WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93116 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Severly Infected and Cannot Connect

Started by mickey7 , Jul 10 2015 12:49 PM

Huge Mess of a Laptop

Please log in to reply

42 replies to this topic

#16 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 11 July 2015 - 07:29 PM

Yes go ahead and end task, then take the FIXLIST file and drag it to the trash, I am providing a new one without all those temp files , lets see how it goes with this new one

Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM -> {a3e1d674-04ee-4c9e-b143-442555830fb7} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF DefaultSearchEngine: Binkiland
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\MGKN37049485@ACPSC11936960.com [not found]
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [not found]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\generic_search.xml [2014-11-13]
CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
2015-06-24 17:11 - 2015-06-24 17:11 - 02808824 _____ (tuneuppro.com ) C:\Users\MITCH\Downloads\setup (5).exe
2015-06-22 23:35 - 2015-06-22 23:35 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\Unconfirmed 680101.crdownload
2015-06-22 23:20 - 2015-06-22 23:20 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (37).exe
2015-06-20 17:01 - 2015-06-20 17:01 - 00000000 ____D C:\Program Files (x86)\saVeerabbOOx
2015-06-20 16:57 - 2015-06-20 17:04 - 00000000 ____D C:\Program Files (x86)\saverabOx
2015-06-13 03:11 - 2015-06-13 03:42 - 00763984 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (36).exe
2015-06-13 03:10 - 2015-06-13 03:30 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (35).exe
2015-06-13 03:09 - 2015-06-13 03:20 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (33).exe
2015-06-13 03:09 - 2015-06-13 03:19 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (34).exe
2015-06-13 03:03 - 2015-06-13 03:17 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (31).exe
2015-06-13 03:03 - 2015-06-13 03:13 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (32).exe
2015-06-13 02:56 - 2015-06-13 02:56 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (30).exe
2015-06-13 02:55 - 2015-06-13 02:55 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (29).exe
2015-06-13 02:35 - 2015-06-13 02:37 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (28).exe
2015-06-13 02:33 - 2015-06-13 02:33 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (27).exe
2015-07-11 16:14 - 2014-11-21 21:35 - 00000414 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
Task: {0DD27251-64E2-4650-9D4A-C3ADF7018863} - \Bidaily Synchronize Task[8da6] No Task File <==== ATTENTION
Task: {1561D7EC-89A8-4FBE-AD83-D692307716D9} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {2F92FA4C-3E2A-463E-A873-A4263673B066} - System32\Tasks\SPD\Updater\SPDUpdater => C:\Program Files (x86)\SPDUpdater\updater.exe
Task: {3534170A-F599-4C07-9A09-91E068AC4146} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5 No Task File <==== ATTENTION
Task: {358A5B96-24A7-40C9-ACA0-01E66672CC53} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-3 No Task File <==== ATTENTION
Task: {47FADA48-E1F7-4394-AC82-87D3855E38DF} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-4 No Task File <==== ATTENTION
Task: {550197BE-9449-406E-A87E-B4A5D0C5A7E9} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user No Task File <==== ATTENTION
Task: {606604CF-21B5-4097-938E-59ED41B41D34} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5_user No Task File <==== ATTENTION
Task: {6D6FEC66-1079-4D1C-B170-52A2AFE4832E} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-1 No Task File <==== ATTENTION
Task: {74316EC4-62D8-4E24-A976-9EB79DCF5DF5} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5 No Task File <==== ATTENTION
Task: {78B9017C-6763-46A7-BE4A-27DAE3BDE864} - \LyricXeeker Update No Task File <==== ATTENTION
Task: {7A558424-DC0E-41CF-8906-0DE8B23AFE4D} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-10_user No Task File <==== ATTENTION
Task: {86AF4274-9E1B-479E-AE76-096AC9D1ABAA} - \CIMT_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
Task: {92B3EC2B-547D-4BCA-81D8-432B3EDC48EA} - \WSE_Vosteran No Task File <==== ATTENTION
Task: {963FF965-5E0E-4CDF-A672-A2259FD12654} - \CIMT_daily_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
Task: {9955E6D2-E9F2-4CF8-A32E-4584825313F2} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user No Task File <==== ATTENTION
Task: {9F04B29F-E2C8-463B-A4AC-E05C1D17E1D2} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-6 No Task File <==== ATTENTION
Task: {ADA036F4-E5E7-4468-83AB-B64A1DC2A6E0} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-11 No Task File <==== ATTENTION
Task: {C3104997-0446-4339-8E33-EDFB711CDE8B} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2 No Task File <==== ATTENTION
Task: {C4E5BC74-40CC-46DD-9B1B-C9DFF5AF7E28} - \avaxvavya No Task File <==== ATTENTION
Task: {CB3E08E5-2739-4261-95CF-12FD75F1F6DA} - \Wse_binkiland No Task File <==== ATTENTION
Task: {D027A209-468A-407D-A28B-C48FC816D4F2} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {DC375676-FE95-45E1-865D-18DC07723629} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-7 No Task File <==== ATTENTION
Task: {E254E739-0480-4F7D-B40D-41E2195AF220} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {FF7FD197-8DA0-4E29-9261-EF614DAB4123} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
FirewallRules: [TCP Query User{B7F8A776-007E-4C64-A28F-550E9D4602C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{875B22E8-B606-4C64-98EB-E19F3D004A9B}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1FFC6C13-530F-4C20-B161-D609D94DC4FC}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
FirewallRules: [{BCD33088-CBC3-4791-B171-23CA234BE409}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
FirewallRules: [{FD29D261-A29C-409E-B37A-5AAED6162D36}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#17 mickey7

Silver Member

Authentic Member
254 posts

Posted 11 July 2015 - 08:07 PM

It did it again. same folder different number at end.

#18 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 July 2015 - 03:53 AM

Try this new script I removed all the commands, we can deal with them later

Start
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM -> {a3e1d674-04ee-4c9e-b143-442555830fb7} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF DefaultSearchEngine: Binkiland
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\MGKN37049485@ACPSC11936960.com [not found]
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [not found]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\generic_search.xml [2014-11-13]
CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
2015-06-24 17:11 - 2015-06-24 17:11 - 02808824 _____ (tuneuppro.com ) C:\Users\MITCH\Downloads\setup (5).exe
2015-06-22 23:35 - 2015-06-22 23:35 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\Unconfirmed 680101.crdownload
2015-06-22 23:20 - 2015-06-22 23:20 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (37).exe
2015-06-20 17:01 - 2015-06-20 17:01 - 00000000 ____D C:\Program Files (x86)\saVeerabbOOx
2015-06-20 16:57 - 2015-06-20 17:04 - 00000000 ____D C:\Program Files (x86)\saverabOx
2015-06-13 03:11 - 2015-06-13 03:42 - 00763984 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (36).exe
2015-06-13 03:10 - 2015-06-13 03:30 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (35).exe
2015-06-13 03:09 - 2015-06-13 03:20 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (33).exe
2015-06-13 03:09 - 2015-06-13 03:19 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (34).exe
2015-06-13 03:03 - 2015-06-13 03:17 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (31).exe
2015-06-13 03:03 - 2015-06-13 03:13 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (32).exe
2015-06-13 02:56 - 2015-06-13 02:56 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (30).exe
2015-06-13 02:55 - 2015-06-13 02:55 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (29).exe
2015-06-13 02:35 - 2015-06-13 02:37 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (28).exe
2015-06-13 02:33 - 2015-06-13 02:33 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (27).exe
2015-07-11 16:14 - 2014-11-21 21:35 - 00000414 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
Task: {0DD27251-64E2-4650-9D4A-C3ADF7018863} - \Bidaily Synchronize Task[8da6] No Task File <==== ATTENTION
Task: {1561D7EC-89A8-4FBE-AD83-D692307716D9} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {2F92FA4C-3E2A-463E-A873-A4263673B066} - System32\Tasks\SPD\Updater\SPDUpdater => C:\Program Files (x86)\SPDUpdater\updater.exe
Task: {3534170A-F599-4C07-9A09-91E068AC4146} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5 No Task File <==== ATTENTION
Task: {358A5B96-24A7-40C9-ACA0-01E66672CC53} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-3 No Task File <==== ATTENTION
Task: {47FADA48-E1F7-4394-AC82-87D3855E38DF} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-4 No Task File <==== ATTENTION
Task: {550197BE-9449-406E-A87E-B4A5D0C5A7E9} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user No Task File <==== ATTENTION
Task: {606604CF-21B5-4097-938E-59ED41B41D34} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5_user No Task File <==== ATTENTION
Task: {6D6FEC66-1079-4D1C-B170-52A2AFE4832E} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-1 No Task File <==== ATTENTION
Task: {74316EC4-62D8-4E24-A976-9EB79DCF5DF5} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5 No Task File <==== ATTENTION
Task: {78B9017C-6763-46A7-BE4A-27DAE3BDE864} - \LyricXeeker Update No Task File <==== ATTENTION
Task: {7A558424-DC0E-41CF-8906-0DE8B23AFE4D} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-10_user No Task File <==== ATTENTION
Task: {86AF4274-9E1B-479E-AE76-096AC9D1ABAA} - \CIMT_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
Task: {92B3EC2B-547D-4BCA-81D8-432B3EDC48EA} - \WSE_Vosteran No Task File <==== ATTENTION
Task: {963FF965-5E0E-4CDF-A672-A2259FD12654} - \CIMT_daily_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
Task: {9955E6D2-E9F2-4CF8-A32E-4584825313F2} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user No Task File <==== ATTENTION
Task: {9F04B29F-E2C8-463B-A4AC-E05C1D17E1D2} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-6 No Task File <==== ATTENTION
Task: {ADA036F4-E5E7-4468-83AB-B64A1DC2A6E0} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-11 No Task File <==== ATTENTION
Task: {C3104997-0446-4339-8E33-EDFB711CDE8B} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2 No Task File <==== ATTENTION
Task: {C4E5BC74-40CC-46DD-9B1B-C9DFF5AF7E28} - \avaxvavya No Task File <==== ATTENTION
Task: {CB3E08E5-2739-4261-95CF-12FD75F1F6DA} - \Wse_binkiland No Task File <==== ATTENTION
Task: {D027A209-468A-407D-A28B-C48FC816D4F2} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {DC375676-FE95-45E1-865D-18DC07723629} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-7 No Task File <==== ATTENTION
Task: {E254E739-0480-4F7D-B40D-41E2195AF220} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {FF7FD197-8DA0-4E29-9261-EF614DAB4123} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
FirewallRules: [TCP Query User{B7F8A776-007E-4C64-A28F-550E9D4602C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{875B22E8-B606-4C64-98EB-E19F3D004A9B}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1FFC6C13-530F-4C20-B161-D609D94DC4FC}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
FirewallRules: [{BCD33088-CBC3-4791-B171-23CA234BE409}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
FirewallRules: [{FD29D261-A29C-409E-B37A-5AAED6162D36}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
End

