Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91979 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer is super slow/lagging [Solved]


  • This topic is locked This topic is locked
20 replies to this topic

#1 sekirsc

sekirsc

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 29 July 2014 - 05:12 PM

I don't know what is wrong with my laptop. It is constantly running slow, when i search the internet it is constantly lagging, when I watch videos it lags as well, and I am constantly being kicked out of programs. I have tried running a bunch of scans but everything usually comes up clean. Can someone please help? Below is a HIjack Log and Startup Log

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:05:46 PM, on 7/29/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Steven\Downloads\ccsetup416.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Steven\Downloads\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Wondershare Player 1.6.0 - {43D9786F-A485-683B-9B5B-ACC97ABC17FC} - C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [DelaypluginInstall] C:\ProgramData\Wondershare\Player\DelayPluginI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [HP Officejet 4630 series (NET)] "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN38D1W2J705Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - http://www.worldwinn...ts/wwhearts.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: WSIEChrome - {6D02ED5F-FD0D-4C4C - (no file)
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 12930 bytes
 
 
StartupList report, 7/29/2014, 6:07:26 PM
StartupList version: 1.52.2
Started from : C:\Users\Steven\Downloads\HiJackThis.EXE
Detected: Unknown Windows (WinNT 6.02.1008)
Detected: Internet Explorer v11.0 (11.00.9600.17126)
* Using default options
==================================================
 
Running processes:
 
C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Steven\Downloads\ccsetup416.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Steven\Downloads\HiJackThis.exe
 
--------------------------------------------------
 
Checking Windows NT UserInit:
 
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe,
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 
RemoteControl10 = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Wondershare Helper Compact.exe = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
DelaypluginInstall = C:\ProgramData\Wondershare\Player\DelayPluginI.exe
QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HPMessageService = C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
TkBellExe = "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
HP Software Update = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
(Default) = 
StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
--------------------------------------------------
 
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
 
EADM = "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
Power2GoExpress8 = "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
iCloudServices = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
ApplePhotoStreams = C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HP Officejet 4630 series (NET) = "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN38D1W2J705Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
 
--------------------------------------------------
 
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
 
(Default) = C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*
 
--------------------------------------------------
 
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
 
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
 
Shell & screensaver key from Registry:
 
Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
 
Policies Shell key:
 
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
 
--------------------------------------------------
 
 
Enumerating Browser Helper Objects:
 
(no name) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
(no name) - C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll - {43D9786F-A485-683B-9B5B-ACC97ABC17FC}
(no name) - C:\Program Files (x86)\Java\jre7\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
 
--------------------------------------------------
 
Enumerating Task Scheduler jobs:
 
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
HPCeeScheduleForSteven.job
 
--------------------------------------------------
 
Enumerating Download Program Files:
 
[{555F1BBC-6EC2-474F-84AF-633EF097FF54}]
 
[Wwlaunch Control]
InProcServer32 = C:\Windows\DOWNLO~1\wwlaunch.ocx
 
--------------------------------------------------
 
Enumerating Winsock LSP files:
 
NameSpace #1: C:\WINDOWS\system32\napinsp.dll
NameSpace #2: C:\WINDOWS\system32\pnrpnsp.dll
NameSpace #3: C:\WINDOWS\system32\pnrpnsp.dll
NameSpace #4: C:\WINDOWS\system32\NLAapi.dll
NameSpace #7: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
 
--------------------------------------------------
 
Enumerating ShellServiceObjectDelayLoad items:
 
WebCheck: *Registry key not found*
 
--------------------------------------------------
End of report, 7,065 bytes
Report generated in 0.188 seconds
 
Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only
 

 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 31 July 2014 - 11:19 AM

Hi sekirsc,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:


  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 sekirsc

sekirsc

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 31 July 2014 - 02:45 PM

 Results of screen317's Security Check version 0.99.86  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender                     
Bitdefender Antivirus Free Edition   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Java version out of Date! 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition gziface.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-31 13:57:27
-----------------------------
13:57:27.050    OS Version: Windows x64 6.2.9200 
13:57:27.050    Number of processors: 2 586 0x200
13:57:27.054    ComputerName: STEVE_EMMA  UserName: Steven
13:57:28.982    Initialize success
13:57:29.066    VM: initialized successfully
13:57:29.108    VM: Amd CPU BiosDisabled 
13:57:38.345    VM: supported disk I/O storport.sys
14:02:18.970    AVAST engine defs: 14073101
14:55:43.982    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
 
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-31 13:57:27
-----------------------------
13:57:27.050    OS Version: Windows x64 6.2.9200 
13:57:27.050    Number of processors: 2 586 0x200
13:57:27.054    ComputerName: STEVE_EMMA  UserName: Steven
13:57:28.982    Initialize success
13:57:29.066    VM: initialized successfully
13:57:29.108    VM: Amd CPU BiosDisabled 
13:57:38.345    VM: supported disk I/O storport.sys
14:02:18.970    AVAST engine defs: 14073101
14:55:43.982    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
14:55:58.031    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002b
14:55:58.047    Disk 0 Vendor: TOSHIBA_MQ01ABF032 AM002C Size: 305245MB BusType: 11
14:55:58.213    Disk 0 MBR read successfully
14:55:58.228    Disk 0 MBR scan
14:55:58.292    Disk 0 unknown MBR code
14:55:58.308    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
14:55:58.686    Disk 0 scanning C:\WINDOWS\system32\drivers
14:56:47.215    Service scanning
14:56:56.731    Service bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5
14:58:03.807    Modules scanning
14:58:03.857    Disk 0 trace - called modules:
14:58:03.901    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 
14:58:03.926    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000dadb6770]
14:58:03.949    3 CLASSPNP.SYS[fffff800a439627b] -> nt!IofCallDriver -> [0xffffe000da7ed780]
14:58:03.973    5 amdxata.sys[fffff800a3f346b4] -> nt!IofCallDriver -> \Device\0000002b[0xffffe000da7ec7f0]
14:58:05.462    AVAST engine scan C:\WINDOWS
14:58:09.585    AVAST engine scan C:\WINDOWS\system32
15:06:31.334    AVAST engine scan C:\WINDOWS\system32\drivers
15:07:09.371    AVAST engine scan C:\Users\Steven
15:11:07.974    Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
15:11:08.028    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
 
