Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91813 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Extremely slow, system freezes, haven't noticed any update options

Possible Viruses &/or Worms

  • This topic is locked This topic is locked
27 replies to this topic

#16 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 23 July 2014 - 04:44 AM

Looks like it picked up and infected file, lets do this, your going to get two reports, the main log and an additions log and I need to see them both

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #17 Nettie724

    Nettie724

      Authentic Member

    • Authentic Member
    • PipPip
    • 206 posts

    Posted 23 July 2014 - 03:02 PM

    Here is the FRST.TXT,

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-07-2014 01
    Ran by Scott (administrator) on SCOTT-PC on 23-07-2014 15:55:13
    Running from C:\Users\Scott\Downloads
    Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    () C:\Windows\System32\WLTRYSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (AWS Convergence Technologies, Inc.) C:\Program Files\AWS\WeatherBug\Weather.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
    (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    (SupportSoft, Inc.) C:\Program Files\CenturyLink\QuickCare\bin\sprtsvc.exe
    (IDT, Inc.) C:\Windows\System32\stacsv.exe
    (SupportSoft, Inc.) C:\Program Files\CenturyLink\QuickCare\bin\tgsrvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\wermgr.exe
    (Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter 
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter 
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\Run: [Weather] => C:\Program Files\AWS\WeatherBug\Weather.exe [1652736 2011-10-05] (AWS Convergence Technologies, Inc.)
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-08-06] (Google Inc.)
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {40e7b625-0979-11df-8ce8-00219bdf33cc} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {78450202-0cfe-11e1-92ce-00219bdf33cc} - G:\UEZLink.exe
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {b1c7986b-fba8-11e0-a9e9-00219bdf33cc} - H:\LaunchU3.exe -a
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {f805ddd8-65b5-11df-a786-00219bdf33cc} - "F:\WD SmartWare.exe" autoplay=true
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {f8eb5cb0-66e8-11df-88d1-00219bdf33cc} - F:\setupSNK.exe
     
    ==================== Internet (Whitelisted) ====================
     
    ProxyServer: :0
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM - ComcastSearch URL = http://search.comcas...cat=Web&con=ie7
    SearchScopes: HKCU - ComcastSearch URL = http://search.comcas...cat=Web&con=ie7
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
    BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO: CenturyLink -> {A317CB83-299C-4FC8-9ED7-2D64117D98EE} -> C:\Program Files\qwesttoolbar\qwesttoolbarDx.dll ()
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll No File
    BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    BHO: Toolbar BHO -> {d5a1d22b-9e17-454f-8ecd-83c578fb3983} -> C:\PROGRA~1\INBOXA~2\bar\1.bin\1gbar.dll No File
    BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - CenturyLink - {A317CB83-299C-4FC8-9ED7-2D64117D98EE} - C:\Program Files\qwesttoolbar\qwesttoolbarDx.dll ()
    Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll No File
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-15]
     
    Chrome: 
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR StartupUrls: "hxxp://www.google.com/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
    CHR Plugin: (AVG Internet Security) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\plugins/avgnpss.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
    CHR Extension: (AdBlock) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-21]
    CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]
     
    ========================== Services (Whitelisted) =================
     
    S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2008-09-24] (Adobe Systems) [File not signed]
    R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
    R2 sprtsvc_quickcare; C:\Program Files\CenturyLink\QuickCare\bin\sprtsvc.exe [206120 2011-06-07] (SupportSoft, Inc.)
    S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [382320 2011-06-07] (SupportSoft, Inc.)
    R2 tgsrvc_quickcare; C:\Program Files\CenturyLink\QuickCare\bin\tgsrvc.exe [185640 2011-06-07] (SupportSoft, Inc.)
    R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2008-05-19] (Dell Inc.) [File not signed]
     
