)
TEFView 2.69 (HKLM\...\TEFView_is1) (Version:  - TablEdit)
Unity Web Player (HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version:  - Sakar)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Heather\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2422294642-4059713625-2036378569-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
 
==================== Restore Points =========================
 
15-07-2015 23:50:15 Windows Update
20-07-2015 10:25:27 avast! antivirus system restore point
21-07-2015 16:41:01 Removed Safari
21-07-2015 20:58:08 Windows Update
23-07-2015 08:55:50 Removed Java 8 Update 31
23-07-2015 08:59:22 Removed Java 8 Update 45
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2012-08-05 22:21 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FA89C23-505F-46CF-9E8E-FAE776A0A28D} - System32\Tasks\{E6804F8C-D88E-430E-B4C9-148DABE1FB30} => pcalua.exe -a E:\AutoRunPro.exe -d E:\
Task: {112A42E4-9FFF-4432-A3D7-96595032B7D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-15] (Google Inc.)
Task: {19D5E3E1-530D-432B-BAC6-96A9E03CACCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {1D116214-DFDE-4C69-85F0-0BC08203C2CC} - System32\Tasks\{8B08C022-1F7F-4312-A081-27D52E037E6B} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {48CDBBAA-CA78-4FC3-AAA5-5D3265A9115F} - System32\Tasks\{FC1C9DC4-30E2-4153-B6DA-1D600FAE6EDD} => pcalua.exe -a "C:\ProgramData\Aimersoft\Video Converter Ultimate\pluginInstall.exe" -d "C:\ProgramData\Aimersoft\Video Converter Ultimate" -c "i" "firefox"
Task: {5B1C2C96-C9E9-4A74-B1B1-50002F66473E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {70DA7570-522B-4202-80EB-3AA1185A2049} - System32\Tasks\{6ABDBCA2-CF53-43AE-881C-063FCE7720B0} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {88F1CDA6-A1B8-4C6A-A605-E19916786510} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {9E9E4FD1-75AD-4D6D-A3B8-F9DF6CAE7EB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-15] (Google Inc.)
Task: {A1362C68-7874-445F-BE15-938FA1DA16BA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {AF859889-AB4F-4751-A8F2-6D92E691FCE7} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {BF58CC70-6112-4084-BE44-7E945623E3DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-26 18:04 - 2015-07-20 10:28 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-26 18:04 - 2015-07-20 10:28 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-22 17:04 - 2015-07-22 17:04 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072201\algo.dll
2015-07-23 08:15 - 2015-07-23 08:15 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072300\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-15 14:31 - 2010-12-15 14:31 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
2010-12-15 14:31 - 2010-12-15 14:31 - 04300800 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
2010-12-15 14:26 - 2010-12-15 14:26 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
2010-10-26 08:34 - 2010-10-26 08:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
2010-10-26 00:37 - 2010-10-26 00:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
2010-12-15 14:22 - 2010-12-15 14:22 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
2014-11-11 17:05 - 2014-11-11 17:05 - 00466032 _____ () C:\Program Files\NTI\NTI Backup Now EZ\sqlite3.dll
2010-11-16 22:54 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-03-13 20:15 - 2015-03-26 18:04 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7753 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2422294642-4059713625-2036378569-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 2510 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 2510 series.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: ATT-SST_McciTrayApp => "C:\Program Files\ATT-SST\McciTrayApp.exe"
MSCONFIG\startupreg: BackupNowEZ Tray => "C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
MSCONFIG\startupreg: blspcloader => C:\Program Files\ATT Internet Tools\blsloader.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpdateFlow.ATT-SST => C:\Program Files\ATT-SST\McciBrowser.exe -AppKey=ATT-SST -URL=file://C:\Program Files\ATT-SST\OfflineUpdate\redirector.htm