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#19 mickey7

Silver Member

Authentic Member
254 posts

Posted 12 July 2015 - 05:39 AM

Here are the new logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
Ran by MITCH (administrator) on MITCH-PC on 12-07-2015 07:30:22
Running from C:\Users\MITCH\Desktop
Loaded Profiles: MITCH (Available Profiles: MITCH)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-10-08] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM-x32\...\Run: [DVDAgent] => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_25\bin\jusched.exe"
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {4F5E3C10-FEB0-467A-A7CD-FD0C05FDA134} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {EFA0BB11-5A96-43DF-A6CC-F172A691CAB1} URL = http://delicious.com...p={searchTerms}
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-05-30] (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Tcpip\Parameters: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.80.251

FireFox:
========
FF ProfilePath: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default
FF SearchEngineOrder.3: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @ei.GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderlandEI\Installr\2.bin\NPgtEISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-01-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\MGKN37049485@ACPSC11936960.com [not found]
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [not found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] () [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\MITCH\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U4 eabfiltr; No ImagePath
S4 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 07:30 - 2015-07-12 07:31 - 00014825 _____ C:\Users\MITCH\Desktop\FRST.txt
2015-07-12 07:29 - 2015-07-12 07:27 - 00007523 _____ C:\Users\MITCH\Desktop\fixlist.txt
2015-07-12 07:13 - 2015-07-12 07:13 - 00003882 ____N C:\bootex.log
2015-07-11 07:37 - 2015-07-11 07:37 - 00001064 _____ C:\mbl.txt
2015-07-10 21:18 - 2015-07-10 21:18 - 00005846 _____ C:\Users\MITCH\Documents\JRT.txt
2015-07-10 21:01 - 2015-07-10 20:55 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\MITCH\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-10 21:00 - 2015-07-10 20:34 - 03033806 _____ (Malwarebytes Corporation) C:\Users\MITCH\Desktop\JRT.exe
2015-07-10 20:31 - 2015-07-10 20:27 - 02248704 _____ C:\Users\MITCH\Desktop\AdwCleaner(1).exe
2015-07-10 17:33 - 2015-07-10 17:30 - 02112512 _____ (Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe
2015-07-10 14:29 - 2015-07-12 07:30 - 00000000 ____D C:\FRST
2015-07-10 14:17 - 2015-07-10 14:17 - 00006717 _____ C:\Users\MITCH\Desktop\dds.zip
2015-07-10 14:17 - 2015-07-10 14:17 - 00003205 _____ C:\Users\MITCH\Desktop\attach.zip
2015-07-10 14:02 - 2015-07-10 14:03 - 00011433 _____ C:\Users\MITCH\Documents\hijackthis.log
2015-07-10 13:58 - 2015-07-10 13:59 - 00002519 _____ C:\Users\MITCH\Desktop\HiJackThis.lnk
2015-07-10 13:58 - 2015-07-10 13:59 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-07-10 13:58 - 2015-07-10 13:58 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2015-07-10 13:57 - 2014-10-31 13:30 - 00688992 ____R (Swearware) C:\Users\MITCH\Desktop\dds.com
2015-07-10 13:57 - 2014-04-12 15:05 - 01402880 _____ C:\Users\MITCH\Desktop\HijackThis.msi
2015-07-10 08:57 - 2014-10-29 21:33 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\MITCH\Desktop\mbam-setup-2.0.3.1025.exe
2015-07-09 20:24 - 2015-07-09 15:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\MITCH\Desktop\tdsskiller.exe
2015-07-09 19:14 - 2015-07-09 15:24 - 21971528 _____ C:\Users\MITCH\Desktop\RogueKillerX64.exe
2015-07-09 19:10 - 2015-07-09 15:19 - 05200384 _____ (AVAST Software) C:\Users\MITCH\Desktop\aswMBR.exe
2015-07-07 21:05 - 2015-07-07 15:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MITCH\Desktop\revosetup.exe
2015-07-07 17:59 - 2015-07-07 17:59 - 00000000 _____ C:\Users\MITCH\AppData\Local\Temp.dat
2015-07-07 17:51 - 2015-07-07 17:51 - 00001861 _____ C:\Users\MITCH\Desktop\chrome.lnk
2015-07-07 17:42 - 2015-07-07 21:05 - 00001059 _____ C:\Users\MITCH\Desktop\Revo Uninstaller.lnk
2015-07-07 17:42 - 2015-07-07 21:05 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-07 08:31 - 2015-07-07 08:31 - 00000949 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-07-05 01:32 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-05 01:32 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-05 01:18 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Gravity Highlighter
2015-07-05 01:07 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-05 01:07 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-07-05 01:02 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Looper for YouTube
2015-07-03 17:18 - 2015-07-03 17:22 - 00004097 _____ C:\Windows\system32\dummy.002
2015-06-30 18:08 - 2015-06-30 18:08 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (38).exe
2015-06-27 22:14 - 2015-05-08 19:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-27 22:14 - 2015-05-08 19:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-27 22:10 - 2015-05-04 18:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-27 22:10 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-27 22:10 - 2015-05-04 18:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-27 22:10 - 2015-05-04 18:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-27 22:10 - 2015-05-04 17:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-27 22:10 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-27 22:09 - 2015-05-21 10:36 - 02795520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-27 21:40 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-27 21:40 - 2015-04-24 11:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-27 21:39 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Redbooth for Gmail
2015-06-24 18:46 - 2015-06-24 18:46 - 00000680 _____ C:\Users\MITCH\AppData\Local\d3d9caps.dat
2015-06-22 23:33 - 2015-06-26 16:40 - 00001985 _____ C:\Users\MITCH\Desktop\Google Chrome.lnk
2015-06-22 23:22 - 2015-06-22 23:24 - 00000000 ____D C:\94d4568a-ad62-4a6e-a62b-238f2297a462
2015-06-22 22:22 - 2015-05-30 20:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-22 22:21 - 2015-05-30 20:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-22 22:21 - 2015-05-30 20:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-22 22:21 - 2015-05-30 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-22 22:21 - 2015-05-30 20:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-22 22:21 - 2015-05-30 20:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-22 22:21 - 2015-05-30 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-22 22:21 - 2015-05-30 19:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-22 22:21 - 2015-05-30 19:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-22 22:21 - 2015-05-30 19:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-22 22:21 - 2015-05-30 19:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-22 22:21 - 2015-05-30 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-22 22:21 - 2015-05-30 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-22 22:21 - 2015-05-30 19:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-22 22:21 - 2015-05-30 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-22 22:21 - 2015-05-30 19:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-22 22:20 - 2015-05-30 21:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-22 22:20 - 2015-05-30 20:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-22 22:20 - 2015-05-30 20:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-22 22:20 - 2015-05-30 20:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-22 22:19 - 2015-05-30 20:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-22 22:19 - 2015-05-30 20:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-22 22:19 - 2015-05-30 19:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-22 22:19 - 2015-05-30 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-22 22:19 - 2015-05-30 19:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-22 22:18 - 2015-05-30 20:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-22 22:18 - 2015-05-30 20:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-22 22:18 - 2015-05-30 20:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-22 22:18 - 2015-05-30 20:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-22 22:18 - 2015-05-30 20:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-22 22:18 - 2015-05-30 20:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-22 22:18 - 2015-05-30 20:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-22 22:18 - 2015-05-30 19:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-22 22:18 - 2015-05-30 19:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-22 22:18 - 2015-05-30 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-22 22:18 - 2015-05-30 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-22 22:18 - 2015-05-30 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-22 22:17 - 2015-05-30 20:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-22 22:17 - 2015-05-30 20:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-22 22:17 - 2015-05-30 20:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-22 22:17 - 2015-05-30 19:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-22 22:17 - 2015-05-30 19:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-22 22:17 - 2015-05-30 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-22 22:17 - 2015-05-30 19:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-21 14:24 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-06-21 14:24 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-06-21 14:24 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-06-21 14:24 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-06-21 14:24 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-06-21 14:24 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-06-21 14:24 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-06-21 14:24 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-21 14:24 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-21 14:24 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-21 14:24 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-21 14:24 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-21 14:24 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-20 17:43 - 2015-06-20 17:43 - 00000000 ____D C:\Program Files (x86)\Galaxy New Tab
2015-06-20 16:53 - 2015-06-20 17:38 - 00000000 ____D C:\Program Files (x86)\JavaScript Popup Blocker