    ==================== Drivers (Whitelisted) ====================
     
    R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
    R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-06-23] (AVG Technologies)
    S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-07-23 15:55 - 2014-07-23 15:56 - 00016942 _____ () C:\Users\Scott\Downloads\FRST.txt
    2014-07-23 15:54 - 2014-07-23 15:55 - 00000000 ____D () C:\FRST
    2014-07-23 15:53 - 2014-07-23 15:54 - 01082368 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe
    2014-07-23 15:52 - 2014-07-23 15:52 - 02091520 _____ (Farbar) C:\Users\Scott\Downloads\FRST64.exe
    2014-07-22 22:56 - 2014-07-22 22:56 - 00004041 _____ () C:\Users\Scott\Desktop\aswMBR.txt2.txt
    2014-07-22 21:41 - 2014-07-22 22:56 - 00000512 _____ () C:\Users\Scott\Desktop\MBR.dat
    2014-07-22 21:41 - 2014-07-22 21:41 - 00002138 _____ () C:\Users\Scott\Desktop\aswMBR.txt1.txt
    2014-07-22 21:19 - 2014-07-22 21:19 - 00143728 _____ () C:\Windows\Minidump\Mini072214-01.dmp
    2014-07-22 21:09 - 2014-07-22 21:09 - 05185536 _____ (AVAST Software) C:\Users\Scott\Downloads\aswMBR.exe
    2014-07-21 22:54 - 2014-07-21 22:54 - 00000901 _____ () C:\Users\Scott\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-20 14:28 - 2014-07-21 22:55 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-20 14:25 - 2014-07-21 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-20 14:25 - 2014-07-21 22:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-07-20 14:25 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-07-20 14:25 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-07-20 14:23 - 2014-07-20 14:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Scott\Desktop\mbam-setup-2.0.2.1012.exe
    2014-07-20 14:21 - 2014-07-20 14:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Scott\Downloads\mbam-setup-2.0.2.1012 (2).exe
    2014-07-20 14:20 - 2014-07-20 14:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Scott\Downloads\mbam-setup-2.0.2.1012 (1).exe
    2014-07-20 13:56 - 2014-07-20 13:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Scott\Downloads\mbam-setup-2.0.2.1012.exe
    2014-07-20 13:53 - 2014-07-20 13:53 - 00001886 _____ () C:\Users\Scott\Desktop\JRT.txt
    2014-07-20 13:49 - 2014-07-20 13:49 - 00000000 ____D () C:\Windows\ERUNT
    2014-07-20 13:48 - 2014-07-20 13:48 - 01016261 _____ (Thisisu) C:\Users\Scott\Downloads\JRT (1).exe
    2014-07-20 13:46 - 2014-07-20 13:46 - 01016261 _____ (Thisisu) C:\Users\Scott\Downloads\JRT.exe
    2014-07-20 13:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
    2014-07-20 13:30 - 2014-07-20 13:33 - 00000000 ____D () C:\AdwCleaner
    2014-07-20 13:29 - 2014-07-20 13:29 - 01354223 _____ () C:\Users\Scott\Downloads\AdwCleaner (1).exe
    2014-07-20 13:20 - 2014-07-20 13:20 - 00028573 _____ () C:\Users\Scott\Desktop\download.htm
    2014-07-20 13:18 - 2014-07-20 13:18 - 01354223 _____ () C:\Users\Scott\Downloads\AdwCleaner.exe
    2014-07-19 20:36 - 2014-07-19 20:36 - 00000579 _____ () C:\Users\Scott\Desktop\aswMBR.txt
    2014-07-19 20:30 - 2014-07-19 20:30 - 05185536 _____ (AVAST Software) C:\Users\Scott\Desktop\aswMBR.exe
    2014-07-19 20:18 - 2014-07-19 20:18 - 00002623 _____ () C:\Users\Scott\Desktop\attach.zip
    2014-07-19 20:11 - 2014-07-19 20:11 - 00005881 _____ () C:\Users\Scott\Desktop\attach.txt
    2014-07-19 20:11 - 2014-07-19 20:10 - 00016668 _____ () C:\Users\Scott\Desktop\dds.txt
    2014-07-19 20:09 - 2014-07-19 20:09 - 00688992 ____R (Swearware) C:\Users\Scott\Downloads\dds.scr
    2014-07-18 20:11 - 2014-07-19 20:15 - 00000000 ____D () C:\Users\Scott\Desktop\OTL
    2014-07-18 20:06 - 2014-07-18 20:11 - 00071882 _____ () C:\Users\Scott\Downloads\Extras.Txt
    2014-07-18 20:03 - 2014-07-18 20:12 - 00160172 _____ () C:\Users\Scott\Downloads\OTL.Txt
    2014-07-18 19:41 - 2014-07-18 19:41 - 00602112 _____ (OldTimer Tools) C:\Users\Scott\Downloads\OTL.exe
    2014-07-16 20:35 - 2014-07-16 20:35 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-07-16 20:35 - 2014-07-16 20:35 - 00000000 ____D () C:\Program Files\CCleaner
    2014-07-16 20:34 - 2014-07-16 20:34 - 04748896 _____ (Piriform Ltd) C:\Users\Scott\Downloads\ccsetup414.exe
    2014-07-09 13:29 - 2014-06-06 19:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-07-09 13:29 - 2014-06-06 03:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-07-09 13:29 - 2014-05-30 01:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-07-09 13:28 - 2014-05-28 02:08 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-07-09 13:28 - 2014-05-28 02:08 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-09 13:28 - 2014-05-28 02:08 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-07-09 13:28 - 2014-05-28 02:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2014-07-09 13:28 - 2014-05-28 02:04 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
    2014-07-09 13:28 - 2014-05-28 02:03 - 06023168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-09 13:28 - 2014-05-28 02:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-09 13:28 - 2014-05-28 02:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-09 13:28 - 2014-05-28 02:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-07-09 13:28 - 2014-05-28 02:03 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2014-07-09 13:28 - 2014-05-28 02:02 - 11082752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-09 13:28 - 2014-05-28 02:02 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-09 13:28 - 2014-05-28 02:02 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-09 13:28 - 2014-05-28 02:02 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-07-09 13:28 - 2014-05-28 02:02 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2014-07-09 13:28 - 2014-05-28 02:02 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-09 13:28 - 2014-05-28 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-07-09 13:28 - 2014-05-28 02:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-09 13:28 - 2014-05-28 02:02 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-09 13:28 - 2014-05-28 02:02 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-09 13:28 - 2014-05-28 02:00 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
    2014-07-09 13:28 - 2014-05-28 00:26 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-07-09 13:28 - 2014-05-27 22:44 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-09 13:28 - 2014-05-27 22:44 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-07-09 13:28 - 2014-05-27 22:42 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-09 13:28 - 2014-05-27 22:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-07-01 11:10 - 2014-07-03 12:22 - 00000000 ____D () C:\Users\Scott\Documents\Ann's & Ehsan's Wedding
     