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-31 13:57:27
-----------------------------
13:57:27.050    OS Version: Windows x64 6.2.9200 
13:57:27.050    Number of processors: 2 586 0x200
13:57:27.054    ComputerName: STEVE_EMMA  UserName: Steven
13:57:28.982    Initialize success
13:57:29.066    VM: initialized successfully
13:57:29.108    VM: Amd CPU BiosDisabled 
13:57:38.345    VM: supported disk I/O storport.sys
14:02:18.970    AVAST engine defs: 14073101
14:55:43.982    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
14:55:58.031    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002b
14:55:58.047    Disk 0 Vendor: TOSHIBA_MQ01ABF032 AM002C Size: 305245MB BusType: 11
14:55:58.213    Disk 0 MBR read successfully
14:55:58.228    Disk 0 MBR scan
14:55:58.292    Disk 0 unknown MBR code
14:55:58.308    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
14:55:58.686    Disk 0 scanning C:\WINDOWS\system32\drivers
14:56:47.215    Service scanning
14:56:56.731    Service bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5
14:58:03.807    Modules scanning
14:58:03.857    Disk 0 trace - called modules:
14:58:03.901    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 
14:58:03.926    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000dadb6770]
14:58:03.949    3 CLASSPNP.SYS[fffff800a439627b] -> nt!IofCallDriver -> [0xffffe000da7ed780]
14:58:03.973    5 amdxata.sys[fffff800a3f346b4] -> nt!IofCallDriver -> \Device\0000002b[0xffffe000da7ec7f0]
14:58:05.462    AVAST engine scan C:\WINDOWS
14:58:09.585    AVAST engine scan C:\WINDOWS\system32
15:06:31.334    AVAST engine scan C:\WINDOWS\system32\drivers
15:07:09.371    AVAST engine scan C:\Users\Steven
15:11:07.974    Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
15:11:08.028    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
15:18:35.839    AVAST engine scan C:\ProgramData
15:19:57.370    Scan finished successfully
15:23:54.442    Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
15:23:54.497    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Steven (administrator) on STEVE_EMMA on 31-07-2014 15:30:20
Running from C:\Users\Steven\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe [1960008 2013-09-28] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2014-06-05] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-07-27] (Electronic Arts)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1717000 2014-02-20] (CyberLink Corp.)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-3742697334-2762013724-3188467752-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3742697334-2762013724-3188467752-1002\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinn...ts/wwhearts.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Steven\AppData\Local\Roblox\Versions\version-de8b84f90efc4ca5\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2014-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-05]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]
CHR Extension: (Google Drive) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Wondershare Player) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdegagmpemadclljncealhmmkojfoam [2014-03-05]
CHR Extension: (YouTube) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]
CHR Extension: (Google Search) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]
CHR Extension: (RealDownloader) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-05]
CHR Extension: (Google Wallet) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR Extension: (Gmail) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com.crx [2014-02-07]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-07-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-05-14] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U3 aswMBR; \??\C:\Users\Steven\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Steven\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-31 15:30 - 2014-07-31 15:32 - 00022947 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-07-31 15:30 - 2014-07-31 15:30 - 00000000 ____D () C:\FRST
2014-07-31 15:28 - 2014-07-31 15:28 - 02094080 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-07-31 15:12 - 2014-07-31 15:12 - 00000143 _____ () C:\Users\Steven\Desktop\MBR.zip
2014-07-31 15:11 - 2014-07-31 15:23 - 00000512 _____ () C:\Users\Steven\Desktop\MBR.dat
2014-07-31 14:55 - 2014-07-31 15:23 - 00004993 _____ () C:\Users\Steven\Desktop\aswMBR.txt
2014-07-31 13:56 - 2014-07-31 13:56 - 05185536 _____ (AVAST Software) C:\Users\Steven\Desktop\aswMBR.exe
2014-07-31 13:56 - 2014-07-31 13:56 - 00000874 _____ () C:\Users\Steven\Desktop\checkup.txt
2014-07-31 13:53 - 2014-07-31 13:53 - 00854390 _____ () C:\Users\Steven\Desktop\SecurityCheck.exe
2014-07-29 18:07 - 2014-07-29 18:07 - 00006908 _____ () C:\Users\Steven\Downloads\startuplist.txt
2014-07-29 18:05 - 2014-07-29 18:06 - 00012932 _____ () C:\Users\Steven\Downloads\hijackthis.log
2014-07-29 18:05 - 2014-07-29 18:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Steven\Downloads\HiJackThis.exe
2014-07-29 17:46 - 2014-07-29 17:46 - 04813544 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup416.exe
2014-07-28 10:09 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\Steven\AppData\Local\Macroplant_LLC
2014-07-28 10:08 - 2014-07-28 10:08 - 00001042 _____ () C:\Users\Public\Desktop\iExplorer.lnk
2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-07-28 10:05 - 2014-07-28 10:06 - 11221024 _____ (Macroplant LLC ) C:\Users\Steven\Downloads\iExplorer_setup_3321.exe
2014-07-27 16:11 - 2014-07-27 16:11 - 00000000 __RHD () C:\Users\Steven\AppData\Roaming\SecuROM
2014-07-21 15:50 - 2014-07-31 13:57 - 00003346 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3742697334-2762013724-3188467752-1002
2014-07-21 15:50 - 2014-07-31 13:57 - 00003294 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3742697334-2762013724-3188467752-1002
2014-07-19 16:09 - 2014-07-19 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 16:09 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-19 16:09 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-19 16:09 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-19 16:09 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-19 16:07 - 2014-07-19 16:09 - 00004133 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 16:00 - 2014-07-19 16:00 - 00918952 _____ (Oracle Corporation) C:\Users\Steven\Downloads\chromeinstall-7u65.exe
2014-07-18 15:57 - 2014-07-18 15:57 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-07-15 22:36 - 2014-07-15 22:36 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 22:36 - 2014-07-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 22:33 - 2014-07-15 22:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-15 22:33 - 2014-07-15 22:35 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 22:33 - 2014-07-15 22:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-15 22:33 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 22:27 - 2014-07-15 22:27 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-15 22:27 - 2014-07-15 22:27 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-15 22:26 - 2014-07-15 22:26 - 04812672 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup415.exe
2014-07-11 09:43 - 2014-07-11 09:43 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-07-10 12:31 - 2014-07-10 12:31 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 12:23 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 12:06 - 2014-07-10 12:06 - 00002159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-07-10 12:06 - 2014-07-10 12:06 - 00002147 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-07-10 12:06 - 2014-07-10 12:06 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-07-09 15:14 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 15:14 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 15:14 - 2014-06-18 18:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 15:14 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 15:14 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 15:14 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 15:14 - 2014-06-06 09:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 15:14 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 15:14 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 15:14 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 15:14 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 15:14 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 15:14 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 15:14 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 15:12 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 15:12 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 15:12 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 15:12 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 15:12 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 15:12 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 15:12 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 15:12 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 15:12 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 15:12 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 15:12 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 15:12 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 15:12 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 15:12 