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 07:31 - 2011-08-08 22:41 - 01412131 _____ C:\Windows\WindowsUpdate.log
2015-07-12 07:24 - 2014-11-15 20:12 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job
2015-07-12 07:18 - 2012-09-10 13:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 07:18 - 2008-10-23 05:54 - 00003580 _____ C:\Windows\System32\Tasks\HP Health Check
2015-07-12 07:15 - 2013-12-08 15:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job
2015-07-12 07:15 - 2011-12-22 01:42 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-12 07:15 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 07:15 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 07:15 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 07:14 - 2013-08-11 15:29 - 04086754 _____ C:\Windows\PFRO.log
2015-07-11 22:35 - 2008-10-23 03:45 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-07-11 22:35 - 2006-11-02 11:42 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-11 21:46 - 2011-10-15 20:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-11 20:17 - 2014-11-15 20:12 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job
2015-07-11 16:14 - 2014-09-23 16:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-11 16:14 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\security
2015-07-11 07:37 - 2013-01-24 17:42 - 00000000 ____D C:\Users\Public\GameNutt
2015-07-11 03:00 - 2012-05-04 11:50 - 00002313 _____ C:\Windows\epplauncher.mif
2015-07-10 21:50 - 2014-09-23 16:56 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-10 21:37 - 2014-09-23 16:54 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-10 21:37 - 2014-09-23 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-10 20:48 - 2014-12-02 08:06 - 00000000 ____D C:\AdwCleaner
2015-07-10 20:48 - 2012-07-28 18:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-10 17:27 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\Help
2015-07-10 14:34 - 2015-04-18 12:47 - 00000000 ____D C:\Program Files (x86)\Tab Hibernation
2015-07-10 14:34 - 2015-01-06 02:55 - 00000000 ____D C:\Program Files (x86)\ce88c4aa-b86a-4c1e-bb45-d6da615fde68
2015-07-10 14:34 - 2014-11-11 01:11 - 00000000 ____D C:\Program Files (x86)\360a619a-0cf8-4762-bee6-45c5335152cc
2015-07-10 14:22 - 2015-04-06 00:06 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-09 22:53 - 2014-12-02 01:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-09 20:24 - 2014-12-03 08:40 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-09 19:34 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\tracing
2015-07-09 19:15 - 2014-12-03 08:40 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-09 19:13 - 2006-11-02 08:46 - 00005086 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-07 23:23 - 2015-05-05 03:18 - 00000000 ____D C:\Users\MITCH\AppData\Local\CrashDumps
2015-07-07 23:15 - 2012-10-08 16:39 - 00000000 ____D C:\Windows\Minidump
2015-07-07 08:31 - 2011-09-27 01:39 - 00000934 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-07 08:30 - 2011-09-27 01:38 - 00000915 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-07-07 03:12 - 2014-01-11 07:47 - 00000000 ____D C:\Windows\pss
2015-07-06 19:48 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2015-07-05 02:01 - 2008-10-23 05:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-05 01:54 - 2008-10-23 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-05 01:11 - 2014-12-07 19:21 - 00116019 _____ C:\Windows\system32\ScanResults.xml
2015-07-05 01:06 - 2011-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-05 00:42 - 2014-11-11 21:56 - 00000188 _____ C:\Users\MITCH\AppData\Roaming\WB.CFG
2015-07-05 00:35 - 2014-12-07 19:12 - 00000464 _____ C:\Windows\system32\ScannerSettings
2015-07-03 21:08 - 2006-11-02 08:33 - 77594624 _____ C:\Windows\system32\config\software_previous
2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\spool
2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\Msdtc
2015-07-03 21:07 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\registration
2015-07-03 21:07 - 2006-11-02 08:33 - 22544384 _____ C:\Windows\system32\config\system_previous
2015-07-03 21:02 - 2006-11-02 08:33 - 66322432 _____ C:\Windows\system32\config\components_previous
2015-07-03 21:01 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-07-03 17:09 - 2011-08-09 07:14 - 00000000 ____D C:\Users\MITCH
2015-07-03 16:20 - 2006-11-02 08:33 - 00524288 _____ C:\Windows\system32\config\default_previous
2015-07-03 16:20 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-06-27 22:30 - 2006-11-02 11:21 - 00317688 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-27 22:09 - 2013-11-20 01:25 - 00000000 ____D C:\Windows\system32\MRT
2015-06-26 17:03 - 2014-12-26 00:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-25 20:21 - 2012-09-10 13:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-25 20:21 - 2012-09-10 13:33 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-25 20:21 - 2011-08-14 13:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-22 22:32 - 2015-01-25 22:35 - 00000000 ____D C:\Program Files (x86)\Strong Password Generator
2015-06-21 00:09 - 2006-11-02 09:33 - 00000000 __RSD C:\Windows\Media
2015-06-19 23:45 - 2013-05-12 21:04 - 00000000 ____D C:\temp
2015-06-18 08:41 - 2014-09-23 16:51 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-09-23 16:51 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2013-01-03 10:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\MITCH\AppData\Roaming\QV
2011-09-04 18:51 - 2011-09-04 18:51 - 0029216 _____ () C:\Users\MITCH\AppData\Roaming\UserTile.png
2014-11-11 21:56 - 2015-07-05 00:42 - 0000188 _____ () C:\Users\MITCH\AppData\Roaming\WB.CFG
2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\AtStart.txt
2015-06-24 18:46 - 2015-06-24 18:46 - 0000680 _____ () C:\Users\MITCH\AppData\Local\d3d9caps.dat
2011-08-09 07:45 - 2014-01-11 18:49 - 0007680 _____ () C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\DSwitch.txt
2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\QSwitch.txt
2015-07-07 17:59 - 2015-07-07 17:59 - 0000000 _____ () C:\Users\MITCH\AppData\Local\Temp.dat
2014-01-27 03:19 - 2014-01-28 16:45 - 0002763 _____ () C:\ProgramData\connector.swf
2011-08-08 23:17 - 2011-08-08 23:17 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2008-10-23 05:36 - 2008-10-23 05:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2008-10-23 05:24 - 2008-10-23 05:27 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-08 23:14 - 2011-08-08 23:14 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2008-10-23 05:22 - 2008-10-23 05:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2008-10-23 05:27 - 2008-10-23 05:36 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2011-08-08 23:17 - 2011-08-08 23:17 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.8428.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-12 07:22

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
Ran by MITCH at 2015-07-12 07:34:07
Running from C:\Users\MITCH\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-499354876-3266562091-500007027-500 - Administrator - Disabled)
Guest (S-1-5-21-499354876-3266562091-500007027-501 - Limited - Disabled)
MITCH (S-1-5-21-499354876-3266562091-500007027-1000 - Administrator - Enabled) => C:\Users\MITCH

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player 10 ActiveX) (Version: 10.0.2.13 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)
AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{7510991E-FE80-7466-2E31-561B52059618}) (Version: 3.0.691.0 - ATI Technologies, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cache utility (HKU\.DEFAULT\...\Cache utility) (Version: 1 - Cache utility)
ccc-core-static (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Display settings (HKU\.DEFAULT\...\Display settings) (Version: 1 - Display settings)
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Hoyle Magic Carpet (x32 Version: 3.0.2.32 - WildTangent) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.0.0 - Hewlett-Packard Company)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2125 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.0926 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.9.1 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP User Guides 0129 (HKLM-x32\...\{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM-x32\...\{30D3B7BC-5798-45D9-822D-05CA18F39E99}) (Version: 1.1.1955.2793 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT)
Instant Wireless USB Adapter (HKLM-x32\...\{B78823CD-488F-43B4-80D6-FAEADAE40EC4}) (Version: - )
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0919 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.0919 - CyberLink Corp.) Hidden
Luxor 2 HD (x32 Version: 3.0.2.38 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Monopoly® (x32 Version: 3.0.2.32 - WildTangent) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2119 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2119 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2119 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2119 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2008.0917.337.4556 - ATI) Hidden
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Update (HKLM-x32\...\System Update) (Version: 1 - Network Downloads)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

10-07-2015 13:58:20 Installed HiJackThis
11-07-2015 03:00:20 Windows Update
11-07-2015 20:18:11 Restore Point Created by FRST
11-07-2015 21:38:53 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2015-07-11 21:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {011BC47C-CD3D-4075-BC44-E654FC9CB337} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
Task: {4F056A86-4ECC-46A0-AD5F-E0A1FCE648AB} - System32\Tasks\Norton Security Scan for MITCH => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe
Task: {51C251A7-C5BB-47A5-BD9C-C6E087DA7AD9} - System32\Tasks\User_Feed_Synchronization-{3B747F91-B0D3-4654-9E4B-A4C40BA27FB7}
Task: {54A904D6-5A97-4A13-BEE9-07810288425F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {5C33F235-D5D5-466A-98C1-ABB2D0D4AD0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {72DB8461-CBB1-4A87-B856-F19587FED056} - System32\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {9F3A227D-0B84-4572-90B9-7493B3C9E26C} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {C1798675-C18C-404F-90F5-7B354082CBE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {CB2DFFB6-695A-4CA6-9C22-E23E6A0EF409} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {DB62B7FB-D370-4087-8D7E-7B9D5BC9D85F} - System32\Tasks\HPCeeScheduleForMITCH => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {F27A700D-2399-4465-8225-F76ACCEAD52F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate
Task: {F4A14272-E385-446D-84AC-898751525AEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMITCH.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for MITCH.job => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe

==================== Loaded Modules (Whitelisted) ==============

2008-09-17 00:16 - 2008-09-17 00:16 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2008-10-23 05:48 - 2008-10-06 12:54 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
2008-10-23 05:36 - 2008-06-29 19:10 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-08-08 22:52 - 2011-08-08 22:52 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-08-22 13:03 - 2008-08-22 13:03 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2008-10-23 05:48 - 2008-10-06 12:54 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2008-09-25 21:42 - 2008-09-25 21:42 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\zuuqjjlq.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:D346F792