    ==================== One Month Modified Files and Folders =======
     
    2014-07-23 15:56 - 2014-07-23 15:55 - 00016942 _____ () C:\Users\Scott\Downloads\FRST.txt
    2014-07-23 15:55 - 2014-07-23 15:54 - 00000000 ____D () C:\FRST
    2014-07-23 15:54 - 2014-07-23 15:53 - 01082368 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe
    2014-07-23 15:54 - 2008-08-06 05:14 - 01563519 _____ () C:\Windows\WindowsUpdate.log
    2014-07-23 15:52 - 2014-07-23 15:52 - 02091520 _____ (Farbar) C:\Users\Scott\Downloads\FRST64.exe
    2014-07-23 15:51 - 2006-11-02 05:33 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-23 15:50 - 2011-05-01 23:22 - 00000000 ____D () C:\ProgramData\MFAData
    2014-07-23 15:47 - 2011-12-11 20:42 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
    2014-07-23 15:45 - 2011-01-07 20:34 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-23 15:45 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-23 15:45 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-23 15:45 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-22 23:00 - 2006-11-02 08:01 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-07-22 22:56 - 2014-07-22 22:56 - 00004041 _____ () C:\Users\Scott\Desktop\aswMBR.txt2.txt
    2014-07-22 22:56 - 2014-07-22 21:41 - 00000512 _____ () C:\Users\Scott\Desktop\MBR.dat
    2014-07-22 22:45 - 2014-02-21 11:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-07-22 22:12 - 2011-01-07 20:34 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-22 21:41 - 2014-07-22 21:41 - 00002138 _____ () C:\Users\Scott\Desktop\aswMBR.txt1.txt
    2014-07-22 21:19 - 2014-07-22 21:19 - 00143728 _____ () C:\Windows\Minidump\Mini072214-01.dmp
    2014-07-22 21:19 - 2014-05-26 12:19 - 280050446 _____ () C:\Windows\MEMORY.DMP
    2014-07-22 21:19 - 2011-10-22 10:42 - 00000000 ____D () C:\Windows\Minidump
    2014-07-22 21:09 - 2014-07-22 21:09 - 05185536 _____ (AVAST Software) C:\Users\Scott\Downloads\aswMBR.exe
    2014-07-21 22:55 - 2014-07-20 14:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-21 22:55 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-21 22:55 - 2014-07-20 14:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-07-21 22:55 - 2012-06-22 20:21 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-21 22:54 - 2014-07-21 22:54 - 00000901 _____ () C:\Users\Scott\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-20 22:38 - 2008-01-20 21:47 - 00550652 _____ () C:\Windows\PFRO.log
    2014-07-20 14:26 - 2010-03-02 20:21 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Malwarebytes
    2014-07-20 14:26 - 2010-03-02 20:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-20 14:23 - 2014-07-20 14:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Scott\Desktop\mbam-setup-2.0.2.1012.exe
    2014-07-20 14:21 - 2014-07-20 14:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Scott\Downloads\mbam-setup-2.0.2.1012 (2).exe
    2014-07-20 14:21 - 2014-07-20 14:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Scott\Downloads\mbam-setup-2.0.2.1012 (1).exe
    2014-07-20 13:56 - 2014-07-20 13:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Scott\Downloads\mbam-setup-2.0.2.1012.exe
    2014-07-20 13:53 - 2014-07-20 13:53 - 00001886 _____ () C:\Users\Scott\Desktop\JRT.txt
    2014-07-20 13:49 - 2014-07-20 13:49 - 00000000 ____D () C:\Windows\ERUNT
    2014-07-20 13:48 - 2014-07-20 13:48 - 01016261 _____ (Thisisu) C:\Users\Scott\Downloads\JRT (1).exe
    2014-07-20 13:46 - 2014-07-20 13:46 - 01016261 _____ (Thisisu) C:\Users\Scott\Downloads\JRT.exe
    2014-07-20 13:33 - 2014-07-20 13:30 - 00000000 ____D () C:\AdwCleaner
    2014-07-20 13:29 - 2014-07-20 13:29 - 01354223 _____ () C:\Users\Scott\Downloads\AdwCleaner (1).exe
    2014-07-20 13:20 - 2014-07-20 13:20 - 00028573 _____ () C:\Users\Scott\Desktop\download.htm
    2014-07-20 13:18 - 2014-07-20 13:18 - 01354223 _____ () C:\Users\Scott\Downloads\AdwCleaner.exe
    2014-07-19 20:36 - 2014-07-19 20:36 - 00000579 _____ () C:\Users\Scott\Desktop\aswMBR.txt
    2014-07-19 20:30 - 2014-07-19 20:30 - 05185536 _____ (AVAST Software) C:\Users\Scott\Desktop\aswMBR.exe
    2014-07-19 20:19 - 2014-02-21 08:17 - 00005881 _____ () C:\Users\Scott\Desktop\New Text Document.txt
    2014-07-19 20:18 - 2014-07-19 20:18 - 00002623 _____ () C:\Users\Scott\Desktop\attach.zip
    2014-07-19 20:15 - 2014-07-18 20:11 - 00000000 ____D () C:\Users\Scott\Desktop\OTL
    2014-07-19 20:11 - 2014-07-19 20:11 - 00005881 _____ () C:\Users\Scott\Desktop\attach.txt
    2014-07-19 20:10 - 2014-07-19 20:11 - 00016668 _____ () C:\Users\Scott\Desktop\dds.txt
    2014-07-19 20:09 - 2014-07-19 20:09 - 00688992 ____R (Swearware) C:\Users\Scott\Downloads\dds.scr
    2014-07-18 20:12 - 2014-07-18 20:03 - 00160172 _____ () C:\Users\Scott\Downloads\OTL.Txt
    2014-07-18 20:11 - 2014-07-18 20:06 - 00071882 _____ () C:\Users\Scott\Downloads\Extras.Txt
    2014-07-18 19:41 - 2014-07-18 19:41 - 00602112 _____ (OldTimer Tools) C:\Users\Scott\Downloads\OTL.exe
    2014-07-18 14:30 - 2012-07-06 15:31 - 00000000 ____D () C:\Users\Scott\AppData\Local\WeatherBug
    2014-07-16 22:06 - 2012-09-11 11:44 - 00000000 ____D () C:\Users\Scott\Desktop\RetroSeal
    2014-07-16 22:06 - 2012-07-06 15:31 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug
    2014-07-16 22:06 - 2011-11-10 22:20 - 00000000 ____D () C:\Windows\system32\cache
    2014-07-16 22:06 - 2011-08-23 21:05 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\PCHC
    2014-07-16 22:06 - 2011-01-21 19:48 - 00000000 ____D () C:\Users\Scott\Desktop\Cassie Rock carp**
    2014-07-16 22:06 - 2011-01-21 18:47 - 00000000 ____D () C:\Users\Scott\Desktop\Cassie Cd
    2014-07-16 22:06 - 2011-01-14 01:11 - 00000000 ____D () C:\Users\Scott\Documents\Word Docs
    2014-07-16 22:06 - 2010-10-30 12:40 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Riverpoint Writer
    2014-07-16 22:06 - 2010-10-30 12:40 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riverpoint Writer
    2014-07-16 22:06 - 2010-04-14 20:47 - 00000000 ____D () C:\Users\Scott\Desktop\2010 PICS
    2014-07-16 22:06 - 2010-03-03 22:13 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Skype
    2014-07-16 22:06 - 2010-02-27 13:43 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\W Photo Studio Viewer
    2014-07-16 22:06 - 2010-02-24 17:56 - 00000000 ____D () C:\Users\Scott\Desktop\show pics
    2014-07-16 22:06 - 2008-09-24 12:39 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-07-16 22:06 - 2008-09-24 12:39 - 00000000 ___RD () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-07-16 22:06 - 2008-09-24 12:39 - 00000000 ____D () C:\Users\Scott
    2014-07-16 22:06 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\ShellNew
    2014-07-16 22:06 - 2006-11-02 06:18 - 00000000 __RSD () C:\Windows\Media
    2014-07-16 22:06 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
    2014-07-16 22:05 - 2013-12-10 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2014-07-16 22:05 - 2011-01-07 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-07-16 22:05 - 2008-09-24 12:40 - 00000000 ____D () C:\Users\Scott\AppData\Local\MediaDirect
    2014-07-16 22:05 - 2006-11-02 07:37 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-16 22:05 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
    2014-07-16 20:35 - 2014-07-16 20:35 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-07-16 20:35 - 2014-07-16 20:35 - 00000000 ____D () C:\Program Files\CCleaner
    2014-07-16 20:34 - 2014-07-16 20:34 - 04748896 _____ (Piriform Ltd) C:\Users\Scott\Downloads\ccsetup414.exe
    2014-07-11 08:22 - 2006-11-02 07:47 - 00380904 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-07-11 08:13 - 2013-12-13 21:14 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-11 08:10 - 2006-11-02 05:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2014-07-09 13:45 - 2014-02-21 11:38 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-07-09 13:45 - 2011-08-23 20:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-07-03 12:22 - 2014-07-01 11:10 - 00000000 ____D () C:\Users\Scott\Documents\Ann's & Ehsan's Wedding
    2014-07-03 11:15 - 2010-11-04 17:58 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
    2014-07-03 11:13 - 2014-05-20 00:32 - 00000800 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-07-03 11:08 - 2011-10-12 23:36 - 00000000 ___HD () C:\$AVG
    2014-06-23 08:22 - 2013-01-04 15:36 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
     