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 15:12 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 15:12 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 15:12 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 15:12 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 15:12 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 15:12 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 15:12 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 15:12 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 15:12 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 15:11 - 2014-06-30 17:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 15:11 - 2014-06-28 02:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 15:11 - 2014-06-28 02:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 15:11 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 15:11 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 15:11 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 15:11 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 15:11 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 15:11 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 15:11 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 15:11 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 15:11 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 15:11 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 15:11 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 15:11 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 15:11 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 15:11 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 15:11 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 15:11 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 15:11 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 15:04 - 2014-07-09 15:04 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 17:03 - 2014-07-08 17:03 - 00000000 ____D () C:\Users\Emma\AppData\Roaming\PictureMover
2014-07-03 23:46 - 2014-07-03 23:46 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Walgreens
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-31 15:32 - 2014-07-31 15:30 - 00022947 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-07-31 15:30 - 2014-07-31 15:30 - 00000000 ____D () C:\FRST
2014-07-31 15:28 - 2014-07-31 15:28 - 02094080 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-07-31 15:23 - 2014-07-31 15:11 - 00000512 _____ () C:\Users\Steven\Desktop\MBR.dat
2014-07-31 15:23 - 2014-07-31 14:55 - 00004993 _____ () C:\Users\Steven\Desktop\aswMBR.txt
2014-07-31 15:12 - 2014-07-31 15:12 - 00000143 _____ () C:\Users\Steven\Desktop\MBR.zip
2014-07-31 15:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-31 14:49 - 2014-01-27 20:31 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 13:57 - 2014-07-21 15:50 - 00003346 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3742697334-2762013724-3188467752-1002
2014-07-31 13:57 - 2014-07-21 15:50 - 00003294 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3742697334-2762013724-3188467752-1002
2014-07-31 13:56 - 2014-07-31 13:56 - 05185536 _____ (AVAST Software) C:\Users\Steven\Desktop\aswMBR.exe
2014-07-31 13:56 - 2014-07-31 13:56 - 00000874 _____ () C:\Users\Steven\Desktop\checkup.txt
2014-07-31 13:53 - 2014-07-31 13:53 - 00854390 _____ () C:\Users\Steven\Desktop\SecurityCheck.exe
2014-07-31 11:22 - 2014-01-20 17:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3742697334-2762013724-3188467752-1002
2014-07-31 10:19 - 2014-05-14 23:37 - 00000000 ____D () C:\Users\Steven\Documents\Youcam
2014-07-31 10:15 - 2014-01-27 20:32 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-31 10:15 - 2014-01-27 20:31 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 10:13 - 2014-04-18 19:48 - 00000000 __RDO () C:\Users\Steven\OneDrive
2014-07-31 10:13 - 2014-01-26 12:59 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-31 10:11 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-30 11:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-29 18:36 - 2014-01-21 19:56 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-07-29 18:36 - 2014-01-21 19:56 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-29 18:07 - 2014-07-29 18:07 - 00006908 _____ () C:\Users\Steven\Downloads\startuplist.txt
2014-07-29 18:06 - 2014-07-29 18:05 - 00012932 _____ () C:\Users\Steven\Downloads\hijackthis.log
2014-07-29 18:05 - 2014-07-29 18:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Steven\Downloads\HiJackThis.exe
2014-07-29 17:46 - 2014-07-29 17:46 - 04813544 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup416.exe
2014-07-28 20:27 - 2014-04-23 14:26 - 00003174 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForSteven
2014-07-28 20:27 - 2014-04-23 14:26 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForSteven.job
2014-07-28 10:09 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\Steven\AppData\Local\Macroplant_LLC
2014-07-28 10:08 - 2014-07-28 10:08 - 00001042 _____ () C:\Users\Public\Desktop\iExplorer.lnk
2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-07-28 10:06 - 2014-07-28 10:05 - 11221024 _____ (Macroplant LLC ) C:\Users\Steven\Downloads\iExplorer_setup_3321.exe
2014-07-27 16:11 - 2014-07-27 16:11 - 00000000 __RHD () C:\Users\Steven\AppData\Roaming\SecuROM
2014-07-27 16:06 - 2014-06-01 11:45 - 00000000 ____D () C:\Users\Emma\Documents\Youcam
2014-07-26 21:33 - 2014-04-30 02:04 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6097E0FD-3026-4BE4-8674-626F2B3EC1DF}
2014-07-26 21:31 - 2014-06-21 14:39 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\HpUpdate
2014-07-25 18:33 - 2014-01-20 22:47 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3742697334-2762013724-3188467752-1005
2014-07-23 11:26 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-21 15:56 - 2014-06-20 10:42 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 15:47 - 2014-04-18 19:09 - 00000000 ____D () C:\Users\Steven
2014-07-19 16:10 - 2014-06-07 20:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 16:09 - 2014-07-19 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 16:09 - 2014-07-19 16:07 - 00004133 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 16:09 - 2014-06-07 20:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-19 16:00 - 2014-07-19 16:00 - 00918952 _____ (Oracle Corporation) C:\Users\Steven\Downloads\chromeinstall-7u65.exe
2014-07-18 15:57 - 2014-07-18 15:57 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-07-18 15:48 - 2014-04-18 19:09 - 00000000 ____D () C:\Users\Emma
2014-07-17 07:39 - 2014-05-04 15:24 - 00001415 _____ () C:\Users\Emma\Desktop\ROBLOX Player.lnk
2014-07-17 07:39 - 2014-04-18 11:57 - 00001230 _____ () C:\Users\Emma\Desktop\ROBLOX Studio 2013.lnk
2014-07-17 07:39 - 2014-04-18 11:57 - 00000000 ____D () C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-15 22:36 - 2014-07-15 22:36 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 22:36 - 2014-07-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 22:36 - 2014-07-15 22:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-15 22:35 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 22:35 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-15 22:33 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 22:33 - 2014-04-18 21:49 - 00000000 ___DC () C:\WINDOWS\Panther
2014-07-15 22:27 - 2014-07-15 22:27 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-15 22:27 - 2014-07-15 22:27 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-15 22:26 - 2014-07-15 22:26 - 04812672 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup415.exe
2014-07-14 10:59 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 09:43 - 2014-07-11 09:43 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-07-11 03:02 - 2014-07-19 16:09 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-19 16:09 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-19 16:09 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-19 16:09 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-10 14:59 - 2013-08-22 09:44 - 00483160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-10 14:57 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-10 14:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 14:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 12:31 - 2014-07-10 12:31 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 12:31 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 12:31 - 2014-01-20 21:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 12:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 12:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 12:26 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 12:25 - 2014-01-20 21:11 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 12:06 - 2014-07-10 12:06 - 00002159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-07-10 12:06 - 2014-07-10 12:06 - 00002147 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-07-10 12:06 - 2014-07-10 12:06 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-07-09 15:04 - 2014-07-09 15:04 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 17:03 - 2014-07-08 17:03 - 00000000 ____D () C:\Users\Emma\AppData\Roaming\PictureMover
2014-07-03 23:46 - 2014-07-03 23:46 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Walgreens
2014-07-03 23:40 - 2014-02-07 20:51 - 00000000 ____D () C:\ProgramData\Wondershare Player
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-31 14:02
 