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-499354876-3266562091-500007027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MITCH\AppData\Local\Microsoft\BingDesktop\themes\2014-02-12.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: GamingWonderlandService => 2
MSCONFIG\Services: InternetUpdater => 2
MSCONFIG\Services: PCKeeper2Service => 2
MSCONFIG\Services: PCKeeperOcfService => 2
MSCONFIG\Services: RecipeHub_2jService => 2
MSCONFIG\Services: Retrogamer_4wService => 2
MSCONFIG\Services: vToolbarUpdater17.3.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^crossbrowse.lnk => C:\Windows\pss\crossbrowse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Lightning.lnk => C:\Windows\pss\Desktop Lightning.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Temperature Monitor.lnk => C:\Windows\pss\Desktop Temperature Monitor.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatch.lnk => C:\Windows\pss\StormWatch.lnk.Startup
MSCONFIG\startupreg: 3D BubbleSound => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: BoBrowser => "C:\Users\MITCH\AppData\Local\BoBrowser\Application\bobrowser.exe" --no-proxy-server
MSCONFIG\startupreg: Boost => C:\Program Files (x86)\Boost\Boost.exe
MSCONFIG\startupreg: cdloader => "C:\Users\MITCH\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: Gameo => C:\Users\MITCH\AppData\Roaming\Gameo\gameo.exe "C:\Users\MITCH\AppData\Roaming\Gameo\gameo.dat" mode:minimized
MSCONFIG\startupreg: GamingWonderland Browser Plugin Loader => C:\PROGRA~1\GAMING~2\bar\2.bin\gtbrmon.exe
MSCONFIG\startupreg: GamingWonderland EPM Support => "C:\PROGRA~1\GAMING~2\bar\3.bin\gtmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: GamingWonderland Home Page Guard 64 bit => "C:\PROGRA~1\GAMING~2\bar\2.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: GamingWonderland Search Scope Monitor => "C:\PROGRA~1\GAMING~2\bar\2.bin\gtsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: GardeningEnthusiast EPM Support => "C:\PROGRA~1\GARDEN~2\bar\1.bin\7jmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: GardeningEnthusiast Home Page Guard 64 bit => "C:\PROGRA~1\GARDEN~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: GardeningEnthusiast Search Scope Monitor => "C:\PROGRA~1\GARDEN~2\bar\1.bin\7jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: GardeningEnthusiast_7j Browser Plugin Loader => C:\PROGRA~1\GARDEN~2\bar\1.bin\7jbrmon.exe
MSCONFIG\startupreg: GenieoSystemTray => "C:\Users\MITCH\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
MSCONFIG\startupreg: GenieoUpdaterService => "C:\Users\MITCH\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5
MSCONFIG\startupreg: Google Update => "C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_1966301AF37C65D1ED1179E7CBD99E72 => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
MSCONFIG\startupreg: HowToSimplified EPM Support => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\8emedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: HowToSimplified Home Page Guard 64 bit => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: HowToSimplified Search Scope Monitor => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\8esrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: HowToSimplified_8e Browser Plugin Loader => C:\PROGRA~1\HOWTOS~2\bar\1.bin\8ebrmon.exe
MSCONFIG\startupreg: InboxToolbar => "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro 3.20\OptProLauncher.exe
MSCONFIG\startupreg: PackageTracer AppIntegrator 32-bit => C:\PROGRA~1\PACKAG~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: PackageTracer AppIntegrator 64-bit => C:\PROGRA~1\PACKAG~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: PackageTracer EPM Support => "C:\PROGRA~1\PACKAG~2\bar\1.bin\69medint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: PackageTracer Search Scope Monitor => "C:\PROGRA~1\PACKAG~2\bar\1.bin\69srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: PC Cleaners => "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
MSCONFIG\startupreg: PC Health Kit => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
MSCONFIG\startupreg: PCFixSpeed => "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
MSCONFIG\startupreg: PCTechHotline => "C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe" /STARTUP
MSCONFIG\startupreg: Recipe Hub Home Page Guard 64 bit => "C:\PROGRA~1\RECIPE~2\bar\2.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Recipe Hub Search Scope Monitor => "C:\PROGRA~1\RECIPE~2\bar\2.bin\2jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: RecipeHub_2j Browser Plugin Loader => C:\PROGRA~1\RECIPE~2\bar\2.bin\2jbrmon.exe
MSCONFIG\startupreg: Retrogamer Search Scope Monitor => "C:\PROGRA~1\RETROG~2\bar\2.bin\4wsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Retrogamer_4w Browser Plugin Loader => C:\PROGRA~1\RETROG~2\bar\2.bin\4wbrmon.exe
MSCONFIG\startupreg: Salus CrashMon => "C:\Program Files (x86)\f552dd4c52e3\a7d12b5975b4.exe" "b786bdb3c67d.exe" "http://log.data-url.com/salus/crash"
MSCONFIG\startupreg: Search Protection => "C:\Users\MITCH\AppData\Roaming\Search Protection\SP.EXE" /autostart
MSCONFIG\startupreg: SearchProtect => C:\Users\MITCH\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"
MSCONFIG\startupreg: SelectRebates => "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\MITCH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\MITCH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: shopperz => C:\Program Files\shopperz\wrex.exe
MSCONFIG\startupreg: shopperz64 => C:\Program Files\shopperz\wrex64.exe
MSCONFIG\startupreg: SpywareClearShield => "C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe"
MSCONFIG\startupreg: SpywareClearUpdater => "C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe"
MSCONFIG\startupreg: StormWatch => "C:\Program Files (x86)\StormWatch\StormWatchApp.exe"
MSCONFIG\startupreg: Super Optimizer => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
MSCONFIG\startupreg: TSMAgent => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: WebBar => C:\Users\MITCH\AppData\Local\WebBar\2.0.5343.21616\wb.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2D720E0B-FB17-4C8A-9F86-B55938CFA8A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{2EE9D486-776E-4A38-BC02-BD5F65BD28BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{8900904A-1EE6-4C87-96CB-7D86BA6CF64C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{E8290F9D-7197-4FCE-88B6-80063D832BC5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{C7963FE5-36CE-4FFA-8459-0F879C4A0E7B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{A107B0DE-B6D8-4607-9F2E-7665B44C7B33}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{D4905A67-ED93-4AF3-A217-99D2C0F551A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{E66EA628-13EB-4B6B-BFFC-5A9E5C1E10F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{6FE01D9B-EB0F-4788-8DCC-EC59AF93C650}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{B19F4E26-A53A-46E2-B47B-6E93B76D4D24}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{8C2326A8-FEBD-456F-9CC0-0A8B70DDE8D7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{9D4CA0E9-1209-4B35-B8A9-CEF5A320674E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{37948C4D-AFDB-4E8B-8FDE-E113AD9A1A5F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe
FirewallRules: [{D231B7E7-FA3B-4432-BF83-D93D9F897BD9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe
FirewallRules: [{5CD0FD8E-FC7E-4F04-850C-E6D8C86FB0F2}] => (Allow) LPort=80
FirewallRules: [{A9B3E1B3-D13A-4871-A0CE-F75D2638C6AA}] => (Allow) LPort=80
FirewallRules: [{0077EA1C-8965-4DA9-8255-7701AC4063E1}] => (Allow) LPort=80
FirewallRules: [TCP Query User{DA0631B7-7E96-4808-B2D5-9F0641460FC4}C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{00448820-4586-4DBA-B7AC-EE49FE0A898D}C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{8046D6BC-6A93-4EF2-9C67-31E758EB034D}] => (Allow) C:\Users\MITCH\AppData\Local\Temp\ibtmp3f6c444\component_514
FirewallRules: [{2DE2CBC0-830F-4902-836A-3786D03873DE}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{0FF8F62A-3271-4F1C-AC53-5665DFAAA8FA}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [TCP Query User{6BBFA39E-AD5C-4406-95F3-446C4716EE75}C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{977C99A4-24D8-4D66-B45C-71F685BFABFD}C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{C6117AF1-7B22-46EA-BF08-2ADE597FFE9C}C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{0540A14D-E985-4766-9D4F-E6C68B7D3461}C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [{33580EE5-CAD7-4CE9-992C-FC393CCEAC16}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{908B6D24-BD5A-42E3-B776-2551860859DB}] => (Allow) LPort=2869
FirewallRules: [{C1520C1F-25AC-459D-87AF-F696CC7BCCBD}] => (Allow) LPort=1900
FirewallRules: [{87EAD9F9-E3BB-4B21-8AAF-D7BB98002636}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{893C92B2-7F86-43D0-AE3E-6533E7347F0D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{345584AC-AFCD-43A8-BBAF-184C821686DE}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe
FirewallRules: [UDP Query User{387DBBA5-ACF8-44B3-90E8-C2579A546F02}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe
FirewallRules: [TCP Query User{B396CADD-5AFD-418A-B83C-B0056A1D7CF3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6C81C147-C618-4E57-8EC9-A39482E6A5CE}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{03BEA1CC-4967-4248-B683-821220DC922B}C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [UDP Query User{912186A5-B513-4198-8FE6-A1A35E7809C6}C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [{0659870B-2E91-458D-9905-0CA47E7AF388}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

More help is available by typing NET HELPMSG 4201.