    Some content of TEMP:
    ====================
    C:\Users\Scott\AppData\Local\Temp\AMPing.exe
    C:\Users\Scott\AppData\Local\Temp\ApnIC.dll
    C:\Users\Scott\AppData\Local\Temp\ApnStub.exe
    C:\Users\Scott\AppData\Local\Temp\InstallManager_BAB_BAB.exe
    C:\Users\Scott\AppData\Local\Temp\Quarantine.exe
    C:\Users\Scott\AppData\Local\Temp\_is1A42.exe
    C:\Users\Scott\AppData\Local\Temp\_is3F7E.exe
    C:\Users\Scott\AppData\Local\Temp\_isC945.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-07-23 15:53
     
    ==================== End Of Log ============================
     
     
     
     
    Here is the Addition.txt.
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-07-2014 01
    Ran by Scott at 2014-07-23 15:56:46
    Running from C:\Users\Scott\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
     
    ==================== Installed Programs ======================
     
    32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
    Adobe Acrobat 7.0 Professional (Version: 7.0.0 - Adobe Systems) Hidden
    Adobe Bridge 1.0 (HKLM\...\{B74D4E10-6884-0000-0000-000000000103}) (Version: 001.000.004 - Adobe Systems)
    Adobe Common File Installer (Version: 1.00.0000 - Adobe System Incorporated) Hidden
    Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
    Adobe Flash Player 10 Plugin (HKLM\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.)
    Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Help Center 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
    Adobe Reader 9.5.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
    Adobe Stock Photos 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
    Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
    Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
    Aleks 3.8 (HKLM\...\Aleks 3.8) (Version:  - )
    Apple Application Support (HKLM\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}) (Version: 3.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft PhotoImpression 6 (HKLM\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
    AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
    AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
    AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
    Bing Bar (HKLM\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
    Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Bonjour (HKLM\...\{8A253629-0511-4854-8B4E-46E57E66005C}) (Version: 2.0.1.2 - Apple Inc.)
    Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
    BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
    CenturyLink Installer (HKLM\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)
    CenturyLink Personal Digital Vault™ (HKLM\...\{B97FD5DD-1226-49AD-AE6C-BF9DE1468F05}) (Version: 1.0.0004 - CenturyLink)
    CenturyLink QuickCare 2.7 (HKLM\...\CenturyLinkQuickCare_is1) (Version: 2.7.1106.1010 - CenturyLink)
    Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
    D1500 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
    D1500_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.103.4 - Alps Electric)
    Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
    Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
    Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
    Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
    DJ_SF_03_D1500_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
    DJ_SF_03_D1500_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden
    dj6980 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    Driver Whiz (HKLM\...\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}) (Version: 8.0.1 - Driver Whiz)
    EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
    EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
    EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
    EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
    EPSON Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 1.80.00 - )
    EPSON Perfection V200 Photo Scanner Driver Update (HKLM\...\{1C278B97-9D25-48B0-9A4E-F4F2BB992043}) (Version:  - )
    EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
    EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.11.00 - )
    Free NaturalReader (HKLM\...\{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}) (Version: 9.0 - NaturalSoft Limited)
    Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
    GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
    HP Deskjet D1500 Printer Driver Software 10.0 Rel .3 (HKLM\...\{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}) (Version: 10.0 - HP)
    HP Deskjet Printer Driver Software. 8.0.B (HKLM\...\{0411A7A4-23D4-47ad-B109-3CBE7E8093F1}) (Version: 8.0 - HP)
    HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
    HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
    HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
    HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
    HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
    HP Update (HKLM\...\{612F4E20-3661-4D44-AD79-823F1B613FB3}) (Version: 5.002.008.001 - Hewlett-Packard)
    HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    InboxAce Internet Explorer Toolbar (HKLM\...\InboxAce_1gbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
    iTunes (HKLM\...\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}) (Version: 9.1.1.12 - Apple Inc.)
    Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
    Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
    Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.0817.1 - Creative Technology Ltd.)
    Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative Technology Ltd.)
    LP6980_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    LP6980Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    MathGV 4 (HKLM\...\{5EF2B896-B1C1-46E8-83AD-4F940B7A5982}) (Version: 4.0.0 - MathGV)
    MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
    Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    MGTEK dopisp (HKLM\...\{C25D2594-3136-4B33-9D32-8F0F5E81F349}) (Version: 5.1.2594 - MGTEK)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
    MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
    MyCenturyLink Toolbar (HKLM\...\qwesttoolbar) (Version:  - CenturyLink)
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
    Office Depot PC Support Agent (HKLM\...\Office Depot PC Support Agent) (Version: 12.0.212.3 - Support.com, Inc.)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
    Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
    PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
    QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.)
    QuickTime (HKLM\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
    Respondus LockDown Browser (HKLM\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
    Riverpoint Writer (HKCU\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 1.0 - Apollo Group, Inc.)
    Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    SF_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    SF_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
    ShopAtHome.com Toolbar (HKLM\...\SelectRebatesUninstall) (Version:  - )
    Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
    Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
    Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
    Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
    Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WeatherBug (HKLM\...\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}) (Version: 7.0.0.10 - Earth Networks, Inc.)
    WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
    Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
     
    ==================== Custom CLSID entries: ==========================
     
    CustomCLSID: HKU\S-1-5-21-4285762069-3129431747-2670039461-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-4285762069-3129431747-2670039461-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-4285762069-3129431747-2670039461-1000_Classes\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7}\InprocServer32 -> C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll No File
    CustomCLSID: HKU\S-1-5-21-4285762069-3129431747-2670039461-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
     
    ==================== Restore Points  =========================
     
    15-06-2014 05:00:01 Scheduled Checkpoint
    16-06-2014 11:17:47 Scheduled Checkpoint
    17-06-2014 06:00:55 Scheduled Checkpoint
    18-06-2014 23:08:59 Scheduled Checkpoint
    19-06-2014 23:28:28 Scheduled Checkpoint
    23-06-2014 14:53:10 Scheduled Checkpoint
    24-06-2014 05:00:01 Scheduled Checkpoint
    25-06-2014 01:40:56 Scheduled Checkpoint
    01-07-2014 18:46:31 Scheduled Checkpoint
    09-07-2014 20:58:10 Scheduled Checkpoint
    11-07-2014 13:09:51 Windows Update
    17-07-2014 02:02:42 Scheduled Checkpoint
    17-07-2014 02:24:30 Restore Operation
    17-07-2014 02:52:33 Restore Operation
    18-07-2014 19:44:21 Restore Operation
    19-07-2014 00:48:10 OTL Restore Point - 7/18/2014 7:48:10 PM
    20-07-2014 03:15:26 Scheduled Checkpoint
    21-07-2014 04:24:38 Scheduled Checkpoint
    22-07-2014 05:16:32 Scheduled Checkpoint
     