==================== End Of Log ============================
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Steven at 2014-07-31 15:35:27
Running from C:\Users\Steven\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0313.2330.40379 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0423.0448.6734 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.6.7225 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.6.7225 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.6.3728 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.6.3821 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5108 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.8.5108 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}) (Version: 1.4.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Officejet 4630 series Basic Device Software (HKLM\...\{1EEDD93E-B341-4353-92D6-9A009443C91A}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 9.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iExplorer 3.3.2.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{1A6CF6FE-7573-44F3-8C56-0F4E469D1791}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
ROBLOX Player for Steven (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for Steven (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.1 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Wondershare DVD Slideshow Builder Deluxe(Build 6.1.13.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.1.13.0 - WonderShare Software Co.,Ltd.)
Wondershare Player(Build 1.6.0) (HKLM-x32\...\Wondershare Player_is1) (Version: 1.6.0.3 - Wondershare)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3742697334-2762013724-3188467752-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3742697334-2762013724-3188467752-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3742697334-2762013724-3188467752-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3742697334-2762013724-3188467752-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
08-07-2014 22:16:30 Removed Walgreens PictureMover.
19-07-2014 21:05:49 Installed Java 7 Update 65
30-07-2014 16:35:48 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {158B64B1-639C-4045-88D9-B5DB968A7209} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {17971E72-AA3C-458C-8FCF-203BDFA0F6C0} - System32\Tasks\HPCeeScheduleForSteven => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1D275DFA-6814-43FD-8C33-CD3175A2D172} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {26D583AD-C46E-4BE7-B98C-11E422B7AF2D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-05-14] (Synaptics Incorporated)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EB70B7F-3D21-4629-BA64-0D5E7C24ECE9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {32B69CF1-F155-416A-A514-7D89DE8E8738} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4308C5F9-050D-4A92-88A3-34D3489AD760} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B132DC5-1D23-4A16-9B34-C26BEB19686B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-15] (Microsoft Corporation)
Task: {594E20E3-EFFD-429C-8671-99A4ABB7F2AA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-03-05] (Realtek Semiconductor)
Task: {69E67878-C797-47F4-AA95-334C380C5045} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8945BC5A-1B41-43E0-A8C7-66DF6479BAE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {8A951EBD-A8AC-4E80-B3BC-D14D538ABDCA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3742697334-2762013724-3188467752-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8B4A4FCA-FB16-43E7-A44E-DB0654F50CFB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A51007B9-E9F3-4D7D-B00E-93B10EAAFE7E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {BE18A5C6-A81D-4A53-8C44-C83CEC3A041F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C4B94A75-F57D-4D7A-BE96-FE8799297668} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C73992D6-B510-451E-9AAE-316932BA5C2B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3742697334-2762013724-3188467752-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C8EECC72-452E-4BBF-9396-C6D60B8F595E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CADAE820-BB38-408B-BD52-7AC048AE3ED3} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EF27F402-EE4D-4150-913A-FED3ECDA1570} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {F2B88467-CCAD-444B-B046-384FE278339E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {F77999E0-33CB-4D91-8A0A-94ED1245A704} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSteven.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-23 14:49 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-06-23 14:49 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-04-23 04:51 - 2014-04-23 04:51 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-17 14:40 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-20 17:16 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-01-20 20:37 - 2014-04-15 22:47 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-07 20:51 - 2013-07-30 18:16 - 00941992 _____ () C:\Windows\SysWOW64\WPShellExt64.dll
2014-04-23 04:52 - 2014-04-23 04:52 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-29 22:28 - 2014-07-27 16:34 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-01-29 22:27 - 2014-07-27 16:34 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-05-14 23:11 - 2014-02-20 23:13 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2014-05-14 23:10 - 2013-12-29 20:20 - 01323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2014-05-14 23:10 - 2014-02-20 23:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-07-19 16:27 - 2014-07-15 04:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 16:27 - 2014-07-15 04:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 16:27 - 2014-07-15 04:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 16:27 - 2014-07-15 04:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 16:27 - 2014-07-15 04:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-19 16:27 - 2014-07-15 04:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Steven\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\Steven\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Steven\Desktop\aswMBR.exe:BDU
AlternateDataStreams: C:\Users\Steven\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Steven\Desktop\SecurityCheck.exe:BDU
AlternateDataStreams: C:\Users\Steven\Downloads\ccsetup415.exe:BDU
AlternateDataStreams: C:\Users\Steven\Downloads\ccsetup416.exe:BDU
AlternateDataStreams: C:\Users\Steven\Downloads\chromeinstall-7u65.exe:BDU
AlternateDataStreams: C:\Users\Steven\Downloads\HiJackThis.exe:BDU
AlternateDataStreams: C:\Users\Steven\Downloads\iExplorer_setup_3321.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/31/2014 03:27:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/31/2014 11:27:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a0
 