==================== Memory info ===========================

Processor: AMD Turion™ X2 Dual-Core Mobile RM-74
Percentage of memory in use: 34%
Total physical RAM: 3836.89 MB
Available physical RAM: 2521.05 MB
Total Virtual: 7896.29 MB
Available Virtual: 6375.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.18 GB) (Free:217.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 89900F6B)
Partition 1: (Active) - (Size=285.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)

==================== End of log ============================

#20 mickey7

Silver Member

Authentic Member
254 posts

Posted 12 July 2015 - 06:30 AM

Here are the new scans after the fix:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
Ran by MITCH (administrator) on MITCH-PC on 12-07-2015 08:22:30
Running from C:\Users\MITCH\Desktop
Loaded Profiles: MITCH (Available Profiles: MITCH)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
(Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-10-08] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM-x32\...\Run: [DVDAgent] => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_25\bin\jusched.exe"
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {4F5E3C10-FEB0-467A-A7CD-FD0C05FDA134} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {EFA0BB11-5A96-43DF-A6CC-F172A691CAB1} URL = http://delicious.com...p={searchTerms}
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-05-30] (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Tcpip\Parameters: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.80.251

FireFox:
========
FF ProfilePath: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default
FF SearchEngineOrder.3: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @ei.GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderlandEI\Installr\2.bin\NPgtEISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-01-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\MGKN37049485@ACPSC11936960.com [not found]
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [not found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] () [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\MITCH\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U4 eabfiltr; No ImagePath
S4 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 08:22 - 2015-07-12 08:23 - 00014777 _____ C:\Users\MITCH\Desktop\FRST.txt
2015-07-12 07:13 - 2015-07-12 07:13 - 00003882 ____N C:\bootex.log
2015-07-11 07:37 - 2015-07-11 07:37 - 00001064 _____ C:\mbl.txt
2015-07-10 21:18 - 2015-07-10 21:18 - 00005846 _____ C:\Users\MITCH\Documents\JRT.txt
2015-07-10 21:01 - 2015-07-10 20:55 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\MITCH\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-10 21:00 - 2015-07-10 20:34 - 03033806 _____ (Malwarebytes Corporation) C:\Users\MITCH\Desktop\JRT.exe
2015-07-10 20:31 - 2015-07-10 20:27 - 02248704 _____ C:\Users\MITCH\Desktop\AdwCleaner(1).exe
2015-07-10 17:33 - 2015-07-10 17:30 - 02112512 _____ (Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe
2015-07-10 14:29 - 2015-07-12 08:22 - 00000000 ____D C:\FRST
2015-07-10 14:17 - 2015-07-10 14:17 - 00006717 _____ C:\Users\MITCH\Desktop\dds.zip
2015-07-10 14:17 - 2015-07-10 14:17 - 00003205 _____ C:\Users\MITCH\Desktop\attach.zip
2015-07-10 14:02 - 2015-07-10 14:03 - 00011433 _____ C:\Users\MITCH\Documents\hijackthis.log
2015-07-10 13:58 - 2015-07-10 13:59 - 00002519 _____ C:\Users\MITCH\Desktop\HiJackThis.lnk
2015-07-10 13:58 - 2015-07-10 13:59 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-07-10 13:58 - 2015-07-10 13:58 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2015-07-10 13:57 - 2014-10-31 13:30 - 00688992 ____R (Swearware) C:\Users\MITCH\Desktop\dds.com
2015-07-10 13:57 - 2014-04-12 15:05 - 01402880 _____ C:\Users\MITCH\Desktop\HijackThis.msi
2015-07-10 08:57 - 2014-10-29 21:33 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\MITCH\Desktop\mbam-setup-2.0.3.1025.exe
2015-07-09 20:24 - 2015-07-09 15:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\MITCH\Desktop\tdsskiller.exe
2015-07-09 19:14 - 2015-07-09 15:24 - 21971528 _____ C:\Users\MITCH\Desktop\RogueKillerX64.exe
2015-07-09 19:10 - 2015-07-09 15:19 - 05200384 _____ (AVAST Software) C:\Users\MITCH\Desktop\aswMBR.exe
2015-07-07 21:05 - 2015-07-07 15:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MITCH\Desktop\revosetup.exe
2015-07-07 17:59 - 2015-07-07 17:59 - 00000000 _____ C:\Users\MITCH\AppData\Local\Temp.dat
2015-07-07 17:51 - 2015-07-07 17:51 - 00001861 _____ C:\Users\MITCH\Desktop\chrome.lnk
2015-07-07 17:42 - 2015-07-07 21:05 - 00001059 _____ C:\Users\MITCH\Desktop\Revo Uninstaller.lnk
2015-07-07 17:42 - 2015-07-07 21:05 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-07 08:31 - 2015-07-07 08:31 - 00000949 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-07-05 01:32 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-05 01:32 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-05 01:18 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Gravity Highlighter
2015-07-05 01:07 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-05 01:07 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-07-05 01:02 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Looper for YouTube
2015-07-03 17:18 - 2015-07-03 17:22 - 00004097 _____ C:\Windows\system32\dummy.002
2015-06-30 18:08 - 2015-06-30 18:08 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (38).exe
2015-06-27 22:14 - 2015-05-08 19:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-27 22:14 - 2015-05-08 19:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-27 22:10 - 2015-05-04 18:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-27 22:10 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-27 22:10 - 2015-05-04 18:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-27 22:10 - 2015-05-04 18:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-27 22:10 - 2015-05-04 17:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-27 22:10 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-27 22:09 - 2015-05-21 10:36 - 02795520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-27 21:40 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-27 21:40 - 2015-04-24 11:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-27 21:39 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Redbooth for Gmail
2015-06-24 18:46 - 2015-06-24 18:46 - 00000680 _____ C:\Users\MITCH\AppData\Local\d3d9caps.dat
2015-06-22 23:33 - 2015-06-26 16:40 - 00001985 _____ C:\Users\MITCH\Desktop\Google Chrome.lnk
2015-06-22 23:22 - 2015-06-22 23:24 - 00000000 ____D C:\94d4568a-ad62-4a6e-a62b-238f2297a462
2015-06-22 22:22 - 2015-05-30 20:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-22 22:21 - 2015-05-30 20:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-22 22:21 - 2015-05-30 20:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-22 22:21 - 2015-05-30 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-22 22:21 - 2015-05-30 20:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-22 22:21 - 2015-05-30 20:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-22 22:21 - 2015-05-30 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-22 22:21 - 2015-05-30 19:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-22 22:21 - 2015-05-30 19:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-22 22:21 - 2015-05-30 19:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-22 22:21 - 2015-05-30 19:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-22 22:21 - 2015-05-30 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-22 22:21 - 2015-05-30 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-22 22:21 - 2015-05-30 19:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-22 22:21 - 2015-05-30 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-22 22:21 - 2015-05-30 19:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-22 22:20 - 2015-05-30 21:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-22 22:20 - 2015-05-30 20:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-22 22:20 - 2015-05-30 20:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-22 22:20 - 2015-05-30 20:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-22 22:19 - 2015-05-30 20:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-22 22:19 - 2015-05-30 20:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-22 22:19 - 2015-05-30 19:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-22 22:19 - 2015-05-30 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-22 22:19 - 2015-05-30 19:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-22 22:18 - 2015-05-30 20:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-22 22:18 - 2015-05-30 20:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-22 22:18 - 2015-05-30 20:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-22 22:18 - 2015-05-30 20:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-22 22:18 - 2015-05-30 20:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-22 22:18 - 2015-05-30 20:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-22 22:18 - 2015-05-30 20:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-22 22:18 - 2015-05-30 19:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-22 22:18 - 2015-05-30 19:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-22 22:18 - 2015-05-30 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-22 22:18 - 2015-05-30 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-22 22:18 - 2015-05-30 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-22 22:17 - 2015-05-30 20:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-22 22:17 - 2015-05-30 20:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-22 22:17 - 2015-05-30 20:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-22 22:17 - 2015-05-30 19:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-22 22:17 - 2015-05-30 19:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-22 22:17 - 2015-05-30 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-22 22:17 - 2015-05-30 19:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-21 14:24 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-06-21 14:24 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-06-21 14:24 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-06-21 14:24 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-06-21 14:24 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-06-21 14:24 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-06-21 14:24 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-06-21 14:24 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-21 14:24 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-21 14:24 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-21 14:24 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-21 14:24 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-21 14:24 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-20 17:43 - 2015-06-20 17:43 - 00000000 ____D C:\Program Files (x86)\Galaxy New Tab
2015-06-20 16:53 - 2015-06-20 17:38 - 00000000 ____D C:\Program Files (x86)\JavaScript Popup Blocker