    ==================== Hosts content: ==========================
     
    2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
    ::1             localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {3388939A-D930-4859-8896-D3C52F758AF3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
    Task: {5698D810-CDAA-4265-A86A-8E94E997AC23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-07] (Google Inc.)
    Task: {94BAC943-A000-47A0-8B98-D6E9F17BBBBA} - System32\Tasks\{71747592-822A-4F68-9B3C-3DB3B6BB1AE7} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
    Task: {A540D80F-4C5C-4132-8707-A5B9B4C4170C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-07] (Google Inc.)
    Task: {AFB40540-DE88-4AB4-8FAE-B86E39B51BB0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
    Task: {B6D45A37-630A-419A-8703-32D8678078E3} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
    Task: {CBD71D60-1E13-4E90-A4E0-8FBD0A6F601E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\User_Feed_Synchronization-{C5FFA201-7D4E-478A-ACA0-BE1EAD823C05}.job => C:\Windows\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2008-08-06 10:33 - 2008-05-19 01:26 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
    2008-08-06 10:33 - 2008-05-19 01:25 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
    2014-07-19 20:22 - 2014-07-15 04:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
    2014-07-19 20:22 - 2014-07-15 04:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
    2014-07-19 20:22 - 2014-07-15 04:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Office Depot PC Support Agent => ""="Office Depot PC Support Agent"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Office Depot PC Support Agent => ""="Office Depot PC Support Agent"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
    MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
    MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files\AVG\AVG2012\avgtray.exe"
    MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe
    MSCONFIG\startupreg: CenturyLinkTouchPointAgent => "C:\Program Files\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart
    MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
    MSCONFIG\startupreg: EEventManager => C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: IAAnotif => "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe
    MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: QuickCare => C:\Program Files\CenturyLink\QuickCare\bin\sprtcmd.exe /P QuickCare
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Qwest Personal Digital Vault => "C:\Program Files\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe" /m
    MSCONFIG\startupreg: ROC_roc_dec12 => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    MSCONFIG\startupreg: SelectRebates => C:\Program Files\SelectRebates\SelectRebates.exe
    MSCONFIG\startupreg: SigmatelSysTrayApp => %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
    MSCONFIG\startupreg: Weather => C:\Program Files\AWS\WeatherBug\Weather.exe 1
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Microsoft ISATAP Adapter #3
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (07/23/2014 03:47:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application bcmwltry.exe, version 4.170.25.12, time stamp 0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01d29362,
    process id 0x770, application start time 0xbcmwltry.exe0.
     
    Error: (07/23/2014 03:46:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (07/22/2014 09:20:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (07/22/2014 08:43:51 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application bcmwltry.exe, version 4.170.25.12, time stamp 0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x04729a02,
    process id 0x764, application start time 0xbcmwltry.exe0.
     
    Error: (07/22/2014 08:43:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (07/21/2014 10:34:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (07/21/2014 02:12:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application bcmwltry.exe, version 4.170.25.12, time stamp 0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01b29a02,
    process id 0x770, application start time 0xbcmwltry.exe0.
     
    Error: (07/21/2014 02:11:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (07/20/2014 10:48:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (07/20/2014 10:40:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application bcmwltry.exe, version 4.170.25.12, time stamp 0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01b79752,
    process id 0x74c, application start time 0xbcmwltry.exe0.
     
     
    System errors:
    =============
    Error: (07/23/2014 03:47:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2
     
    Error: (07/23/2014 03:47:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2
     
    Error: (07/23/2014 03:47:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2
     
    Error: (07/23/2014 03:47:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2
     
    Error: (07/23/2014 03:47:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: HP CUE DeviceDiscovery Service
     
    Error: (07/23/2014 03:46:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Parallel port driver%%1058
     
    Error: (07/22/2014 09:21:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2
     
    Error: (07/22/2014 09:21:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2
     
    Error: (07/22/2014 09:21:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2
     
    Error: (07/22/2014 09:21:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BCM42RLY%%2
     
     
    Microsoft Office Sessions:
    =========================
    Error: (07/23/2014 03:47:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: bcmwltry.exe4.170.25.1246f3437aunknown0.0.0.000000000c000000501d2936277001cfa6b70321ce7d
     
    Error: (07/23/2014 03:46:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (07/22/2014 09:20:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (07/22/2014 08:43:51 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: bcmwltry.exe4.170.25.1246f3437aunknown0.0.0.000000000c000000504729a0276401cfa6174a5ae3de
     
    Error: (07/22/2014 08:43:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (07/21/2014 10:34:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (07/21/2014 02:12:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: bcmwltry.exe4.170.25.1246f3437aunknown0.0.0.000000000c000000501b29a0277001cfa51772b12edf
     
    Error: (07/21/2014 02:11:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (07/20/2014 10:48:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (07/20/2014 10:40:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: bcmwltry.exe4.170.25.1246f3437aunknown0.0.0.000000000c000000501b7975274c01cfa4953b7cafd3
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-07-23 15:56:38.239
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-23 15:56:37.893
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-23 15:56:37.552
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-23 15:56:37.224
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-23 15:56:36.743
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-23 15:56:36.409
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-23 15:56:36.062
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-23 15:56:35.704
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-23 15:56:05.884
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-23 15:56:05.524
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 57%
    Total physical RAM: 3061.31 MB
    Available physical RAM: 1287.53 MB
    Total Pagefile: 6328.88 MB
    Available Pagefile: 4381.37 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1899.27 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:220.58 GB) (Free:127.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5.47 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 233 GB) (Disk ID: 00000080)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=221 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)
     
    ==================== End Of Log ============================
     
    I didn;t click on fix.


    #18 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,207 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 23 July 2014 - 04:25 PM

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64)
     

     

    Start
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {40e7b625-0979-11df-8ce8-00219bdf33cc} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {78450202-0cfe-11e1-92ce-00219bdf33cc} - G:\UEZLink.exe
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {b1c7986b-fba8-11e0-a9e9-00219bdf33cc} - H:\LaunchU3.exe -a
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {f805ddd8-65b5-11df-a786-00219bdf33cc} - "F:\WD SmartWare.exe" autoplay=true
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {f8eb5cb0-66e8-11df-88d1-00219bdf33cc} - F:\setupSNK.exe
    Toolbar: HKLM - CenturyLink - {A317CB83-299C-4FC8-9ED7-2D64117D98EE} - C:\Program Files\qwesttoolbar\qwesttoolbarDx.dll ()
    2014-07-23 15:47 - 2011-12-11 20:42 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
    CustomCLSID: HKU\S-1-5-21-4285762069-3129431747-2670039461-1000_Classes\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7}\InprocServer32 -> C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll No File
    Hosts:
    Reboot:
    End

     

     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Then open FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     
     
    Also let me know how your system is behaving now ??

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #19 Nettie724

    Nettie724

      Authentic Member

    • Authentic Member
    • PipPip
    • 206 posts

    Posted 24 July 2014 - 07:45 PM

    Here is the fixlist.txt.

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-07-2014 01
    Ran by Scott at 2014-07-24 20:37:48 Run:1
    Running from C:\Users\Scott\Downloads
    Boot Mode: Normal
     
    ==============================================
     
    Content of fixlist:
    *****************
    Start
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {40e7b625-0979-11df-8ce8-00219bdf33cc} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {78450202-0cfe-11e1-92ce-00219bdf33cc} - G:\UEZLink.exe
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {b1c7986b-fba8-11e0-a9e9-00219bdf33cc} - H:\LaunchU3.exe -a
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {f805ddd8-65b5-11df-a786-00219bdf33cc} - "F:\WD SmartWare.exe" autoplay=true
    HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\...\MountPoints2: {f8eb5cb0-66e8-11df-88d1-00219bdf33cc} - F:\setupSNK.exe
    Toolbar: HKLM - CenturyLink - {A317CB83-299C-4FC8-9ED7-2D64117D98EE} - C:\Program Files\qwesttoolbar\qwesttoolbarDx.dll ()
    2014-07-23 15:47 - 2011-12-11 20:42 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
    CustomCLSID: HKU\S-1-5-21-4285762069-3129431747-2670039461-1000_Classes\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7}\InprocServer32 -> C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll No File
    Hosts:
    Reboot:
    End
    *****************
     
    "HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40e7b625-0979-11df-8ce8-00219bdf33cc}" => Key deleted successfully.
    "HKCR\CLSID\{40e7b625-0979-11df-8ce8-00219bdf33cc}" => Key not found.
    "HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78450202-0cfe-11e1-92ce-00219bdf33cc}" => Key deleted successfully.
    "HKCR\CLSID\{78450202-0cfe-11e1-92ce-00219bdf33cc}" => Key not found.
    "HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1c7986b-fba8-11e0-a9e9-00219bdf33cc}" => Key deleted successfully.
    "HKCR\CLSID\{b1c7986b-fba8-11e0-a9e9-00219bdf33cc}" => Key not found.
    "HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f805ddd8-65b5-11df-a786-00219bdf33cc}" => Key deleted successfully.
    "HKCR\CLSID\{f805ddd8-65b5-11df-a786-00219bdf33cc}" => Key not found.
    "HKU\S-1-5-21-4285762069-3129431747-2670039461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8eb5cb0-66e8-11df-88d1-00219bdf33cc}" => Key deleted successfully.
    "HKCR\CLSID\{f8eb5cb0-66e8-11df-88d1-00219bdf33cc}" => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A317CB83-299C-4FC8-9ED7-2D64117D98EE} => value deleted successfully.
    "HKCR\CLSID\{A317CB83-299C-4FC8-9ED7-2D64117D98EE}" => Key deleted successfully.
    C:\Windows\system32\Drivers\etc\hosts.ics => Moved successfully.
    "HKU\S-1-5-21-4285762069-3129431747-2670039461-1000_Classes\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7}" => Key deleted successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog ====
     
    i left documents open on this laptop earlier today and when I got home this evening I had a "Script Error" message and a 
    Security Alert" ,message on my screen. After rebooting, I got a "Dell Wireless WLAN and Wireless Network Controller stopped working as was closed" message. 

    Edited by Nettie724, 24 July 2014 - 07:50 PM.


    #20 Nettie724

    Nettie724

      Authentic Member

    • Authentic Member
    • PipPip
    • 206 posts

    Posted 24 July 2014 - 08:14 PM

    When I just signed in to yahoo, the page stalled. The page appeared to have this grayish shade over it where I could only see the heading and the side of the page and not the messages. After a minute or two then the page fully loaded and the page was clear. It no longer looked as if it had a film over it.



    #21 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,207 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 24 July 2014 - 08:42 PM

    Lets run Combofix, do this when you have time, dont start it and just walk away

     

     
    Download ComboFix from one of these locations:
     
     
     
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
     
     
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link  for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.
  •  
  • Double click on ComboFix.exe & follow the prompts.
  •  
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 
  •  
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  •  
     
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
     
     

    RC1.png

     
     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    RC2-1.png

     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
     
    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #22 Nettie724

    Nettie724

      Authentic Member

    • Authentic Member
    • PipPip
    • 206 posts

    Posted 26 July 2014 - 07:38 AM

    Hi, Ken545!

     

    Here is my combofix.txt info.

     

    ComboFix 14-07-25.01 - Scott 07/26/2014   8:10.1.2 - x86
    Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3061.1743 [GMT -5:00]
    Running from: c:\users\Scott\Downloads\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Scott\Documents\~WRL0106.tmp
    c:\users\Scott\Documents\~WRL0115.tmp
    c:\users\Scott\Documents\~WRL0215.tmp
    c:\users\Scott\Documents\~WRL0288.tmp
    c:\users\Scott\Documents\~WRL0346.tmp
    c:\users\Scott\Documents\~WRL0388.tmp
    c:\users\Scott\Documents\~WRL0399.tmp
    c:\users\Scott\Documents\~WRL0401.tmp
    c:\users\Scott\Documents\~WRL0485.tmp
    c:\users\Scott\Documents\~WRL0557.tmp
    c:\users\Scott\Documents\~WRL0705.tmp
    c:\users\Scott\Documents\~WRL0819.tmp
    c:\users\Scott\Documents\~WRL0828.tmp
    c:\users\Scott\Documents\~WRL0847.tmp
    c:\users\Scott\Documents\~WRL0874.tmp
    c:\users\Scott\Documents\~WRL0883.tmp
    c:\users\Scott\Documents\~WRL0999.tmp
    c:\users\Scott\Documents\~WRL1039.tmp
    c:\users\Scott\Documents\~WRL1103.tmp
    c:\users\Scott\Documents\~WRL1139.tmp
    c:\users\Scott\Documents\~WRL1159.tmp
    c:\users\Scott\Documents\~WRL1284.tmp
    c:\users\Scott\Documents\~WRL1315.tmp
    c:\users\Scott\Documents\~WRL1325.tmp
    c:\users\Scott\Documents\~WRL1436.tmp
    c:\users\Scott\Documents\~WRL1463.tmp
    c:\users\Scott\Documents\~WRL1491.tmp
    c:\users\Scott\Documents\~WRL1533.tmp
    c:\users\Scott\Documents\~WRL1585.tmp
    c:\users\Scott\Documents\~WRL1593.tmp
    c:\users\Scott\Documents\~WRL1657.tmp
    c:\users\Scott\Documents\~WRL1658.tmp
    c:\users\Scott\Documents\~WRL1744.tmp
    c:\users\Scott\Documents\~WRL1746.tmp
    c:\users\Scott\Documents\~WRL1771.tmp
    c:\users\Scott\Documents\~WRL1772.tmp
    c:\users\Scott\Documents\~WRL1853.tmp
    c:\users\Scott\Documents\~WRL1916.tmp
    c:\users\Scott\Documents\~WRL1938.tmp
    c:\users\Scott\Documents\~WRL1994.tmp
    c:\users\Scott\Documents\~WRL2027.tmp
    c:\users\Scott\Documents\~WRL2089.tmp
    c:\users\Scott\Documents\~WRL2132.tmp
    c:\users\Scott\Documents\~WRL2171.tmp
    c:\users\Scott\Documents\~WRL2194.tmp
    c:\users\Scott\Documents\~WRL2239.tmp
    c:\users\Scott\Documents\~WRL2271.tmp
    c:\users\Scott\Documents\~WRL2341.tmp
    c:\users\Scott\Documents\~WRL2356.tmp
    c:\users\Scott\Documents\~WRL2372.tmp
    c:\users\Scott\Documents\~WRL2398.tmp
    c:\users\Scott\Documents\~WRL2426.tmp
    c:\users\Scott\Documents\~WRL2513.tmp
    c:\users\Scott\Documents\~WRL2538.tmp
    c:\users\Scott\Documents\~WRL2543.tmp
    c:\users\Scott\Documents\~WRL2587.tmp
    c:\users\Scott\Documents\~WRL2646.tmp
    c:\users\Scott\Documents\~WRL2715.tmp
    c:\users\Scott\Documents\~WRL2760.tmp
    c:\users\Scott\Documents\~WRL2778.tmp
    c:\users\Scott\Documents\~WRL2817.tmp
    c:\users\Scott\Documents\~WRL2856.tmp
    c:\users\Scott\Documents\~WRL2862.tmp
    c:\users\Scott\Documents\~WRL2873.tmp
    c:\users\Scott\Documents\~WRL2889.tmp
    c:\users\Scott\Documents\~WRL2890.tmp
    c:\users\Scott\Documents\~WRL2916.tmp
    c:\users\Scott\Documents\~WRL2948.tmp
    c:\users\Scott\Documents\~WRL2991.tmp
    c:\users\Scott\Documents\~WRL3004.tmp
    c:\users\Scott\Documents\~WRL3020.tmp
    c:\users\Scott\Documents\~WRL3075.tmp
    c:\users\Scott\Documents\~WRL3102.tmp
    c:\users\Scott\Documents\~WRL3108.tmp
    c:\users\Scott\Documents\~WRL3160.tmp
    c:\users\Scott\Documents\~WRL3170.tmp
    c:\users\Scott\Documents\~WRL3206.tmp
    c:\users\Scott\Documents\~WRL3318.tmp
    c:\users\Scott\Documents\~WRL3540.tmp
    c:\users\Scott\Documents\~WRL3554.tmp
    c:\users\Scott\Documents\~WRL3611.tmp
    c:\users\Scott\Documents\~WRL3639.tmp
    c:\users\Scott\Documents\~WRL3657.tmp
    c:\users\Scott\Documents\~WRL3673.tmp
    c:\users\Scott\Documents\~WRL3780.tmp
    c:\users\Scott\Documents\~WRL3802.tmp
    c:\users\Scott\Documents\~WRL3817.tmp
    c:\users\Scott\Documents\~WRL3904.tmp
    c:\users\Scott\Documents\~WRL3922.tmp
    c:\users\Scott\Documents\~WRL3989.tmp
    c:\users\Scott\Documents\~WRL4046.tmp
    c:\windows\system32\Cache
    c:\windows\system32\Cache\170f05c3ae225303.fb
    c:\windows\system32\Cache\26c630d098e22dd5.fb
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\29ae8e6b2d2eb97c.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\332d3cfe55c6eeb6.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\5033000369d4fea6.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\5a929073db17d570.fb
    c:\windows\system32\Cache\5d1885ed3461a6d5.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\61828b4e2705a4f4.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\7dfc5c2d628e12d4.fb
    c:\windows\system32\Cache\89ae7624518e1d7a.fb
    c:\windows\system32\Cache\95f567698be8a182.fb
    c:\windows\system32\Cache\976d2a233ccc0723.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\b30cf2d082af7128.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c355724853817a85.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\e0de16f883bea794.fb
    c:\windows\system32\Cache\e0fbf665a96c806a.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-06-26 to 2014-07-26  )))))))))))))))))))))))))))))))
    .
    .
    2014-07-26 13:21 . 2014-07-26 13:24 -------- d-----w- c:\users\Scott\AppData\Local\temp
    2014-07-26 13:21 . 2014-07-26 13:21 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2014-07-26 13:21 . 2014-07-26 13:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-07-23 20:54 . 2014-07-25 01:38 -------- d-----w- C:\FRST
    2014-07-20 19:28 . 2014-07-22 03:55 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-07-20 19:25 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-07-20 19:25 . 2014-05-12 12:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-07-20 19:25 . 2014-07-22 03:55 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-07-20 18:49 . 2014-07-20 18:49 -------- d-----w- c:\windows\ERUNT
    2014-07-20 18:31 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
    2014-07-20 18:30 . 2014-07-20 18:33 -------- d-----w- C:\AdwCleaner
    2014-07-17 01:35 . 2014-07-17 01:35 -------- d-----w- c:\program files\CCleaner
    2014-07-09 18:29 . 2014-06-06 08:59 506880 ----a-w- c:\windows\system32\qedit.dll
    2014-07-09 18:29 . 2014-06-07 02:08 1305088 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
    2014-07-09 18:29 . 2014-06-07 00:19 2051072 ----a-w- c:\windows\system32\win32k.sys
    2014-07-09 18:29 . 2014-06-07 02:08 149504 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
    2014-07-09 18:29 . 2014-06-07 02:08 114688 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
    2014-07-09 18:29 . 2014-06-02 10:30 937472 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2014-07-09 18:29 . 2014-06-02 10:31 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2014-07-09 18:29 . 2014-06-02 10:30 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2014-07-09 18:29 . 2014-06-02 10:30 965120 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2014-07-09 18:29 . 2014-05-30 06:53 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-07-09 18:45 . 2014-02-21 16:38 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-07-09 18:45 . 2011-08-24 01:27 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-06-23 13:22 . 2013-01-04 20:36 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2014-06-17 21:22 . 2014-06-17 21:22 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2014-06-17 21:21 . 2014-06-17 21:21 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2014-06-17 21:18 . 2014-06-17 21:18 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2014-06-17 21:17 . 2014-06-17 21:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2014-06-17 21:06 . 2014-06-17 21:06 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2014-06-17 21:06 . 2014-06-17 21:06 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
    2014-06-17 21:06 . 2014-06-17 21:06 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2014-06-17 21:06 . 2014-06-17 21:06 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2014-06-17 21:06 . 2014-06-17 21:06 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2014-06-11 22:31 . 2014-06-11 22:31 0 ---ha-w- c:\users\Scott\AppData\Local\BITD4EB.tmp
    2014-05-12 12:25 . 2010-03-03 01:21 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 68856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
    "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-08-06 15:45 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Office Depot PC Support Agent]
    @="Office Depot PC Support Agent"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
    backup=c:\windows\pss\QuickSet.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    2004-12-14 07:12 483328 ----a-w- c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2008-05-04 09:25 167936 ----a-w- c:\program files\DellTPad\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    2008-05-19 06:26 3444736 ----a-w- c:\windows\System32\WLTRAY.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CenturyLinkTouchPointAgent]
    2011-07-12 20:18 46208 ----a-w- c:\program files\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
    2007-07-27 21:43 118784 ----a-w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
    2006-10-12 20:57 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-03-06 07:58 166424 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2007-03-21 18:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-03-06 07:58 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 15:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
    2008-03-04 05:05 36864 ----a-w- c:\windows\OEM02Mon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2007-12-21 15:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-03-06 07:58 133656 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare]
    2011-06-07 17:49 206120 ----a-w- c:\program files\CenturyLink\QuickCare\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2007-11-12 11:07 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-08-06 15:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    2011-10-05 18:31 1652736 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
    HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-07-20 01:13 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21 18:45]
    .
    2014-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 01:34]
    .
    2014-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 01:34]
    .
    2014-03-12 c:\windows\Tasks\User_Feed_Synchronization-{C5FFA201-7D4E-478A-ACA0-BE1EAD823C05}.job
    - c:\windows\system32\msfeedssync.exe [2014-07-09 03:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.comcast.net/
    mWindow Title = Windows Internet Explorer provided by Comcast
    TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-hpqSRMon - (no file)
    HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
    MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    MSConfigStartUp-Qwest Personal Digital Vault - c:\program files\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe
    MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
    MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
    MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-07-26 08:24
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...  
    .
    scanning hidden autostart entries ... 
    .
    scanning hidden files ...  
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2014-07-26  08:26:13
    ComboFix-quarantined-files.txt  2014-07-26 13:25
    .
    Pre-Run: 136,430,657,536 bytes free
    Post-Run: 138,677,673,984 bytes free
    .
    - - End Of File - - BC56C977E85C406ED3C9CBFDE5566D6A
    CDB4DE4BBD714F152979DA2DCBEF57EB