Start Time: 01cfacd33979068b
 
Termination Time: 74
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 87c8b807-18cf-11e4-bebe-a01d486f9043
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/31/2014 10:46:30 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 461500
 
Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 461500
 
Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/31/2014 08:23:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12609
 
Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12609
 
Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (07/31/2014 10:11:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:00:53 AM on ‎7/‎31/‎2014 was unexpected.
 
Error: (07/29/2014 08:43:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:39:55 PM on ‎7/‎29/‎2014 was unexpected.
 
Error: (07/27/2014 04:30:58 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (07/27/2014 04:31:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:22:45 PM on ‎7/‎27/‎2014 was unexpected.
 
Error: (07/23/2014 11:21:38 AM) (Source: DCOM) (EventID: 10001) (User: STEVE_EMMA)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable
 
Error: (07/21/2014 03:47:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:56:28 PM on ‎7/‎20/‎2014 was unexpected.
 
Error: (07/18/2014 03:47:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:09:46 AM on ‎7/‎17/‎2014 was unexpected.
 
Error: (07/14/2014 09:48:21 AM) (Source: DCOM) (EventID: 10010) (User: Steve_Emma)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (07/14/2014 09:47:51 AM) (Source: DCOM) (EventID: 10010) (User: Steve_Emma)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (07/10/2014 05:11:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
 
 
Microsoft Office Sessions:
=========================
Error: (07/31/2014 03:27:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (07/31/2014 11:27:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17126a001cfacd33979068b74C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE87c8b807-18cf-11e4-bebe-a01d486f9043
 
Error: (07/31/2014 10:46:30 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 461500
 
Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 461500
 
Error: (07/31/2014 09:36:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/31/2014 08:23:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12609
 
Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12609
 
Error: (07/31/2014 02:03:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 52%
Total physical RAM: 3682.26 MB
Available physical RAM: 1762.88 MB
Total Pagefile: 5154.26 MB
Available Pagefile: 2578 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:274.93 GB) (Free:194.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:21.96 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1E1F4777)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 31 July 2014 - 04:23 PM

Hi sekirsc,

I noticed in your logs you have numerous instances where the computer shut off unexpectely. Was this something you did intentionally, or did the computer just shut off?

Error: (07/31/2014 10:11:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:00:53 AM on ‎7/‎31/‎2014 was unexpected.

Error: (07/29/2014 08:43:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:39:55 PM on ‎7/‎29/‎2014 was unexpected.

Error: (07/27/2014 04:31:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:22:45 PM on ‎7/‎27/‎2014 was unexpected.

Error: (07/21/2014 03:47:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:56:28 PM on ‎7/‎20/‎2014 was unexpected.

Error: (07/18/2014 03:47:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:09:46 AM on ‎7/‎17/‎2014 was unexpected.

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 

GroupPolicyUsers\S-1-5-21-3742697334-2762013724-3188467752-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3742697334-2762013724-3188467752-1002\User: Group Policy restriction detected <======= ATTENTION
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:


  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • New FRST.txt
  • Answer about unexpected shutdown.
  • Any change in performance?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 sekirsc

sekirsc

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 01 August 2014 - 09:43 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 01
Ran by Steven at 2014-08-01 10:22:53 Run:1
Running from C:\Users\Steven\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-3742697334-2762013724-3188467752-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3742697334-2762013724-3188467752-1002\User: Group Policy restriction detected <======= ATTENTION
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
*****************
 
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3742697334-2762013724-3188467752-1005\User => Moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3742697334-2762013724-3188467752-1002\User => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-31 13:57:27
-----------------------------
13:57:27.050    OS Version: Windows x64 6.2.9200 
13:57:27.050    Number of processors: 2 586 0x200
13:57:27.054    ComputerName: STEVE_EMMA  UserName: Steven
13:57:28.982    Initialize success
13:57:29.066    VM: initialized successfully
13:57:29.108    VM: Amd CPU BiosDisabled 
13:57:38.345    VM: supported disk I/O storport.sys
14:02:18.970    AVAST engine defs: 14073101
14:55:43.982    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
 
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-31 13:57:27
-----------------------------
13:57:27.050    OS Version: Windows x64 6.2.9200 
13:57:27.050    Number of processors: 2 586 0x200
13:57:27.054    ComputerName: STEVE_EMMA  UserName: Steven
13:57:28.982    Initialize success
13:57:29.066    VM: initialized successfully
13:57:29.108    VM: Amd CPU BiosDisabled 
13:57:38.345    VM: supported disk I/O storport.sys
14:02:18.970    AVAST engine defs: 14073101
14:55:43.982    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
14:55:58.031    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002b
14:55:58.047    Disk 0 Vendor: TOSHIBA_MQ01ABF032 AM002C Size: 305245MB BusType: 11
14:55:58.213    Disk 0 MBR read successfully
14:55:58.228    Disk 0 MBR scan
14:55:58.292    Disk 0 unknown MBR code
14:55:58.308    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
14:55:58.686    Disk 0 scanning C:\WINDOWS\system32\drivers
14:56:47.215    Service scanning
14:56:56.731    Service bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5
14:58:03.807    Modules scanning
14:58:03.857    Disk 0 trace - called modules:
14:58:03.901    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 
14:58:03.926    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000dadb6770]
14:58:03.949    3 CLASSPNP.SYS[fffff800a439627b] -> nt!IofCallDriver -> [0xffffe000da7ed780]
14:58:03.973    5 amdxata.sys[fffff800a3f346b4] -> nt!IofCallDriver -> \Device\0000002b[0xffffe000da7ec7f0]
14:58:05.462    AVAST engine scan C:\WINDOWS
14:58:09.585    AVAST engine scan C:\WINDOWS\system32
15:06:31.334    AVAST engine scan C:\WINDOWS\system32\drivers
15:07:09.371    AVAST engine scan C:\Users\Steven
15:11:07.974    Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
15:11:08.028    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
 