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 08:23 - 2014-11-15 20:12 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job
2015-07-12 08:18 - 2012-09-10 13:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 07:51 - 2011-08-08 22:41 - 01433854 _____ C:\Windows\WindowsUpdate.log
2015-07-12 07:44 - 2011-10-15 20:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 07:18 - 2008-10-23 05:54 - 00003580 _____ C:\Windows\System32\Tasks\HP Health Check
2015-07-12 07:15 - 2013-12-08 15:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job
2015-07-12 07:15 - 2011-12-22 01:42 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-12 07:15 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 07:15 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 07:15 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 07:14 - 2013-08-11 15:29 - 04086754 _____ C:\Windows\PFRO.log
2015-07-11 22:35 - 2008-10-23 03:45 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-07-11 22:35 - 2006-11-02 11:42 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-11 20:17 - 2014-11-15 20:12 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job
2015-07-11 16:14 - 2014-09-23 16:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-11 16:14 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\security
2015-07-11 07:37 - 2013-01-24 17:42 - 00000000 ____D C:\Users\Public\GameNutt
2015-07-11 03:00 - 2012-05-04 11:50 - 00002313 _____ C:\Windows\epplauncher.mif
2015-07-10 21:50 - 2014-09-23 16:56 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-10 21:37 - 2014-09-23 16:54 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-10 21:37 - 2014-09-23 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-10 20:48 - 2014-12-02 08:06 - 00000000 ____D C:\AdwCleaner
2015-07-10 20:48 - 2012-07-28 18:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-10 17:27 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\Help
2015-07-10 14:34 - 2015-04-18 12:47 - 00000000 ____D C:\Program Files (x86)\Tab Hibernation
2015-07-10 14:34 - 2015-01-06 02:55 - 00000000 ____D C:\Program Files (x86)\ce88c4aa-b86a-4c1e-bb45-d6da615fde68
2015-07-10 14:34 - 2014-11-11 01:11 - 00000000 ____D C:\Program Files (x86)\360a619a-0cf8-4762-bee6-45c5335152cc
2015-07-10 14:22 - 2015-04-06 00:06 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-09 22:53 - 2014-12-02 01:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-09 20:24 - 2014-12-03 08:40 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-09 19:34 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\tracing
2015-07-09 19:15 - 2014-12-03 08:40 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-09 19:13 - 2006-11-02 08:46 - 00005086 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-07 23:23 - 2015-05-05 03:18 - 00000000 ____D C:\Users\MITCH\AppData\Local\CrashDumps
2015-07-07 23:15 - 2012-10-08 16:39 - 00000000 ____D C:\Windows\Minidump
2015-07-07 08:31 - 2011-09-27 01:39 - 00000934 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-07 08:30 - 2011-09-27 01:38 - 00000915 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-07-07 03:12 - 2014-01-11 07:47 - 00000000 ____D C:\Windows\pss
2015-07-06 19:48 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2015-07-05 02:01 - 2008-10-23 05:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-05 01:54 - 2008-10-23 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-05 01:11 - 2014-12-07 19:21 - 00116019 _____ C:\Windows\system32\ScanResults.xml
2015-07-05 01:06 - 2011-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-05 00:42 - 2014-11-11 21:56 - 00000188 _____ C:\Users\MITCH\AppData\Roaming\WB.CFG
2015-07-05 00:35 - 2014-12-07 19:12 - 00000464 _____ C:\Windows\system32\ScannerSettings
2015-07-03 21:08 - 2006-11-02 08:33 - 77594624 _____ C:\Windows\system32\config\software_previous
2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\spool
2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\Msdtc
2015-07-03 21:07 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\registration
2015-07-03 21:07 - 2006-11-02 08:33 - 22544384 _____ C:\Windows\system32\config\system_previous
2015-07-03 21:02 - 2006-11-02 08:33 - 66322432 _____ C:\Windows\system32\config\components_previous
2015-07-03 21:01 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-07-03 17:09 - 2011-08-09 07:14 - 00000000 ____D C:\Users\MITCH
2015-07-03 16:20 - 2006-11-02 08:33 - 00524288 _____ C:\Windows\system32\config\default_previous
2015-07-03 16:20 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-06-27 22:30 - 2006-11-02 11:21 - 00317688 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-27 22:09 - 2013-11-20 01:25 - 00000000 ____D C:\Windows\system32\MRT
2015-06-26 17:03 - 2014-12-26 00:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-25 20:21 - 2012-09-10 13:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-25 20:21 - 2012-09-10 13:33 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-25 20:21 - 2011-08-14 13:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-22 22:32 - 2015-01-25 22:35 - 00000000 ____D C:\Program Files (x86)\Strong Password Generator
2015-06-21 00:09 - 2006-11-02 09:33 - 00000000 __RSD C:\Windows\Media
2015-06-19 23:45 - 2013-05-12 21:04 - 00000000 ____D C:\temp
2015-06-18 08:41 - 2014-09-23 16:51 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-09-23 16:51 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2013-01-03 10:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\MITCH\AppData\Roaming\QV
2011-09-04 18:51 - 2011-09-04 18:51 - 0029216 _____ () C:\Users\MITCH\AppData\Roaming\UserTile.png
2014-11-11 21:56 - 2015-07-05 00:42 - 0000188 _____ () C:\Users\MITCH\AppData\Roaming\WB.CFG
2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\AtStart.txt
2015-06-24 18:46 - 2015-06-24 18:46 - 0000680 _____ () C:\Users\MITCH\AppData\Local\d3d9caps.dat
2011-08-09 07:45 - 2014-01-11 18:49 - 0007680 _____ () C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\DSwitch.txt
2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\QSwitch.txt
2015-07-07 17:59 - 2015-07-07 17:59 - 0000000 _____ () C:\Users\MITCH\AppData\Local\Temp.dat
2014-01-27 03:19 - 2014-01-28 16:45 - 0002763 _____ () C:\ProgramData\connector.swf
2011-08-08 23:17 - 2011-08-08 23:17 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2008-10-23 05:36 - 2008-10-23 05:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2008-10-23 05:24 - 2008-10-23 05:27 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-08 23:14 - 2011-08-08 23:14 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2008-10-23 05:22 - 2008-10-23 05:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2008-10-23 05:27 - 2008-10-23 05:36 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2011-08-08 23:17 - 2011-08-08 23:17 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.8428.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-12 07:22

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
Ran by MITCH at 2015-07-12 08:24:33
Running from C:\Users\MITCH\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-499354876-3266562091-500007027-500 - Administrator - Disabled)
Guest (S-1-5-21-499354876-3266562091-500007027-501 - Limited - Disabled)
MITCH (S-1-5-21-499354876-3266562091-500007027-1000 - Administrator - Enabled) => C:\Users\MITCH

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player 10 ActiveX) (Version: 10.0.2.13 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)
AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{7510991E-FE80-7466-2E31-561B52059618}) (Version: 3.0.691.0 - ATI Technologies, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cache utility (HKU\.DEFAULT\...\Cache utility) (Version: 1 - Cache utility)
ccc-core-static (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Display settings (HKU\.DEFAULT\...\Display settings) (Version: 1 - Display settings)
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Hoyle Magic Carpet (x32 Version: 3.0.2.32 - WildTangent) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.0.0 - Hewlett-Packard Company)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2125 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.0926 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.9.1 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP User Guides 0129 (HKLM-x32\...\{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM-x32\...\{30D3B7BC-5798-45D9-822D-05CA18F39E99}) (Version: 1.1.1955.2793 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT)
Instant Wireless USB Adapter (HKLM-x32\...\{B78823CD-488F-43B4-80D6-FAEADAE40EC4}) (Version: - )
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0919 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.0919 - CyberLink Corp.) Hidden
Luxor 2 HD (x32 Version: 3.0.2.38 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Monopoly® (x32 Version: 3.0.2.32 - WildTangent) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2119 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2119 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2119 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2119 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2008.0917.337.4556 - ATI) Hidden
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Update (HKLM-x32\...\System Update) (Version: 1 - Network Downloads)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

10-07-2015 13:58:20 Installed HiJackThis
11-07-2015 03:00:20 Windows Update
11-07-2015 20:18:11 Restore Point Created by FRST
11-07-2015 21:38:53 Restore Point Created by FRST
12-07-2015 08:14:30 Removed Search App by Ask
12-07-2015 08:21:51 Removed Search App by Ask

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2015-07-11 21:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {011BC47C-CD3D-4075-BC44-E654FC9CB337} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
Task: {4F056A86-4ECC-46A0-AD5F-E0A1FCE648AB} - System32\Tasks\Norton Security Scan for MITCH => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe
Task: {51C251A7-C5BB-47A5-BD9C-C6E087DA7AD9} - System32\Tasks\User_Feed_Synchronization-{3B747F91-B0D3-4654-9E4B-A4C40BA27FB7}
Task: {54A904D6-5A97-4A13-BEE9-07810288425F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {5C33F235-D5D5-466A-98C1-ABB2D0D4AD0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {72DB8461-CBB1-4A87-B856-F19587FED056} - System32\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {9F3A227D-0B84-4572-90B9-7493B3C9E26C} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {C1798675-C18C-404F-90F5-7B354082CBE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {CB2DFFB6-695A-4CA6-9C22-E23E6A0EF409} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {DB62B7FB-D370-4087-8D7E-7B9D5BC9D85F} - System32\Tasks\HPCeeScheduleForMITCH => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {F27A700D-2399-4465-8225-F76ACCEAD52F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate
Task: {F4A14272-E385-446D-84AC-898751525AEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMITCH.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for MITCH.job => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe

==================== Loaded Modules (Whitelisted) ==============

2008-09-17 00:16 - 2008-09-17 00:16 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2008-10-23 05:48 - 2008-10-06 12:54 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
2008-10-23 05:36 - 2008-06-29 19:10 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-08-08 22:52 - 2011-08-08 22:52 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-08-22 13:03 - 2008-08-22 13:03 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2008-10-23 05:48 - 2008-10-06 12:54 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2008-09-25 21:42 - 2008-09-25 21:42 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\zuuqjjlq.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:D346F792