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{06F63C76-D13E-4A46-BB95-EFA6F2572394}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{0CEC5C03-3757-45BA-BFBA-4238212BDCE9}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{5486D72F-569A-4140-9E63-08F2D6146FDB}] => (Allow) C:\Program Files\ATT-HSI\McciBrowser.exe
FirewallRules: [{D0B4A75E-BA7C-4A7E-9986-9EA1322AE384}] => (Allow) C:\Program Files\ATT-HSI\McciBrowser.exe
FirewallRules: [{BF9E9FB7-AB68-48C7-A3F3-DC81ABE61BE3}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [{CCD5C229-22A2-416A-BFCE-5CD9F0AD8DFA}] => (Allow) C:\Program Files\LimeWire\LimeWire.exe
FirewallRules: [TCP Query User{6A28B40B-B248-428B-B2B8-03CD6BC934F6}C:\program files\kodak\kodak easyshare software\bin\easyshare.exe] => (Block) C:\program files\kodak\kodak easyshare software\bin\easyshare.exe
FirewallRules: [UDP Query User{F81BE3DB-E462-4B81-A2C2-E42E9A4A9935}C:\program files\kodak\kodak easyshare software\bin\easyshare.exe] => (Block) C:\program files\kodak\kodak easyshare software\bin\easyshare.exe
FirewallRules: [{3BEAF255-DE28-4639-A09A-76C2EBDBF8AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB723629-635E-41BE-A486-53253EBE4FEF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B1E6BC71-E10D-4104-BAC9-49A96C1F106B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{49395D95-2795-4170-AAF7-974A2199C585}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB2F7D65-910C-42AC-A5BD-3088AB7F302C}] => (Allow) LPort=2869
FirewallRules: [{DC51807D-F3CE-4EB5-808D-17FBDB734510}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{BEA172A8-916F-49CC-B2D3-ED6278C55C6A}C:\program files\limewire\limewire.exe] => (Block) C:\program files\limewire\limewire.exe
FirewallRules: [UDP Query User{E1945EFC-F479-4C9F-8856-F52D4AE22484}C:\program files\limewire\limewire.exe] => (Block) C:\program files\limewire\limewire.exe
FirewallRules: [{8E3DBCF0-6020-4A3A-9FA3-66E49C8AB6BA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2426E2AC-4DF0-459F-B380-CCC0F69850C0}] => (Allow) LPort=24726
FirewallRules: [{FA3CB84D-E775-489C-88D4-EDEDC15AD926}] => (Allow) LPort=24727
FirewallRules: [{4D3B4780-5DFD-478D-9246-9577EED1B420}] => (Allow) LPort=80
FirewallRules: [{F7D4650E-FDB7-45F1-A74B-48918819EDA7}] => (Allow) LPort=80
FirewallRules: [{357B47F8-4656-4240-918C-3D339F1F5647}] => (Allow) LPort=80
FirewallRules: [{B1068DF0-F1C5-4A70-A7A4-3FADE939BB31}] => (Allow) C:\Users\Heather\AppData\Local\temp\7zS58AD\HPDiagnosticCoreUI.exe
FirewallRules: [{B42B2716-680D-4DA8-8E24-36710DF75C3A}] => (Allow) C:\Users\Heather\AppData\Local\temp\7zS58AD\HPDiagnosticCoreUI.exe
FirewallRules: [{6A92212B-3540-490F-9019-AE3B2F896C71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B68958C7-4FD3-4E76-BBFE-1E002BE65B43}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D52EDD01-1B4D-4551-B606-8260AE086D92}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C2246FB5-1076-4A13-BE28-B0789556E39D}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{1FC28D6D-B98E-429D-BD2A-63DC5F10AEDA}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{3ADDC340-0553-4030-B39E-D95B34ED5E05}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [{79D9F79B-6422-45C5-A7FB-618AE7CF8CFD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{070CD0A6-6712-43DB-A5C9-CFFBFAF288E0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{63DC9923-7A77-4AE3-A419-21A79EA648AA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/23/2015 08:59:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {32d77e7c-ea2a-4db9-8bbb-ae19bf68a6f6}
 
Error: (07/23/2015 08:55:51 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {32d77e7c-ea2a-4db9-8bbb-ae19bf68a6f6}
 
Error: (07/23/2015 08:12:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2015 08:45:21 PM) (Source: MsiInstaller) (EventID: 11905) (User: Heather-PC)
Description: Product: ESSgui -- Error 1905.Module C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.
 
Error: (07/22/2015 09:03:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2015 08:18:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/21/2015 08:58:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d63cd952-fc15-4b80-b352-67003af16ea7}
 
Error: (07/21/2015 04:41:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {a7800653-500d-45e4-892f-29d07cbd434e}
 
Error: (07/21/2015 04:31:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/21/2015 09:50:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/23/2015 08:12:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (07/22/2015 09:03:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (07/22/2015 09:00:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search2300001Restart the service
 
Error: (07/22/2015 09:00:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Live ID Sign-in Assistant2100001Restart the service
 
Error: (07/22/2015 09:00:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: SAS Core Service110001Restart the service
 
Error: (07/22/2015 09:00:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: FlipShare Server201Restart the service
 
Error: (07/22/2015 08:59:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/22/2015 08:59:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service
 
Error: (07/22/2015 08:59:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XAudioService1
 
Error: (07/22/2015 08:59:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NTI BackupNowEZSvr1
 
 
Microsoft Office:
=========================
Error: (05/29/2015 09:40:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3636 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error: (05/22/2015 10:09:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 975 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error: (05/18/2015 03:49:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2681 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error: (05/18/2015 02:04:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1256 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error: (05/07/2015 12:27:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2550 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (05/04/2015 10:01:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 275 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (04/13/2015 01:35:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 493 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/31/2015 02:45:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2320 seconds with 1320 seconds of active time.  This session ended with a crash.
 
Error: (02/19/2015 09:45:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14088 seconds with 3060 seconds of active time.  This session ended with a crash.
 
Error: (02/17/2015 05:29:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 673 seconds with 420 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-23 09:03:55.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-23 09:03:53.802
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-23 09:03:52.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-23 09:03:51.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-22 17:02:16.666
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-22 17:02:15.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-22 17:02:13.858
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-22 17:02:12.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-22 17:02:11.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-22 17:02:09.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 440 @ 2.00GHz
Percentage of memory in use: 57%
Total physical RAM: 2036.45 MB
Available physical RAM: 857.76 MB
Total Virtual: 4312.16 MB
Available Virtual: 2851.36 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:119.93 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
 
 
 
I'm so glad this is looking better! Please let me know if there's anything else I need to do. I will wait to hear. Thank you!!  :)


#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:19 AM

Posted 23 July 2015 - 10:17 AM

Hello Heather,

Allow me to bring you some good news - Your computer is clean  :thumbup2:

Please run one last tool to clean things up, and you are good to go.

Download DelFix from here and save it to your Desktop.

  • Close all running programs and start DelFix.
  • Make sure all available options are checked.
  • Click Run.
  • DelFix will remove the most of the tools used during the cleaning process, purge all system restore points and create a new one, activate UAC (if you have it disabled) and restore settings changed by malware removal tools.

You can uninstall ESET Online Scanner from Programs and Features in Control Panel.

The following links contain information about safe computing practices, which will help you to avoid future malware infections.

Best Practices for Safe Computing - Prevention of Malware Infection
How Malware Spreads - How did I get infected
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

Have a good day, and be safe! It has been a pleasure to work with you  :)

Regards,
Alex 



#15 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 AM

Posted 23 July 2015 - 10:35 AM

Thank you, Alex!! I tell everyone I know about the folks at Bleeping Computer and how great everyone is at helping people like me stay safe from malware or how you've saved me. I've learned a great deal from working with people here. You are a life (and computer) saver!! It has been a pleasure working with you as well. Take care!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users