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-31 13:57:27
-----------------------------
13:57:27.050    OS Version: Windows x64 6.2.9200 
13:57:27.050    Number of processors: 2 586 0x200
13:57:27.054    ComputerName: STEVE_EMMA  UserName: Steven
13:57:28.982    Initialize success
13:57:29.066    VM: initialized successfully
13:57:29.108    VM: Amd CPU BiosDisabled 
13:57:38.345    VM: supported disk I/O storport.sys
14:02:18.970    AVAST engine defs: 14073101
14:55:43.982    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
14:55:58.031    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002b
14:55:58.047    Disk 0 Vendor: TOSHIBA_MQ01ABF032 AM002C Size: 305245MB BusType: 11
14:55:58.213    Disk 0 MBR read successfully
14:55:58.228    Disk 0 MBR scan
14:55:58.292    Disk 0 unknown MBR code
14:55:58.308    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
14:55:58.686    Disk 0 scanning C:\WINDOWS\system32\drivers
14:56:47.215    Service scanning
14:56:56.731    Service bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5
14:58:03.807    Modules scanning
14:58:03.857    Disk 0 trace - called modules:
14:58:03.901    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 
14:58:03.926    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000dadb6770]
14:58:03.949    3 CLASSPNP.SYS[fffff800a439627b] -> nt!IofCallDriver -> [0xffffe000da7ed780]
14:58:03.973    5 amdxata.sys[fffff800a3f346b4] -> nt!IofCallDriver -> \Device\0000002b[0xffffe000da7ec7f0]
14:58:05.462    AVAST engine scan C:\WINDOWS
14:58:09.585    AVAST engine scan C:\WINDOWS\system32
15:06:31.334    AVAST engine scan C:\WINDOWS\system32\drivers
15:07:09.371    AVAST engine scan C:\Users\Steven
15:11:07.974    Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
15:11:08.028    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
15:18:35.839    AVAST engine scan C:\ProgramData
15:19:57.370    Scan finished successfully
15:23:54.442    Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
15:23:54.497    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Steven on Fri 08/01/2014 at 21:42:21.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/01/2014 at 22:23:46.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Steven (administrator) on STEVE_EMMA on 01-08-2014 22:25:06
Running from C:\Users\Steven\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ROBLOX Corporation) C:\Users\Emma\AppData\Local\Roblox\Versions\version-c4060e4821af4163\RobloxPlayerBeta.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe [1960008 2013-09-28] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2014-06-05] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-07-27] (Electronic Arts)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1717000 2014-02-20] (CyberLink Corp.)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1002\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-3742697334-2762013724-3188467752-1005\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-07-27] (Electronic Arts)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Steven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinn...ts/wwhearts.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Steven\AppData\Local\Roblox\Versions\version-de8b84f90efc4ca5\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2014-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-05]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]
CHR Extension: (Google Drive) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Wondershare Player) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdegagmpemadclljncealhmmkojfoam [2014-03-05]
CHR Extension: (YouTube) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]
CHR Extension: (Google Search) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]
CHR Extension: (RealDownloader) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-05]
CHR Extension: (Google Wallet) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR Extension: (Gmail) - C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com.crx [2014-02-07]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-08-01] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-05-14] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-01 22:23 - 2014-08-01 22:23 - 00000757 _____ () C:\Users\Steven\Desktop\JRT.txt
2014-08-01 21:42 - 2014-08-01 21:42 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-01 13:23 - 2014-08-01 13:23 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-08-01 13:04 - 2014-08-01 13:04 - 00001396 _____ () C:\Users\Steven\Desktop\AdwCleaner[S0].txt
2014-08-01 13:03 - 2014-08-01 13:03 - 00000306 _____ () C:\WINDOWS\PFRO.log
2014-08-01 13:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-01 10:31 - 2014-08-01 13:02 - 00000000 ____D () C:\AdwCleaner
2014-08-01 10:30 - 2014-08-01 10:30 - 01361309 _____ () C:\Users\Steven\Desktop\AdwCleaner.exe
2014-08-01 10:29 - 2014-08-01 10:29 - 01016261 _____ (Thisisu) C:\Users\Steven\Desktop\JRT.exe
2014-08-01 08:10 - 2014-08-01 17:22 - 00233499 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-31 15:35 - 2014-07-31 15:39 - 00039888 _____ () C:\Users\Steven\Desktop\Addition.txt
2014-07-31 15:30 - 2014-08-01 22:25 - 00022642 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-07-31 15:30 - 2014-08-01 22:25 - 00000000 ____D () C:\FRST
2014-07-31 15:28 - 2014-07-31 15:28 - 02094080 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-07-31 15:12 - 2014-07-31 15:12 - 00000143 _____ () C:\Users\Steven\Desktop\MBR.zip
2014-07-31 15:11 - 2014-07-31 15:23 - 00000512 _____ () C:\Users\Steven\Desktop\MBR.dat
2014-07-31 14:55 - 2014-07-31 15:23 - 00004993 _____ () C:\Users\Steven\Desktop\aswMBR.txt
2014-07-31 13:56 - 2014-07-31 13:56 - 05185536 _____ (AVAST Software) C:\Users\Steven\Desktop\aswMBR.exe
2014-07-31 13:56 - 2014-07-31 13:56 - 00000874 _____ () C:\Users\Steven\Desktop\checkup.txt
2014-07-31 13:53 - 2014-07-31 13:53 - 00854390 _____ () C:\Users\Steven\Desktop\SecurityCheck.exe
2014-07-29 18:07 - 2014-07-29 18:07 - 00006908 _____ () C:\Users\Steven\Downloads\startuplist.txt
2014-07-29 18:05 - 2014-07-29 18:06 - 00012932 _____ () C:\Users\Steven\Downloads\hijackthis.log
2014-07-29 18:05 - 2014-07-29 18:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Steven\Downloads\HiJackThis.exe
2014-07-29 17:46 - 2014-07-29 17:46 - 04813544 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup416.exe
2014-07-28 10:09 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\Steven\AppData\Local\Macroplant_LLC
2014-07-28 10:08 - 2014-07-28 10:08 - 00001042 _____ () C:\Users\Public\Desktop\iExplorer.lnk
2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-07-28 10:05 - 2014-07-28 10:06 - 11221024 _____ (Macroplant LLC ) C:\Users\Steven\Downloads\iExplorer_setup_3321.exe
2014-07-27 16:11 - 2014-07-27 16:11 - 00000000 __RHD () C:\Users\Steven\AppData\Roaming\SecuROM
2014-07-21 15:50 - 2014-08-01 13:05 - 00003346 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3742697334-2762013724-3188467752-1002
2014-07-21 15:50 - 2014-08-01 13:05 - 00003294 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3742697334-2762013724-3188467752-1002
2014-07-19 16:09 - 2014-07-19 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 16:09 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-19 16:09 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-19 16:09 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-19 16:09 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-19 16:07 - 2014-07-19 16:09 - 00004133 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 16:00 - 2014-07-19 16:00 - 00918952 _____ (Oracle Corporation) C:\Users\Steven\Downloads\chromeinstall-7u65.exe
2014-07-15 22:36 - 2014-07-15 22:36 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 22:36 - 2014-07-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 22:33 - 2014-07-15 22:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-15 22:33 - 2014-07-15 22:35 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 22:33 - 2014-07-15 22:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-15 22:33 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 22:27 - 2014-07-15 22:27 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-15 22:27 - 2014-07-15 22:27 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-15 22:26 - 2014-07-15 22:26 - 04812672 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup415.exe
2014-07-11 09:43 - 2014-07-11 09:43 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-07-10 12:31 - 2014-07-10 12:31 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 12:23 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 12:06 - 2014-07-10 12:06 - 00002159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-07-10 12:06 - 2014-07-10 12:06 - 00002147 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-07-10 12:06 - 2014-07-10 12:06 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-07-09 15:14 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 15:14 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 15:14 - 2014-06-18 18:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 15:14 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 15:14 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 15:14 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 15:14 - 2014-06-06 09:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 15:14 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 15:14 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 15:14 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 15:14 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 15:14 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 15:14 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 15:14 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 15:12 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 15:12 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 15:12 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 15:12 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 15:12 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 15:12 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 15:12 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 15:12 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 15:12 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 15:12 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 15:12 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 15:12 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 15:12 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 15:12 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 15:12 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 15:12 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 15:12 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 15:12 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 15:12 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 15:12 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 15:12 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 15:12 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 15:12 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 15:11 - 2014-06-30 17:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 15:11 - 2014-06-28 02:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 15:11 - 2014-06-28 02:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 15:11 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 15:11 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 15:11 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 15:11 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 15:11 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 15:11 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 15:11 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 15:11 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 15:11 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 15:11 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 15:11 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 15:11 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 15:11 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 15:11 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 15:11 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 15:11 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 15:11 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 15:04 - 2014-07-09 15:04 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 17:03 - 2014-07-08 17:03 - 00000000 ____D () C:\Users\Emma\AppData\Roaming\PictureMover
2014-07-03 23:46 - 2014-07-03 23:46 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Walgreens
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-01 22:25 - 2014-07-31 15:30 - 00022642 _____ () C:\Users\Steven\Desktop\FRST.txt
2014-08-01 22:25 - 2014-07-31 15:30 - 00000000 ____D () C:\FRST
2014-08-01 22:23 - 2014-08-01 22:23 - 00000757 _____ () C:\Users\Steven\Desktop\JRT.txt
2014-08-01 22:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-01 21:59 - 2014-04-18 19:48 - 00000000 __RDO () C:\Users\Steven\OneDrive
2014-08-01 21:49 - 2014-01-27 20:31 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 21:44 - 2014-01-20 22:47 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3742697334-2762013724-3188467752-1005
2014-08-01 21:44 - 2014-01-20 17:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3742697334-2762013724-3188467752-1002
2014-08-01 21:42 - 2014-08-01 21:42 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-01 17:22 - 2014-08-01 08:10 - 00233499 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-01 15:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-01 13:44 - 2014-05-04 15:24 - 00001415 _____ () C:\Users\Emma\Desktop\ROBLOX Player.lnk
2014-08-01 13:44 - 2014-04-18 11:57 - 00001230 _____ () C:\Users\Emma\Desktop\ROBLOX Studio 2013.lnk
2014-08-01 13:44 - 2014-04-18 11:57 - 00000000 ____D () C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-08-01 13:29 - 2014-01-27 20:32 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-01 13:29 - 2014-01-27 20:31 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 13:23 - 2014-08-01 13:23 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-08-01 13:06 - 2014-05-14 23:37 - 00000000 ____D () C:\Users\Steven\Documents\Youcam
2014-08-01 13:05 - 2014-07-21 15:50 - 00003346 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3742697334-2762013724-3188467752-1002
2014-08-01 13:05 - 2014-07-21 15:50 - 00003294 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3742697334-2762013724-3188467752-1002
2014-08-01 13:04 - 2014-08-01 13:04 - 00001396 _____ () C:\Users\Steven\Desktop\AdwCleaner[S0].txt
2014-08-01 13:04 - 2014-01-26 12:59 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-01 13:03 - 2014-08-01 13:03 - 00000306 _____ () C:\WINDOWS\PFRO.log
2014-08-01 13:03 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-01 13:02 - 2014-08-01 10:31 - 00000000 ____D () C:\AdwCleaner
2014-08-01 10:30 - 2014-08-01 10:30 - 01361309 _____ () C:\Users\Steven\Desktop\AdwCleaner.exe
2014-08-01 10:29 - 2014-08-01 10:29 - 01016261 _____ (Thisisu) C:\Users\Steven\Desktop\JRT.exe
2014-08-01 10:23 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-01 10:14 - 2014-04-30 02:04 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6097E0FD-3026-4BE4-8674-626F2B3EC1DF}
2014-08-01 10:14 - 2014-04-18 19:09 - 00000000 ____D () C:\Users\Steven
2014-08-01 10:14 - 2014-04-18 19:09 - 00000000 ____D () C:\Users\Emma
2014-08-01 08:48 - 2014-06-01 11:45 - 00000000 ____D () C:\Users\Emma\Documents\Youcam
2014-07-31 15:39 - 2014-07-31 15:35 - 00039888 _____ () C:\Users\Steven\Desktop\Addition.txt
2014-07-31 15:28 - 2014-07-31 15:28 - 02094080 _____ (Farbar) C:\Users\Steven\Desktop\FRST64.exe
2014-07-31 15:23 - 2014-07-31 15:11 - 00000512 _____ () C:\Users\Steven\Desktop\MBR.dat
2014-07-31 15:23 - 2014-07-31 14:55 - 00004993 _____ () C:\Users\Steven\Desktop\aswMBR.txt
2014-07-31 15:12 - 2014-07-31 15:12 - 00000143 _____ () C:\Users\Steven\Desktop\MBR.zip
2014-07-31 13:56 - 2014-07-31 13:56 - 05185536 _____ (AVAST Software) C:\Users\Steven\Desktop\aswMBR.exe
2014-07-31 13:56 - 2014-07-31 13:56 - 00000874 _____ () C:\Users\Steven\Desktop\checkup.txt
2014-07-31 13:53 - 2014-07-31 13:53 - 00854390 _____ () C:\Users\Steven\Desktop\SecurityCheck.exe
2014-07-29 18:36 - 2014-01-21 19:56 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-07-29 18:36 - 2014-01-21 19:56 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-29 18:07 - 2014-07-29 18:07 - 00006908 _____ () C:\Users\Steven\Downloads\startuplist.txt
2014-07-29 18:06 - 2014-07-29 18:05 - 00012932 _____ () C:\Users\Steven\Downloads\hijackthis.log
2014-07-29 18:05 - 2014-07-29 18:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Steven\Downloads\HiJackThis.exe
2014-07-29 17:46 - 2014-07-29 17:46 - 04813544 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup416.exe
2014-07-28 20:27 - 2014-04-23 14:26 - 00003174 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForSteven
2014-07-28 20:27 - 2014-04-23 14:26 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForSteven.job
2014-07-28 10:09 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\Steven\AppData\Local\Macroplant_LLC
2014-07-28 10:08 - 2014-07-28 10:08 - 00001042 _____ () C:\Users\Public\Desktop\iExplorer.lnk
2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2014-07-28 10:08 - 2014-07-28 10:08 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-07-28 10:06 - 2014-07-28 10:05 - 11221024 _____ (Macroplant LLC ) C:\Users\Steven\Downloads\iExplorer_setup_3321.exe
2014-07-27 16:11 - 2014-07-27 16:11 - 00000000 __RHD () C:\Users\Steven\AppData\Roaming\SecuROM
2014-07-26 21:31 - 2014-06-21 14:39 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\HpUpdate
2014-07-23 11:26 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-21 15:56 - 2014-06-20 10:42 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-19 16:10 - 2014-06-07 20:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 16:09 - 2014-07-19 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 16:09 - 2014-07-19 16:07 - 00004133 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 16:09 - 2014-06-07 20:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-19 16:00 - 2014-07-19 16:00 - 00918952 _____ (Oracle Corporation) C:\Users\Steven\Downloads\chromeinstall-7u65.exe
2014-07-15 22:36 - 2014-07-15 22:36 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 22:36 - 2014-07-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 22:36 - 2014-07-15 22:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-15 22:35 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 22:35 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-15 22:33 - 2014-07-15 22:33 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 22:33 - 2014-04-18 21:49 - 00000000 ___DC () C:\WINDOWS\Panther
2014-07-15 22:27 - 2014-07-15 22:27 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-15 22:27 - 2014-07-15 22:27 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-15 22:27 - 2014-07-15 22:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-15 22:26 - 2014-07-15 22:26 - 04812672 _____ (Piriform Ltd) C:\Users\Steven\Downloads\ccsetup415.exe
2014-07-14 10:59 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 09:43 - 2014-07-11 09:43 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-07-11 03:02 - 2014-07-19 16:09 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-19 16:09 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-19 16:09 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-19 16:09 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-10 14:59 - 2013-08-22 09:44 - 00483160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-10 14:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 14:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 12:31 - 2014-07-10 12:31 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 12:31 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 12:31 - 2014-01-20 21:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 12:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 12:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 12:26 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 12:25 - 2014-01-20 21:11 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 12:06 - 2014-07-10 12:06 - 00002159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-07-10 12:06 - 2014-07-10 12:06 - 00002147 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-07-10 12:06 - 2014-07-10 12:06 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-07-09 15:04 - 2014-07-09 15:04 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 17:03 - 2014-07-08 17:03 - 00000000 ____D () C:\Users\Emma\AppData\Roaming\PictureMover
2014-07-03 23:46 - 2014-07-03 23:46 - 00000000 ____D () C:\Users\Steven\AppData\Roaming\Walgreens
2014-07-03 23:40 - 2014-02-07 20:51 - 00000000 ____D () C:\ProgramData\Wondershare Player
 
Some content of TEMP:
====================
C:\Users\Steven\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-01 10:40
 
==================== End Of Log ============================
 
 
I think those unexpected shutdowns were from when my computer froze. Performance has improved a little bit. Thanks


#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 August 2014 - 01:19 AM

Hi sekirsc,

You ran aswMBR again, I need for you to run AdwCleaner.

Then you will need to run a new scan with FRST

In your next post please provide the following:

  • AdwCleaner[S0].txt
  • New FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 sekirsc

sekirsc

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 02 August 2014 - 06:59 AM

i'm sorry, I did run Adaware, i Just posted the wrong log...here is the correct one

 

# AdwCleaner v3.302 - Report created 01/08/2014 at 13:01:44
# Updated 30/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Steven - STEVE_EMMA
# Running from : C:\Users\Steven\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Public\Desktop\eBay.lnk
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [1263 octets] - [01/08/2014 10:31:25]
AdwCleaner[R1].txt - [1323 octets] - [01/08/2014 10:35:16]
AdwCleaner[S0].txt - [1256 octets] - [01/08/2014 13:01:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1316 octets] ##########


#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 August 2014 - 08:27 AM

Hi sekirsc,
 

i'm sorry, I did run Adaware, i Just posted the wrong log...here is the correct one

:thumbup:  Your logs, so far are looking good.

 

=========================

 

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:


  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 sekirsc

sekirsc

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 05 August 2014 - 08:31 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/3/2014
Scan Time: 6:09:25 PM
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.03.08
Rootkit Database: v2014.08.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Steven
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342155
Time Elapsed: 40 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
C:\Users\Steven\Downloads\cbsidlm-cbsi188-Free_M4a_to_MP3_Converter-SEO-187723.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
 
 
 
I can definitely see improvement with the laptop. There still are times when I am on it where it freezes for a while or still running slow, but not as often as it was before

 



#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 05 August 2014 - 10:21 AM

Hi sekirsc,
 

There still are times when I am on it where it freezes for a while or still running slow, but not as often as it was before

 

Are you using any particular program or browser when this occurs, is there a common denominator with the issue?

 

=========================

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • Java 7 Update 60

=========================

bullseye_zpse9eaf36e.gif Update Java

  • Get the current version of Java (Version 7 Update 67) by going to http://java.com/en/d...windows_xpi.jsp
  • Select the Verify Java Version button and follow the onscreen instructions to update if necessary.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

In your next post please provide the following:

  • Answer to the above question.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 sekirsc

sekirsc

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 05 August 2014 - 11:44 AM

It mostly happens when I use my web browsers. I use both Internet explorer and google chrome. What usually happens is I will be searching the internet and I will scroll up or down and the site will take 4-5 seconds to actually do it. This also happens when I work on documents and also when I listen to music on iTunes. 



#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 05 August 2014 - 02:58 PM

Hi sekirsc,

The good news is I'm not finding any malware on your system.  :thumbup:  The bad news, now we need to figure out what is causing the slowness. :wall:

 

  • Can you confirm what version of Windows you have installed? The reason I ask is I am getting conflicting information from the information contained within the log headers.
  • Is this a laptop, or a desktop computer?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 sekirsc

sekirsc

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 05 August 2014 - 03:55 PM

I am using a laptop and its running windows 8.1 x64



#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 05 August 2014 - 05:09 PM

Hi sekirsc,

Is your computer getting enough ventilation around it? Overheating is a symptom of unexpected shutdowns.

As I stated previously I'm not seeing any malicious items that would be causing the slowness you are experiencing. It could be browser related or a conflict between two (2) programs, unfortunately I really don't know.

We could try resetting both Internet Explorer and Chrome and see if that fixes the issue. But that would set both browsers back to their default settings and may not correct the issue.

If you would like to try this, I have included the instructions below.

You could always try one (1) and see if that browser response improves.

If you would prefer not to try this step just let me know.

=========================

bullseye_zpse9eaf36e.gif Reset Internet Explorer

Go to the Start menu > Control Panel > Look in the upper right hand corner and make sure the "Category" drop down menu says Small or Large Icons
Locate Internet Options > Advanced tab > Reset button at the bottom of the menu.

IEInternetProperties_zpsc88d70d4.gif

Next you will be presented with the following window. Please read what changes will take place if you choose to reset. If you would like to remove all personal settings tick the small box before clicking Reset.

IEResetSettings_zpsdffc342d.gif

=========================

Set your default search engine in Chrome

  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Settings
  • In the "Search" section, select the search engine you want to use from the menu. If the search engine you want to use doesn't appear in the menu, click Manage search engines.
  • In the Search Engines dialog that appears, select the search engine that you'd like to use from the list.
  • Click the Make Default button that appears in the row.

If the search engine you want to use isn't on this list, you can first add it as a new search engine option.

If the "Make Default" button doesn't appear for the search engine you've selected, you may need to edit its URL.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 sekirsc

sekirsc

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 05 August 2014 - 08:04 PM

computer seems to be working better. thank you very much for your help


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users