    #23 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,207 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 26 July 2014 - 08:29 AM

    See if you can right click on this file and delete it

     

    C:\Users\Scott\Documents\Word Docs\Internet_Explorer_Setup.exe 

     

     

    Backup the Registry:
     
    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
     
    •  
    • Please download the installer for Registry Backup from here or here and save to your desktop.
    • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
    • Ensure the option Open "Tweaking.com - Registry Backup"  When Install Completes is selected >> Next >  >> Finish
    • Once the GUI(graphical user interface) has appeared/loaded:-
     
    TCRB-1.jpg
     
    •  
    • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
     
    TBRB-2.jpg
     
    •  
    • Close Tweaking.com - Registry Backup
     
    Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
     

     

    A tutorial for Registry Backup explaining the various features be viewed HERE
     
     
     
     
     
     

    REGEDIT4
     
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
     
     
     
     
     

     

     
    Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.
     
    If you saved the file correctly it should look like this reg.jpg
     
     
     
    Let me know how things are running now ??
     

     


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #24 Nettie724

    Nettie724

      Authentic Member

    • Authentic Member
    • PipPip
    • 206 posts

    Posted 26 July 2014 - 11:08 AM

    I've completed your above requests. I attempted to open up a few websites to see if any were going to load slowly or at a normal pace. MSN & IRS.gov loaded fine. Upon logging into YAHOO, it is still giving me that same glossy load. It took over 35 seconds for it to fully load. Then I decided to sign into my Facebook account. I was immediately prompted with "my page has been temporarily locked because it doesn't recognized my location. Funny I got that message as I've used this laptop at this hotel many of times. I'm used their password to log onto the internet. I then tried to log on the Internet w/ my Ipad via my Tmobile Hotspot box. I am automatically signed in with my Ipad so all I have to do is click on "continue & hit "GO", then I'm signed into it. I attempted to enter my sign in info but still wasn't able to get onto my FB page. I received this message. 'Login Failed, Sorry, an unexpected error occured. Please try again later. Error code: 190 (FBAPIErrorDomain)". My Tmobile hotspot box showed 2 people using it but Im the only one hear in this room. I turned the ipad and the hotspot box off. Now the box is currently showing one user which is me because I have my ipad back on. I still can't get into Facebook via my Ipad though. 



    #25 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,207 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 26 July 2014 - 11:59 AM

    Lets try setting Internet Explorer back to its default setting

     

    •  
    • Open IE
    • Go to Tools> Internet Options > Advanced Tab
    • Reset Internet Explorer Setting
    • Reset
    • This will take a few seconds
    • Close IE and then reopen it and see if it helped
     

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #26 Nettie724

    Nettie724

      Authentic Member

    • Authentic Member
    • PipPip
    • 206 posts

    Posted 26 July 2014 - 03:55 PM

    That fixed the internet explorer lagging and my Facebook is ok.



    #27 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,207 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 26 July 2014 - 05:29 PM

    Wonderful, glad things are back to normal :)

     

     
    Double click on AdwCleaner.exe to run the tool again.
    •  
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.
     
     
     
     

    Please download DelFix and save the file to your Desktop.
     
    •  
    • Double-click DelFix.exe to run the program.
    • Place a checkmark next to the following items:
     
    *Activate UAC
    *Remove disinfection tools
    *Create registry backup
    *Reset System Settings
     
     
    Click the Run button
     
    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
     
     
     
     
     
     
     

    Malwarebytes is the free version and yours to keep and will not be removed
     
     
    •  
    How did I get infected in the first place ?    
    Read these links and find out how to prevent getting infected again.
     
     
     
    Safe Surfn
    Ken
     
     
     

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #28 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,207 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 29 July 2014 - 08:38 AM

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
    and start a New Topic.

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users