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-499354876-3266562091-500007027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MITCH\AppData\Local\Microsoft\BingDesktop\themes\2014-02-12.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: GamingWonderlandService => 2
MSCONFIG\Services: InternetUpdater => 2
MSCONFIG\Services: PCKeeper2Service => 2
MSCONFIG\Services: PCKeeperOcfService => 2
MSCONFIG\Services: RecipeHub_2jService => 2
MSCONFIG\Services: Retrogamer_4wService => 2
MSCONFIG\Services: vToolbarUpdater17.3.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^crossbrowse.lnk => C:\Windows\pss\crossbrowse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Lightning.lnk => C:\Windows\pss\Desktop Lightning.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Temperature Monitor.lnk => C:\Windows\pss\Desktop Temperature Monitor.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatch.lnk => C:\Windows\pss\StormWatch.lnk.Startup
MSCONFIG\startupreg: 3D BubbleSound => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: BoBrowser => "C:\Users\MITCH\AppData\Local\BoBrowser\Application\bobrowser.exe" --no-proxy-server
MSCONFIG\startupreg: Boost => C:\Program Files (x86)\Boost\Boost.exe
MSCONFIG\startupreg: cdloader => "C:\Users\MITCH\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: Gameo => C:\Users\MITCH\AppData\Roaming\Gameo\gameo.exe "C:\Users\MITCH\AppData\Roaming\Gameo\gameo.dat" mode:minimized
MSCONFIG\startupreg: GamingWonderland Browser Plugin Loader => C:\PROGRA~1\GAMING~2\bar\2.bin\gtbrmon.exe
MSCONFIG\startupreg: GamingWonderland EPM Support => "C:\PROGRA~1\GAMING~2\bar\3.bin\gtmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: GamingWonderland Home Page Guard 64 bit => "C:\PROGRA~1\GAMING~2\bar\2.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: GamingWonderland Search Scope Monitor => "C:\PROGRA~1\GAMING~2\bar\2.bin\gtsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: GardeningEnthusiast EPM Support => "C:\PROGRA~1\GARDEN~2\bar\1.bin\7jmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: GardeningEnthusiast Home Page Guard 64 bit => "C:\PROGRA~1\GARDEN~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: GardeningEnthusiast Search Scope Monitor => "C:\PROGRA~1\GARDEN~2\bar\1.bin\7jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: GardeningEnthusiast_7j Browser Plugin Loader => C:\PROGRA~1\GARDEN~2\bar\1.bin\7jbrmon.exe
MSCONFIG\startupreg: GenieoSystemTray => "C:\Users\MITCH\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
MSCONFIG\startupreg: GenieoUpdaterService => "C:\Users\MITCH\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5
MSCONFIG\startupreg: Google Update => "C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_1966301AF37C65D1ED1179E7CBD99E72 => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
MSCONFIG\startupreg: HowToSimplified EPM Support => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\8emedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: HowToSimplified Home Page Guard 64 bit => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: HowToSimplified Search Scope Monitor => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\8esrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: HowToSimplified_8e Browser Plugin Loader => C:\PROGRA~1\HOWTOS~2\bar\1.bin\8ebrmon.exe
MSCONFIG\startupreg: InboxToolbar => "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro 3.20\OptProLauncher.exe
MSCONFIG\startupreg: PackageTracer AppIntegrator 32-bit => C:\PROGRA~1\PACKAG~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: PackageTracer AppIntegrator 64-bit => C:\PROGRA~1\PACKAG~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: PackageTracer EPM Support => "C:\PROGRA~1\PACKAG~2\bar\1.bin\69medint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: PackageTracer Search Scope Monitor => "C:\PROGRA~1\PACKAG~2\bar\1.bin\69srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: PC Cleaners => "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
MSCONFIG\startupreg: PC Health Kit => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
MSCONFIG\startupreg: PCFixSpeed => "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
MSCONFIG\startupreg: PCTechHotline => "C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe" /STARTUP
MSCONFIG\startupreg: Recipe Hub Home Page Guard 64 bit => "C:\PROGRA~1\RECIPE~2\bar\2.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Recipe Hub Search Scope Monitor => "C:\PROGRA~1\RECIPE~2\bar\2.bin\2jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: RecipeHub_2j Browser Plugin Loader => C:\PROGRA~1\RECIPE~2\bar\2.bin\2jbrmon.exe
MSCONFIG\startupreg: Retrogamer Search Scope Monitor => "C:\PROGRA~1\RETROG~2\bar\2.bin\4wsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Retrogamer_4w Browser Plugin Loader => C:\PROGRA~1\RETROG~2\bar\2.bin\4wbrmon.exe
MSCONFIG\startupreg: Salus CrashMon => "C:\Program Files (x86)\f552dd4c52e3\a7d12b5975b4.exe" "b786bdb3c67d.exe" "http://log.data-url.com/salus/crash"
MSCONFIG\startupreg: Search Protection => "C:\Users\MITCH\AppData\Roaming\Search Protection\SP.EXE" /autostart
MSCONFIG\startupreg: SearchProtect => C:\Users\MITCH\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"
MSCONFIG\startupreg: SelectRebates => "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\MITCH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\MITCH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: shopperz => C:\Program Files\shopperz\wrex.exe
MSCONFIG\startupreg: shopperz64 => C:\Program Files\shopperz\wrex64.exe
MSCONFIG\startupreg: SpywareClearShield => "C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe"
MSCONFIG\startupreg: SpywareClearUpdater => "C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe"
MSCONFIG\startupreg: StormWatch => "C:\Program Files (x86)\StormWatch\StormWatchApp.exe"
MSCONFIG\startupreg: Super Optimizer => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
MSCONFIG\startupreg: TSMAgent => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: WebBar => C:\Users\MITCH\AppData\Local\WebBar\2.0.5343.21616\wb.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2D720E0B-FB17-4C8A-9F86-B55938CFA8A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{2EE9D486-776E-4A38-BC02-BD5F65BD28BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{8900904A-1EE6-4C87-96CB-7D86BA6CF64C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{E8290F9D-7197-4FCE-88B6-80063D832BC5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{C7963FE5-36CE-4FFA-8459-0F879C4A0E7B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{A107B0DE-B6D8-4607-9F2E-7665B44C7B33}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{D4905A67-ED93-4AF3-A217-99D2C0F551A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{E66EA628-13EB-4B6B-BFFC-5A9E5C1E10F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{6FE01D9B-EB0F-4788-8DCC-EC59AF93C650}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{B19F4E26-A53A-46E2-B47B-6E93B76D4D24}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{8C2326A8-FEBD-456F-9CC0-0A8B70DDE8D7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{9D4CA0E9-1209-4B35-B8A9-CEF5A320674E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{37948C4D-AFDB-4E8B-8FDE-E113AD9A1A5F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe
FirewallRules: [{D231B7E7-FA3B-4432-BF83-D93D9F897BD9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe
FirewallRules: [{5CD0FD8E-FC7E-4F04-850C-E6D8C86FB0F2}] => (Allow) LPort=80
FirewallRules: [{A9B3E1B3-D13A-4871-A0CE-F75D2638C6AA}] => (Allow) LPort=80
FirewallRules: [{0077EA1C-8965-4DA9-8255-7701AC4063E1}] => (Allow) LPort=80
FirewallRules: [TCP Query User{DA0631B7-7E96-4808-B2D5-9F0641460FC4}C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{00448820-4586-4DBA-B7AC-EE49FE0A898D}C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{8046D6BC-6A93-4EF2-9C67-31E758EB034D}] => (Allow) C:\Users\MITCH\AppData\Local\Temp\ibtmp3f6c444\component_514
FirewallRules: [{2DE2CBC0-830F-4902-836A-3786D03873DE}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{0FF8F62A-3271-4F1C-AC53-5665DFAAA8FA}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [TCP Query User{6BBFA39E-AD5C-4406-95F3-446C4716EE75}C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{977C99A4-24D8-4D66-B45C-71F685BFABFD}C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{C6117AF1-7B22-46EA-BF08-2ADE597FFE9C}C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{0540A14D-E985-4766-9D4F-E6C68B7D3461}C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [{33580EE5-CAD7-4CE9-992C-FC393CCEAC16}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{908B6D24-BD5A-42E3-B776-2551860859DB}] => (Allow) LPort=2869
FirewallRules: [{C1520C1F-25AC-459D-87AF-F696CC7BCCBD}] => (Allow) LPort=1900
FirewallRules: [{87EAD9F9-E3BB-4B21-8AAF-D7BB98002636}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{893C92B2-7F86-43D0-AE3E-6533E7347F0D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{345584AC-AFCD-43A8-BBAF-184C821686DE}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe
FirewallRules: [UDP Query User{387DBBA5-ACF8-44B3-90E8-C2579A546F02}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe
FirewallRules: [TCP Query User{B396CADD-5AFD-418A-B83C-B0056A1D7CF3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6C81C147-C618-4E57-8EC9-A39482E6A5CE}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{03BEA1CC-4967-4248-B683-821220DC922B}C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [UDP Query User{912186A5-B513-4198-8FE6-A1A35E7809C6}C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [{0659870B-2E91-458D-9905-0CA47E7AF388}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

More help is available by typing NET HELPMSG 4201.

==================== Memory info ===========================

Processor: AMD Turion™ X2 Dual-Core Mobile RM-74
Percentage of memory in use: 49%
Total physical RAM: 3836.89 MB
Available physical RAM: 1930.86 MB
Total Virtual: 7896.29 MB
Available Virtual: 6271.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.18 GB) (Free:214.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:1.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 89900F6B)
Partition 1: (Active) - (Size=285.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)

==================== End of log ============================

#21 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 July 2015 - 06:34 AM

Good Morning

You posted the new scans twice, I would really like to see the FIXLOG, it should be on your desktop

How is your system behaving now ??

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#22 mickey7

Silver Member

Authentic Member
254 posts

Posted 12 July 2015 - 02:57 PM

hmm thought I posted that first....

Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM -> {a3e1d674-04ee-4c9e-b143-442555830fb7} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF DefaultSearchEngine: Binkiland
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\MGKN37049485@ACPSC11936960.com [not found]
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [not found]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\generic_search.xml [2014-11-13]
CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
2015-06-24 17:11 - 2015-06-24 17:11 - 02808824 _____ (tuneuppro.com ) C:\Users\MITCH\Downloads\setup (5).exe
2015-06-22 23:35 - 2015-06-22 23:35 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\Unconfirmed 680101.crdownload
2015-06-22 23:20 - 2015-06-22 23:20 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (37).exe
2015-06-20 17:01 - 2015-06-20 17:01 - 00000000 ____D C:\Program Files (x86)\saVeerabbOOx
2015-06-20 16:57 - 2015-06-20 17:04 - 00000000 ____D C:\Program Files (x86)\saverabOx
2015-06-13 03:11 - 2015-06-13 03:42 - 00763984 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (36).exe
2015-06-13 03:10 - 2015-06-13 03:30 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (35).exe
2015-06-13 03:09 - 2015-06-13 03:20 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (33).exe
2015-06-13 03:09 - 2015-06-13 03:19 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (34).exe
2015-06-13 03:03 - 2015-06-13 03:17 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (31).exe
2015-06-13 03:03 - 2015-06-13 03:13 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (32).exe
2015-06-13 02:56 - 2015-06-13 02:56 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (30).exe
2015-06-13 02:55 - 2015-06-13 02:55 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (29).exe
2015-06-13 02:35 - 2015-06-13 02:37 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (28).exe
2015-06-13 02:33 - 2015-06-13 02:33 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (27).exe
2015-07-11 16:14 - 2014-11-21 21:35 - 00000414 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job
C:\Users\MITCH\AppData\Local\Temp\2cedfc8d-10f8-498f-8e56-6c2bc70b001e.exe
C:\Users\MITCH\AppData\Local\Temp\ASPackage.exe
C:\Users\MITCH\AppData\Local\Temp\CloudBackup1299.exe
C:\Users\MITCH\AppData\Local\Temp\CloudBackup4488.exe
C:\Users\MITCH\AppData\Local\Temp\component_634-1C80.exe
C:\Users\MITCH\AppData\Local\Temp\dllnt_dump.dll
C:\Users\MITCH\AppData\Local\Temp\eFixProPackage.exe
C:\Users\MITCH\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\MITCH\AppData\Local\Temp\ms.exe
C:\Users\MITCH\AppData\Local\Temp\ntdll_dump.dll
C:\Users\MITCH\AppData\Local\Temp\optprosetup.exe
C:\Users\MITCH\AppData\Local\Temp\Quarantine.exe
C:\Users\MITCH\AppData\Local\Temp\ReimagePackage.exe
C:\Users\MITCH\AppData\Local\Temp\ReiScanner.exe
C:\Users\MITCH\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\MITCH\AppData\Local\Temp\sdf2092.exe
C:\Users\MITCH\AppData\Local\Temp\sdf33E3.exe
C:\Users\MITCH\AppData\Local\Temp\sdf4578.exe
C:\Users\MITCH\AppData\Local\Temp\sdfF834.exe
C:\Users\MITCH\AppData\Local\Temp\setacl.exe
C:\Users\MITCH\AppData\Local\Temp\Setup0988111.exe
C:\Users\MITCH\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\MITCH\AppData\Local\Temp\sqlite3.dll
C:\Users\MITCH\AppData\Local\Temp\sqlite3.exe
C:\Users\MITCH\AppData\Local\Temp\updater_uninstall.exe
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
Task: {0DD27251-64E2-4650-9D4A-C3ADF7018863} - \Bidaily Synchronize Task[8da6] No Task File <==== ATTENTION
Task: {1561D7EC-89A8-4FBE-AD83-D692307716D9} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {2F92FA4C-3E2A-463E-A873-A4263673B066} - System32\Tasks\SPD\Updater\SPDUpdater => C:\Program Files (x86)\SPDUpdater\updater.exe
Task: {3534170A-F599-4C07-9A09-91E068AC4146} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5 No Task File <==== ATTENTION
Task: {358A5B96-24A7-40C9-ACA0-01E66672CC53} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-3 No Task File <==== ATTENTION
Task: {47FADA48-E1F7-4394-AC82-87D3855E38DF} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-4 No Task File <==== ATTENTION
Task: {550197BE-9449-406E-A87E-B4A5D0C5A7E9} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user No Task File <==== ATTENTION
Task: {606604CF-21B5-4097-938E-59ED41B41D34} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5_user No Task File <==== ATTENTION
Task: {6D6FEC66-1079-4D1C-B170-52A2AFE4832E} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-1 No Task File <==== ATTENTION
Task: {74316EC4-62D8-4E24-A976-9EB79DCF5DF5} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5 No Task File <==== ATTENTION
Task: {78B9017C-6763-46A7-BE4A-27DAE3BDE864} - \LyricXeeker Update No Task File <==== ATTENTION
Task: {7A558424-DC0E-41CF-8906-0DE8B23AFE4D} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-10_user No Task File <==== ATTENTION
Task: {86AF4274-9E1B-479E-AE76-096AC9D1ABAA} - \CIMT_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
Task: {92B3EC2B-547D-4BCA-81D8-432B3EDC48EA} - \WSE_Vosteran No Task File <==== ATTENTION
Task: {963FF965-5E0E-4CDF-A672-A2259FD12654} - \CIMT_daily_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
Task: {9955E6D2-E9F2-4CF8-A32E-4584825313F2} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user No Task File <==== ATTENTION
Task: {9F04B29F-E2C8-463B-A4AC-E05C1D17E1D2} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-6 No Task File <==== ATTENTION
Task: {ADA036F4-E5E7-4468-83AB-B64A1DC2A6E0} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-11 No Task File <==== ATTENTION
Task: {C3104997-0446-4339-8E33-EDFB711CDE8B} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2 No Task File <==== ATTENTION
Task: {C4E5BC74-40CC-46DD-9B1B-C9DFF5AF7E28} - \avaxvavya No Task File <==== ATTENTION
Task: {CB3E08E5-2739-4261-95CF-12FD75F1F6DA} - \Wse_binkiland No Task File <==== ATTENTION
Task: {D027A209-468A-407D-A28B-C48FC816D4F2} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {DC375676-FE95-45E1-865D-18DC07723629} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-7 No Task File <==== ATTENTION
Task: {E254E739-0480-4F7D-B40D-41E2195AF220} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {FF7FD197-8DA0-4E29-9261-EF614DAB4123} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
FirewallRules: [TCP Query User{B7F8A776-007E-4C64-A28F-550E9D4602C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{875B22E8-B606-4C64-98EB-E19F3D004A9B}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1FFC6C13-530F-4C20-B161-D609D94DC4FC}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
FirewallRules: [{BCD33088-CBC3-4791-B171-23CA234BE409}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
FirewallRules: [{FD29D261-A29C-409E-B37A-5AAED6162D36}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End

Machine seems more responsive however it will still only connect locally. Also (not sure what this means), but when I go into control panel to delete an object. As soon as I select it, a window pops up to state it is beginning the removal process. I can't just click to select then choose an option from above menus. It just starts removal process.

#23 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 July 2015 - 03:45 PM

Thats not the entire FIXLOG, its the FIXLIST, I need to see the FIXLOG, it will be on your desktop

C:\Users\MITCH\Downloads\ReimageRepair (38).exe <-- Go into your downloads folder and delete this file

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#24 mickey7

Silver Member

Authentic Member
254 posts

Posted 12 July 2015 - 03:52 PM

it is the only one I have on the flash drive with that name. I had already deleted it from the infected laptop. Shall I rerun the fix list?

Edited by mickey7, 12 July 2015 - 03:54 PM.

#25 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 July 2015 - 03:54 PM

You go the right log just not the entire log

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#26 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 July 2015 - 03:56 PM

Go to Start > Run and type in CLEANMGR and then enter, it will take a few minutes to analyze your system, when its done just checkmark Downloaded Program Files, Temporary Internet Files and Temp files and let your system clean them up

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#27 mickey7

Silver Member

Authentic Member
254 posts

Posted 12 July 2015 - 04:27 PM

Will run it now... but here is everything from that file that I have..

#28 mickey7

Silver Member

Authentic Member
254 posts

Posted 12 July 2015 - 04:45 PM

Still only local connection on internet.

Also just noticed the line in post #23 that you wanted me to remove:

"C:\Users\MITCH\Downloads\ReimageRepair (38).exe <-- Go into your downloads folder and delete this file"

I cannot locate it on the laptop.

I did a search of the downloads folder it didn't show. HOWEVER, when I did a search of the c:\ a tone of reimage* file are there.. Some listed as applications some as XBAD some as VIR a few as partial download etc.. shall I wipe them all?

Edited by mickey7, 12 July 2015 - 04:48 PM.

#29 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 July 2015 - 04:47 PM

There should be a second part in the log that will start below END and will show what we wanted to fix with FIXLIST as fixed or could not fix, oh well, dont worry about it

The only thing I see bad on your new logs is the entry in your download folder that needs to be deleted

This was one heavily infected system, even after the cleaning you may still have an issue or two, sometimes the best alternative is to reformat the drive and reinstall windows nice and clean and then all the problems that you had on this computer will be gone

I will be off line in about an hour and back on line in the am, let me know if cleanmgr ran ok

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#30 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 July 2015 - 04:50 PM

Make sure all copies of Fixlist and Fixlog are deleted so as not to get them mixed up, if you can run this new script than you wont need cleanmgr

Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.

Please copy the entire contents Inside of the code box below beginning with START and ending with END

(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).

Name the file Fixlist, Save it to your desktop where you have FRST/FRST64 or the fix wont work, . Then open up FRST/FRST64 and click on FIX (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please

Start
CloseProcesses:
CreateRestorePoint: 
2015-06-30 18:08 - 2015-06-30 18:08 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (38).exe
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme

Severly Infected and Cannot Connect

#16 ken545

Advertisements

Register to Remove

#17 mickey7

#18 ken545

#19 mickey7

#20 mickey7

#21 ken545

#22 mickey7

#23 ken545

#24 mickey7

#25 ken545

Advertisements

Register to Remove

#26 ken545

#27 mickey7

#28 mickey7

#29 ken545

#30 ken545

Related Topics

1 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Severly Infected and Cannot Connect

#16 ken545

Advertisements Register to Remove

#17 mickey7

#18 ken545

#19 mickey7

#20 mickey7

#21 ken545

#22 mickey7

#23 ken545

#24 mickey7

#25 ken545

Advertisements Register to Remove

#26 ken545

#27 mickey7

#28 mickey7

#29 ken545

#30 ken545

Related Topics

1 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove