WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer locking up constantly and turning screen to "fuzz" [S

Started by ENYAW22 , Nov 29 2014 12:05 PM

This topic is locked

44 replies to this topic

#31 OCD

SuperHelper

Malware Team
5,574 posts

Posted 19 December 2014 - 01:05 AM

Hi ENYAW22,

Please wait to post your reply until you have all the requested logs available and ready to post. When you post them as they are done I get a seperate notification for each reply, but I cannot make an evaluation and a new reply until ALL the logs have been submitted.

Re-run Farbar Recovery Scan Tool it should be on your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

FRST.txt
How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

Advertisements

Register to Remove

#32 ENYAW22

Authentic Member

Authentic Member
47 posts

Posted 19 December 2014 - 11:02 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014

Ran by Wayne at 2014-12-19 08:46:14

Running from C:\Users\Wayne\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.2.152.26 - Adobe Systems Incorporated)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)

Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)

Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)

ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)

ArcSoft PhotoImpression 6 (HKLM-x32\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version: - ArcSoft)

ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.1209.2334 - )

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4794 - AVG Technologies)

AVG 2014 (Version: 14.0.4253 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden

Bejeweled 2 (HKLM-x32\...\Bejeweled 2) (Version: - Spintop Media, Inc)

BlackBerry App World Browser Plugin (HKLM-x32\...\{CF3A3816-7E48-4556-8614-654377EDE1B5}) (Version: 2.1.3 - Research In Motion Limited)

BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)

BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden

BlackBerry Device Manager 6.0 (HKLM-x32\...\BlackBerry_{4080C564-7174-4CE4-B0F3-2C75D6ECB134}) (Version: 6.0.0.40 - Research In Motion Ltd.)

BlackBerry Device Manager 6.0 (x32 Version: 6.0.0.40 - Research In Motion Ltd.) Hidden

BlackBerry Device Software Updater (HKLM-x32\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd)

BlackBerry v4.2.2 for the 8320 Series Wireless Handheld (HKLM-x32\...\{844DA731-B8B0-4581-AF3C-5158CC16897E}) (Version: 4.2.2.184 (Platform 2.5.0.40) - Research In Motion Ltd.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)

Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)

Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)

Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)

Canon PowerShot SX150 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.)

Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)

Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)

Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)

Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)

Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)

ccc-core-static (x32 Version: 2009.1209.2335.42329 - ATI) Hidden

Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.2.10148.2 - Cisco Consumer Products LLC)

Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)

Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)

Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.34 - Dell)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)

Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.3.0.0 - Dell Inc.)

DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden

Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)

Dream Chronicles - The Book of Air - Collector's Edition (HKLM-x32\...\Dream Chronicles - The Book of Air - Collector's Edition) (Version: - Spintop Media, Inc)

Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden

EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden

EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden

Escape Whisper Valley (HKLM-x32\...\Escape Whisper Valley) (Version: - Spintop Media, Inc)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)

Gardenscapes (HKLM-x32\...\Gardenscapes) (Version: - Spintop Media, Inc)

Garmin BaseCamp (HKLM-x32\...\{F487FEEC-AE9F-4E68-82F2-300F49A8C435}) (Version: 4.2.2 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin nRoute - City Navigator North America v8 (HKLM-x32\...\{4D919200-A01C-4873-BADE-BA68FFB9D237}) (Version: 2.6.1.0 - Garmin Ltd or its subsidiaries)

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version: - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Officejet 6600 Basic Device Software (HKLM\...\{AEC699FC-F916-46A0-B15E-70EF1534AE93}) (Version: 25.0.619.0 - Hewlett-Packard Co.)

HP Officejet 6600 Help (HKLM-x32\...\{C818BA3A-226F-4ED0-9CEF-96A0DF300211}) (Version: 140.0.2.2 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Mah Jong Medley (HKLM-x32\...\Mah Jong Medley) (Version: - Spintop Media, Inc)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

MapSource - Topo Canada v2 (HKLM-x32\...\InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673}) (Version: 2.00 - Garmin Ltd. and its subsidiaries)

MapSource - Topo Canada v2 (x32 Version: 2.00 - Garmin Ltd. and its subsidiaries) Hidden

MapSource - Trip & Waypoint Manager v2 (HKLM-x32\...\InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}) (Version: 2.00 - Garmin Ltd. and its subsidiaries)

MapSource - Trip & Waypoint Manager v2 (x32 Version: 2.00 - Garmin Ltd. and its subsidiaries) Hidden

MapSource (HKLM-x32\...\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}) (Version: 5.4 - Garmin Ltd. and its subsidiaries)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)

Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Mystery P.I. - The London Caper (HKLM-x32\...\Mystery P.I. - The London Caper) (Version: - Spintop Media, Inc)

Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

OVT Scanner (HKLM-x32\...\{A746CE98-A755-4AD7-B4B8-346DC74CDECD}) (Version: 1.00.0000 - OVT)

Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)

Plants vs. Zombies - Game of the Year Edition (HKLM-x32\...\Plants vs. Zombies - Game of the Year Edition) (Version: - Spintop Media, Inc)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Rapport (Version: 3.5.1205.18 - Trusteer) Hidden

Rapport (x32 Version: 3.5.1404.34 - Trusteer) Hidden

Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.1 - Reimage) <==== ATTENTION

Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)

Roxio File Backup (Version: 1.3.0 - Roxio) Hidden

Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skins (x32 Version: 2009.1209.2335.42329 - ATI) Hidden

SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)

SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - )

Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.34 - Trusteer)

Unity Web Player (HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.2 - Nikon)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

08-12-2014 16:45:29 Installed Rapport

10-12-2014 03:00:21 Windows Update

14-12-2014 15:45:26 Windows Update

18-12-2014 03:00:30 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2012-12-31 09:10 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04C17A15-B949-4452-AAC7-2D31762F14ED} - System32\Tasks\{5F4E802B-B9EF-4514-8171-9C2DFA564BF2} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

Task: {2649B338-E0BB-4EF8-8877-842AC21509C1} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)

Task: {4AC892F9-B506-4419-9878-0786907A3EB4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)

Task: {71331576-5564-4708-9D78-063C6A617174} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

Task: {74EA848F-5D00-4CF4-A967-F5D27240FB47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

Task: {85E0DBC6-CC69-429D-AB20-2D800774C35A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-12-11] () <==== ATTENTION

Task: {AC82A75D-5B34-4C7E-816F-767F6A2F27E4} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-02] (Reimage®) <==== ATTENTION

Task: {AD1DBE74-2369-4B03-BFD4-82DCA44E4731} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()

Task: {CE411EE3-2200-43EF-930E-9777058FEEE2} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)

Task: {D48F3F12-AFD2-4337-9870-FAFC68BD33FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {D6B75BB6-F568-4725-A949-B89DCA7F7027} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)

Task: {FC876EFF-CB9A-4B79-90BB-40A74747C18E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2537701294-2937390200-3866314920-1000

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-02 03:50 - 2014-12-02 03:50 - 06745440 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe

2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2010-07-07 11:33 - 2010-07-07 11:33 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL

2010-04-01 21:19 - 2010-07-21 07:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll

2010-04-01 21:19 - 2010-07-21 07:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll

2010-04-01 21:19 - 2010-07-21 07:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll

2010-04-01 21:12 - 2009-06-29 09:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL

2014-12-14 15:37 - 2014-12-05 17:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-14 15:37 - 2014-12-05 17:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-14 15:37 - 2014-12-05 17:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-14 15:37 - 2014-12-05 17:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2014-12-14 15:37 - 2014-12-05 17:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:026B76F2

AlternateDataStreams: C:\ProgramData\TEMP:04107365

AlternateDataStreams: C:\ProgramData\TEMP:0441DB7A

AlternateDataStreams: C:\ProgramData\TEMP:04FDFCF6

AlternateDataStreams: C:\ProgramData\TEMP:0AC32449

AlternateDataStreams: C:\ProgramData\TEMP:117354E5

AlternateDataStreams: C:\ProgramData\TEMP:12B6A5EC

AlternateDataStreams: C:\ProgramData\TEMP:14859C24

AlternateDataStreams: C:\ProgramData\TEMP:157D4840

AlternateDataStreams: C:\ProgramData\TEMP:16ED1DDB

AlternateDataStreams: C:\ProgramData\TEMP:178D4338

AlternateDataStreams: C:\ProgramData\TEMP:1ED30878

AlternateDataStreams: C:\ProgramData\TEMP:2032CC2B

AlternateDataStreams: C:\ProgramData\TEMP:20767002

AlternateDataStreams: C:\ProgramData\TEMP:21F1378A

AlternateDataStreams: C:\ProgramData\TEMP:239CC213

AlternateDataStreams: C:\ProgramData\TEMP:2A6414DE

AlternateDataStreams: C:\ProgramData\TEMP:2D09AB80

AlternateDataStreams: C:\ProgramData\TEMP:2D7D575C

AlternateDataStreams: C:\ProgramData\TEMP:304D2C3C

AlternateDataStreams: C:\ProgramData\TEMP:32A38B26

AlternateDataStreams: C:\ProgramData\TEMP:3325D6E9

AlternateDataStreams: C:\ProgramData\TEMP:3477DE06

AlternateDataStreams: C:\ProgramData\TEMP:359163DE

AlternateDataStreams: C:\ProgramData\TEMP:35F7F01D

AlternateDataStreams: C:\ProgramData\TEMP:370A117C

AlternateDataStreams: C:\ProgramData\TEMP:38BFF11F

AlternateDataStreams: C:\ProgramData\TEMP:41D53451

AlternateDataStreams: C:\ProgramData\TEMP:43A7A7AD

AlternateDataStreams: C:\ProgramData\TEMP:452C4003

AlternateDataStreams: C:\ProgramData\TEMP:485A9313

AlternateDataStreams: C:\ProgramData\TEMP:4A7C296A

AlternateDataStreams: C:\ProgramData\TEMP:4AC9B4B7

AlternateDataStreams: C:\ProgramData\TEMP:4C6DC495

AlternateDataStreams: C:\ProgramData\TEMP:4F63029C

AlternateDataStreams: C:\ProgramData\TEMP:50B14AA6

AlternateDataStreams: C:\ProgramData\TEMP:53747726

AlternateDataStreams: C:\ProgramData\TEMP:55EFEB27

AlternateDataStreams: C:\ProgramData\TEMP:569033D0

AlternateDataStreams: C:\ProgramData\TEMP:56EE2CAF

AlternateDataStreams: C:\ProgramData\TEMP:57DC3B52

AlternateDataStreams: C:\ProgramData\TEMP:5A99DEB7

AlternateDataStreams: C:\ProgramData\TEMP:5D59B736

AlternateDataStreams: C:\ProgramData\TEMP:708E3F13

AlternateDataStreams: C:\ProgramData\TEMP:71173EF9

AlternateDataStreams: C:\ProgramData\TEMP:73C7924E

AlternateDataStreams: C:\ProgramData\TEMP:74E00408

AlternateDataStreams: C:\ProgramData\TEMP:77A023CE

AlternateDataStreams: C:\ProgramData\TEMP:78AFAE94

AlternateDataStreams: C:\ProgramData\TEMP:7B0B85D2

AlternateDataStreams: C:\ProgramData\TEMP:7B70C2D6

AlternateDataStreams: C:\ProgramData\TEMP:7C60A173

AlternateDataStreams: C:\ProgramData\TEMP:7D271B34

AlternateDataStreams: C:\ProgramData\TEMP:83E716F0

AlternateDataStreams: C:\ProgramData\TEMP:88E71AC6

AlternateDataStreams: C:\ProgramData\TEMP:8BB2EC84

AlternateDataStreams: C:\ProgramData\TEMP:8D25608D

AlternateDataStreams: C:\ProgramData\TEMP:90FD8AD5

AlternateDataStreams: C:\ProgramData\TEMP:987DED13

AlternateDataStreams: C:\ProgramData\TEMP:98DFF516

AlternateDataStreams: C:\ProgramData\TEMP:9AB15E7A

AlternateDataStreams: C:\ProgramData\TEMP:9AF9C79E

AlternateDataStreams: C:\ProgramData\TEMP:9B27D3A9

AlternateDataStreams: C:\ProgramData\TEMP:A17AFE82

AlternateDataStreams: C:\ProgramData\TEMP:A21E43C2

AlternateDataStreams: C:\ProgramData\TEMP:A25C1F6E

AlternateDataStreams: C:\ProgramData\TEMP:A2CEDFBB

AlternateDataStreams: C:\ProgramData\TEMP:A8C08E7E

AlternateDataStreams: C:\ProgramData\TEMP:AB957E48

AlternateDataStreams: C:\ProgramData\TEMP:AC8ECED1

AlternateDataStreams: C:\ProgramData\TEMP:ACECBBFF

AlternateDataStreams: C:\ProgramData\TEMP:ADE2C1A6

AlternateDataStreams: C:\ProgramData\TEMP:B30D9A49

AlternateDataStreams: C:\ProgramData\TEMP:B3BAC02F

AlternateDataStreams: C:\ProgramData\TEMP:B618BFFE

AlternateDataStreams: C:\ProgramData\TEMP:B7D0D9DB

AlternateDataStreams: C:\ProgramData\TEMP:B8761AAB

AlternateDataStreams: C:\ProgramData\TEMP:BB61BFAF

AlternateDataStreams: C:\ProgramData\TEMP:BB8B6B1E

AlternateDataStreams: C:\ProgramData\TEMP:BE7A0841

AlternateDataStreams: C:\ProgramData\TEMP:C447EE44

AlternateDataStreams: C:\ProgramData\TEMP:C48A983C

AlternateDataStreams: C:\ProgramData\TEMP:C60C6342

AlternateDataStreams: C:\ProgramData\TEMP:C6E49090

AlternateDataStreams: C:\ProgramData\TEMP:C7F04040

AlternateDataStreams: C:\ProgramData\TEMP:CCC4018A

AlternateDataStreams: C:\ProgramData\TEMP:CF6A6C8A

AlternateDataStreams: C:\ProgramData\TEMP:CFF21EA7

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

AlternateDataStreams: C:\ProgramData\TEMP:D1BCFD4A

AlternateDataStreams: C:\ProgramData\TEMP:D35663D1

AlternateDataStreams: C:\ProgramData\TEMP:D3D507A6

AlternateDataStreams: C:\ProgramData\TEMP:D41AB8D0

AlternateDataStreams: C:\ProgramData\TEMP:D68FBF6D

AlternateDataStreams: C:\ProgramData\TEMP:D751C674

AlternateDataStreams: C:\ProgramData\TEMP:D853F961

AlternateDataStreams: C:\ProgramData\TEMP:DB8ED159

AlternateDataStreams: C:\ProgramData\TEMP:E51234A9

AlternateDataStreams: C:\ProgramData\TEMP:E8B5993B

AlternateDataStreams: C:\ProgramData\TEMP:EB6CB455

AlternateDataStreams: C:\ProgramData\TEMP:EFEF58CC

AlternateDataStreams: C:\ProgramData\TEMP:F0A3E54E

AlternateDataStreams: C:\ProgramData\TEMP:F1E651F6

AlternateDataStreams: C:\ProgramData\TEMP:F216755A

AlternateDataStreams: C:\ProgramData\TEMP:F28885DF

AlternateDataStreams: C:\ProgramData\TEMP:F321F01E

AlternateDataStreams: C:\ProgramData\TEMP:F4F4A435

AlternateDataStreams: C:\ProgramData\TEMP:F568DD7B

AlternateDataStreams: C:\ProgramData\TEMP:F57D2F43

AlternateDataStreams: C:\Users\Wayne\Downloads\KRAB.jpeg:Roxio EMC Stream

AlternateDataStreams: C:\Users\Wayne\Downloads\noname.eml:OECustomProperty

AlternateDataStreams: C:\Users\Wayne\Downloads\photo.JPG:Roxio EMC Stream

AlternateDataStreams: C:\Users\Wayne\Downloads\the Pharmacist.eml:OECustomProperty

AlternateDataStreams: C:\Users\Wayne\Downloads\_ FW_ EMAIL NUMBER 1 of 2_ China opens record breaking 4,000 ft long bridge_.eml:OECustomProperty

AlternateDataStreams: C:\Users\Wayne\Documents\ING Direct.eml:OECustomProperty

AlternateDataStreams: C:\Users\Wayne\Documents\Marina Operators Legal Liability.eml:OECustomProperty

AlternateDataStreams: C:\Users\Wayne\Documents\problemepsychiatriquelepitou.mpeg:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "DisplayName"="HandsFree Client"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ErrorControl"="1"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ImagePath"="C:\Program Files (x86)\HandsFree\Client\srvc.exe"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ObjectName"="LocalSystem"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "Start"="2"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "Type"="272"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client\Parameters => "Application"="C:\Program Files (x86)\HandsFree\Client\srvc.exe"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client\Parameters => "AppParameters"=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "DisplayName"="HFN Client"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "ErrorControl"="1"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "ImagePath"="C:\Program Files (x86)\HFN\Client\srvc.exe"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "ObjectName"="LocalSystem"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "Start"="2"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "Type"="272"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client\Parameters => "Application"="C:\Program Files (x86)\HFN\Client\srvc.exe"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client\Parameters => "AppParameters"=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk => C:\Windows\pss\Dell Remote Access.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Wayne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

MSCONFIG\startupreg: CAHeadless => c:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe

MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE

MSCONFIG\startupreg: HandsFreeCApp => C:\Program Files (x86)\HandsFree\Client\capp.exe -r

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

MSCONFIG\startupreg: {0228e555-4f9c-4e35-a3ec-b109a192b4c2} => C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2537701294-2937390200-3866314920-500 - Administrator - Disabled)

Guest (S-1-5-21-2537701294-2937390200-3866314920-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2537701294-2937390200-3866314920-1002 - Limited - Enabled)

Wayne (S-1-5-21-2537701294-2937390200-3866314920-1000 - Administrator - Enabled) => C:\Users\Wayne

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

System errors:

=============

Error: (12/18/2014 09:58:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

RxFilter

Error: (12/18/2014 09:57:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Garmin Core Update Service service failed to start due to the following error:

%%1053

Error: (12/18/2014 09:57:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (12/18/2014 08:06:23 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}

Error: (12/18/2014 05:21:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

RxFilter

Microsoft Office Sessions:

=========================

Error: (11/28/2014 02:07:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 931 seconds with 900 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:

===================================

Date: 2012-12-31 09:09:45.687

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-31 09:09:45.609

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz

Percentage of memory in use: 30%

Total physical RAM: 9206.99 MB

Available physical RAM: 6393.06 MB

Total Pagefile: 18412.16 MB

Available Pagefile: 15382.96 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.35 GB) (Free:738.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C796C701)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=15.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014

Ran by Wayne (administrator) on WAYNE-PC on 19-12-2014 08:45:26

Running from C:\Users\Wayne\Downloads

Loaded Profile: Wayne (Available profiles: Wayne)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(AMD) C:\WINDOWS\System32\atiesrxx.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(AMD) C:\WINDOWS\System32\atieclxx.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(Creative Technology Ltd) C:\WINDOWS\SysWOW64\Ctxfihlp.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(Creative Technology Ltd) C:\WINDOWS\SysWOW64\CTxfispi.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe

(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe

() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Wayne\Downloads\FRST64 (7).exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)

HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\RunOnce: [Adobe Speed Launcher] => 1418968688

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk

ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome

HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

SearchScopes: HKLM -> {ED2F724C-8FEE-4F8A-87E6-10678B5D6E07} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> No File

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mah%20Jong%20Medley/Images/stg_drm.ocx

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab

DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB

DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab

DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15118/CTPID.cab

Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF Plugin HKU\S-1-5-21-2537701294-2937390200-3866314920-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Wayne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:

=======

CHR StartupUrls: Default -> "https://www.google.c...v=210&ie=UTF-8"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (BlackBerry AppWorld) - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Unity Player) - C:\Users\Wayne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File

CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Profile: C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-08]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09]

CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]

CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]

CHR Extension: (Google Wallet) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]

CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)

R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-04-01] (Creative Labs) [File not signed]

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-04-01] (Creative Labs) [File not signed]

R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-11-21] (IBM Corp.)

R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7138664 2014-12-02] (Reimage®)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)

S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [66360 2012-08-22] (Trend Micro Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-18] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [41272 2011-12-30] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)

R1 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2014-12-08] ()

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-11-21] (IBM Corp.)

R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-11-21] (IBM Corp.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-11-21] (IBM Corp.)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)

R3 cpuz134; \??\C:\Users\Wayne\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 08:44 - 2014-12-19 08:44 - 02121216 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (7).exe

2014-12-19 08:43 - 2014-12-19 08:43 - 00025329 _____ () C:\Users\Wayne\Desktop\farbar.htm

2014-12-19 08:36 - 2014-12-19 08:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (4).exe

2014-12-19 08:29 - 2014-12-19 08:29 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (3).exe

2014-12-19 08:28 - 2014-12-19 08:28 - 02121216 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (6).exe

2014-12-19 08:21 - 2014-12-19 08:21 - 00000000 ____D () C:\Users\Wayne\AppData\Local\{058E263E-A8CB-4229-B72F-8B88498BE914}

2014-12-19 07:14 - 2014-12-19 08:30 - 00003434 _____ () C:\Windows\System32\Tasks\Reimage Reminder

2014-12-19 07:13 - 2014-12-19 07:13 - 00004274 _____ () C:\Windows\System32\Tasks\ReimageUpdater

2014-12-19 07:13 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Reimage Protector

2014-12-19 07:08 - 2014-12-19 08:30 - 00000000 ____D () C:\rei

2014-12-19 07:08 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair

2014-12-19 07:08 - 2014-12-19 07:13 - 00000000 ____D () C:\Program Files\Reimage

2014-12-19 07:08 - 2014-12-19 07:08 - 00001903 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk

2014-12-19 07:07 - 2014-12-19 08:36 - 00000165 _____ () C:\Windows\Reimage.ini

2014-12-19 07:07 - 2014-12-19 07:07 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (2).exe

2014-12-19 07:06 - 2014-12-19 07:07 - 02121216 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (5).exe

2014-12-19 07:01 - 2014-12-19 07:01 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (1).exe

2014-12-19 07:00 - 2014-12-19 07:00 - 02121216 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (4).exe

2014-12-18 20:37 - 2014-12-18 20:37 - 00000437 _____ () C:\Users\Wayne\Desktop\Estscan.txt

2014-12-18 20:04 - 2014-12-18 20:04 - 00000000 __SHD () C:\Users\Wayne\AppData\Local\EmieBrowserModeList

2014-12-18 17:39 - 2014-12-18 17:39 - 00073085 _____ () C:\Users\Wayne\Desktop\malware.txt

2014-12-18 17:02 - 2014-12-18 21:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-18 17:01 - 2014-12-18 17:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-18 17:01 - 2014-12-18 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-18 17:01 - 2014-12-18 17:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-18 17:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-18 17:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-18 17:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-18 17:00 - 2014-12-18 17:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Wayne\Downloads\mbam-setup-2.0.4.1028.exe

2014-12-18 16:55 - 2014-12-18 16:55 - 00005854 _____ () C:\Users\Wayne\Desktop\JRT.txt

2014-12-18 16:37 - 2014-12-18 16:41 - 00000000 ____D () C:\AdwCleaner

2014-12-18 16:36 - 2014-12-18 16:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair.exe

2014-12-18 16:35 - 2014-12-18 16:36 - 02166272 _____ () C:\Users\Wayne\Downloads\AdwCleaner.exe

2014-12-18 16:23 - 2014-12-18 16:23 - 00016963 _____ () C:\Users\Wayne\Desktop\malware bytes A.htm

2014-12-18 16:22 - 2014-12-18 16:22 - 01707646 _____ (Thisisu) C:\Users\Wayne\Desktop\junkware.exe

2014-12-18 16:21 - 2014-12-18 16:21 - 00028986 _____ () C:\Users\Wayne\Desktop\adwarecleaner v3.htm

2014-12-17 19:03 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-17 19:03 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-16 12:15 - 2014-12-16 16:15 - 00007456 _____ () C:\Users\Wayne\Desktop\SystemLook.txt

2014-12-16 12:13 - 2014-12-16 12:13 - 00165376 _____ () C:\Users\Wayne\Downloads\SystemLook_x64.exe

2014-12-16 12:13 - 2014-12-16 12:13 - 00165376 _____ () C:\Users\Wayne\Desktop\SystemLook_x64.exe

2014-12-15 20:17 - 2014-12-15 20:17 - 03149590 _____ () C:\Users\Wayne\Documents\screenshot.nfo

2014-12-15 17:40 - 2014-12-15 17:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2014-12-15 17:34 - 2014-12-15 17:36 - 122418480 _____ (Apple Inc.) C:\Users\Wayne\Downloads\iTunes64Setup.exe

2014-12-14 15:26 - 2014-12-17 10:25 - 00044894 _____ () C:\Users\Wayne\Desktop\sfcdetails.txt

2014-12-10 06:30 - 2014-12-10 06:30 - 02119680 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (3).exe

2014-12-10 06:26 - 2014-12-10 06:26 - 00000512 _____ () C:\Users\Wayne\Desktop\MBR.dat

2014-12-10 06:12 - 2014-12-10 06:12 - 00025317 _____ () C:\Users\Wayne\Desktop\download.htm

2014-12-10 06:11 - 2014-12-10 06:11 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Desktop\aswMBR (1).exe

2014-12-10 06:10 - 2014-12-10 06:10 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (4).exe

2014-12-10 03:23 - 2014-12-10 03:23 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-10 03:02 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-10 03:02 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 03:02 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-10 03:02 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-10 03:02 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-10 03:02 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-10 03:02 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-10 03:02 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-10 03:02 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-10 03:02 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-09 23:05 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-09 23:05 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-09 23:05 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-09 23:05 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-09 23:05 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-09 23:05 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-09 23:05 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-09 23:05 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-09 23:05 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-09 23:05 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-09 23:05 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-09 23:05 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-09 23:05 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-09 23:05 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-09 23:05 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-09 23:05 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-09 23:05 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-09 23:05 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-09 23:05 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-09 23:05 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-09 23:05 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-09 23:05 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-09 23:05 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-09 23:05 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-09 23:05 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-09 23:05 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-09 23:05 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-09 23:05 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-09 23:05 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-09 23:05 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-09 23:05 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-09 23:05 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-09 23:05 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-09 23:05 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-09 23:05 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-09 23:05 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-09 23:05 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-09 23:05 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-09 23:05 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-09 23:05 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-09 23:05 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-09 23:05 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-09 23:05 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-09 23:05 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-09 23:05 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-09 23:05 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-09 23:05 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-09 23:05 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-09 23:05 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-09 23:05 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-09 23:05 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-09 23:05 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-09 23:05 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-09 23:05 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-09 23:05 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-09 23:05 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-09 23:04 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-09 23:04 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-09 23:04 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-09 23:04 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-09 23:04 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-09 23:04 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-09 23:04 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-09 23:04 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-09 23:04 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-09 23:04 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-09 23:04 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-09 23:04 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-09 23:04 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-09 23:04 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-09 23:04 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-09 23:04 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-09 23:04 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-09 23:04 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-09 23:04 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-09 23:04 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-09 23:04 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-09 23:04 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-09 23:04 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-08 13:29 - 2014-12-08 13:29 - 00521277 _____ () C:\Users\Wayne\Downloads\fwd10reasonstoplaygolf.zip

2014-12-08 13:26 - 2014-12-08 13:26 - 02298880 _____ () C:\Users\Wayne\Downloads\PLUMBERSTEST.pps

2014-12-03 13:12 - 2014-12-03 13:12 - 00002259 _____ () C:\Users\Wayne\Downloads\little buck.wlmp

2014-11-29 09:31 - 2014-11-29 09:31 - 02117632 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (2).exe

2014-11-29 09:28 - 2014-11-29 09:29 - 00044112 _____ () C:\Users\Wayne\Downloads\Addition.txt

2014-11-29 09:27 - 2014-12-19 08:45 - 00022989 _____ () C:\Users\Wayne\Downloads\FRST.txt

2014-11-29 09:27 - 2014-12-19 08:45 - 00000000 ____D () C:\FRST

2014-11-29 09:26 - 2014-11-29 09:26 - 02117632 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (1).exe

2014-11-29 09:24 - 2014-11-29 09:24 - 02117632 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64.exe

2014-11-29 08:36 - 2014-11-29 08:37 - 00274832 _____ () C:\Windows\Minidump\112914-51355-01.dmp

2014-11-29 08:21 - 2014-11-29 08:21 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Desktop\aswMBR.exe

2014-11-29 08:20 - 2014-11-29 08:20 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (3).exe

2014-11-29 08:20 - 2014-11-29 08:20 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (2).exe

2014-11-29 08:16 - 2014-11-29 08:16 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (1).exe

2014-11-29 08:15 - 2014-11-29 08:16 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR.exe

2014-11-28 13:45 - 2014-11-28 13:45 - 00041759 _____ () C:\Users\Wayne\Downloads\Costco deals (1).htm

2014-11-28 12:38 - 2014-11-28 14:25 - 00000000 ____D () C:\Users\Wayne\Documents\Cristines Letters

2014-11-24 17:13 - 2014-11-24 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-11-24 17:11 - 2014-12-15 17:40 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-11-24 17:11 - 2014-12-15 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-11-24 17:10 - 2014-11-24 17:11 - 00000000 ____D () C:\Program Files\iTunes

2014-11-24 17:10 - 2014-11-24 17:11 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-11-24 17:10 - 2014-11-24 17:10 - 00000000 ____D () C:\Program Files\iPod

2014-11-24 16:59 - 2014-11-24 17:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-11-24 16:59 - 2014-11-24 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-11-24 16:53 - 2014-11-24 16:53 - 00000000 ____D () C:\Windows\System32\Tasks\Apple

2014-11-21 14:47 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-21 14:47 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-21 14:47 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-11-21 14:47 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-11-21 14:35 - 2014-11-21 14:35 - 00262144 _____ () C:\Windows\Minidump\112114-59217-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 08:36 - 2010-11-24 14:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-19 08:18 - 2010-06-10 16:35 - 00286720 ___SH () C:\Users\Wayne\Desktop\Thumbs.db

2014-12-19 08:17 - 2013-10-28 07:39 - 05696512 ___SH () C:\Users\Wayne\Downloads\Thumbs.db

2014-12-19 07:56 - 2014-05-02 14:26 - 00000000 ____D () C:\ProgramData\MFAData

2014-12-19 03:00 - 2011-01-03 13:24 - 01646275 _____ () C:\Windows\WindowsUpdate.log

2014-12-18 22:05 - 2009-07-13 20:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-18 22:05 - 2009-07-13 20:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-18 22:02 - 2009-07-13 21:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-18 21:58 - 2010-11-24 14:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-18 21:57 - 2011-02-10 16:26 - 00907834 _____ () C:\Windows\PFRO.log

2014-12-18 21:57 - 2011-02-10 12:00 - 00109244 _____ () C:\Windows\setupact.log

2014-12-18 21:57 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-18 17:01 - 2011-01-03 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-17 10:54 - 2013-01-24 09:22 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\ZoomBrowser EX

2014-12-16 16:39 - 2012-10-18 09:28 - 00000000 ____D () C:\Users\Wayne\Documents\MY New Scans

2014-12-15 20:39 - 2010-06-10 16:35 - 01326592 ___SH () C:\Users\Wayne\Documents\Thumbs.db

2014-12-15 20:32 - 2010-06-10 16:35 - 01795072 _____ () C:\Users\Wayne\Documents\contacts.pst

2014-12-14 14:56 - 2012-11-07 06:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-10 03:23 - 2014-05-09 14:24 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-10 03:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-10 03:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-10 03:08 - 2010-04-01 21:16 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-10 03:07 - 2013-07-22 02:00 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-10 03:03 - 2010-06-10 22:18 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-08 16:46 - 2013-08-23 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2014-11-30 15:25 - 2010-12-10 07:52 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Apple Computer

2014-11-29 08:36 - 2011-02-27 13:10 - 751512204 _____ () C:\Windows\MEMORY.DMP

2014-11-29 08:36 - 2011-02-27 13:10 - 00000000 ____D () C:\Windows\Minidump

2014-11-24 17:10 - 2010-12-10 07:51 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-11-24 17:09 - 2014-07-13 05:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-11-24 16:53 - 2010-12-10 07:51 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2014-11-21 14:45 - 2014-05-22 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-11-21 14:43 - 2014-05-02 15:46 - 00000000 ____D () C:\Users\Wayne\AppData\Local\AVG

2014-11-21 00:30 - 2011-02-26 06:53 - 00534104 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys

Some content of TEMP:

====================

C:\Users\Wayne\AppData\Local\Temp\DseShExt-x64.dll

C:\Users\Wayne\AppData\Local\Temp\DseShExt-x86.dll

C:\Users\Wayne\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Wayne\AppData\Local\Temp\Quarantine.exe

C:\Users\Wayne\AppData\Local\Temp\ReimagePackage.exe

C:\Users\Wayne\AppData\Local\Temp\SDShelEx-win32.dll

C:\Users\Wayne\AppData\Local\Temp\SDShelEx-x64.dll

C:\Users\Wayne\AppData\Local\Temp\sqlite3.dll

C:\Users\Wayne\AppData\Local\Temp\sqlite3.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2010-12-27 21:01

==================== End Of Log ============================

computer seems to be running OK. not so sure about the operator. Sorry about the multiple posts.

#33 OCD

SuperHelper

Malware Team
5,574 posts

Posted 19 December 2014 - 08:37 PM

Hi ENYAW22,

You appear to be downloading a new copy of FRST each time I ask you to run a scan. This is not necessary, only one copy is needed. Also, please do not install any new software until we have completed the malware removal process. It is OK to get windows and security software updates during the process.

Here is some information about Reimage and why you should remove it. If after reading the information you still choose to keep it installed, skip the steps below and let me know. Then we will do some clean up and send you on your way.

Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

Reimage Repair

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Start
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.1 - Reimage) <==== ATTENTION
Task: {85E0DBC6-CC69-429D-AB20-2D800774C35A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-12-11] () <==== ATTENTION
Task: {AC82A75D-5B34-4C7E-816F-767F6A2F27E4} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-02] (Reimage®) <==== ATTENTION
2014-12-02 03:50 - 2014-12-02 03:50 - 06745440 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7138664 2014-12-02] (Reimage®)
2014-12-19 07:14 - 2014-12-19 08:30 - 00003434 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2014-12-19 07:13 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-12-19 07:08 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} ->  No File
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path
2014-12-19 08:36 - 2014-12-19 08:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (4).exe
2014-12-19 08:29 - 2014-12-19 08:29 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (3).exe
2014-12-19 07:07 - 2014-12-19 07:07 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (2).exe
2014-12-19 07:01 - 2014-12-19 07:01 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (1).exe
2014-12-18 16:36 - 2014-12-18 16:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair.exe
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

Reboot

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

Fixlog.txt
new FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#34 ENYAW22

Authentic Member

Authentic Member
47 posts

Posted 20 December 2014 - 02:14 PM

I suspect that I am to copy the saved text into FARBAR. but it is unclear so I will wait till I hear from you.The reimage must have downloaded when I pressed the wrong start in Farbar.

#35 OCD

SuperHelper

Malware Team
5,574 posts

Posted 20 December 2014 - 09:39 PM

I suspect that I am to copy the saved text into FARBAR. but it is unclear so I will wait till I hear from you.The reimage must have downloaded when I pressed the wrong start in Farbar.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Start
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.1 - Reimage) <==== ATTENTION
Task: {85E0DBC6-CC69-429D-AB20-2D800774C35A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-12-11] () <==== ATTENTION
Task: {AC82A75D-5B34-4C7E-816F-767F6A2F27E4} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-02] (Reimage®) <==== ATTENTION
2014-12-02 03:50 - 2014-12-02 03:50 - 06745440 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7138664 2014-12-02] (Reimage®)
2014-12-19 07:14 - 2014-12-19 08:30 - 00003434 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2014-12-19 07:13 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-12-19 07:08 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} ->  No File
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path
2014-12-19 08:36 - 2014-12-19 08:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (4).exe
2014-12-19 08:29 - 2014-12-19 08:29 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (3).exe
2014-12-19 07:07 - 2014-12-19 07:07 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (2).exe
2014-12-19 07:01 - 2014-12-19 07:01 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (1).exe
2014-12-18 16:36 - 2014-12-18 16:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair.exe
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

Run the FRST fix, reboot then run a new scan with FRST.

In your next reply:

Fixlog.txt
New FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#36 ENYAW22

Authentic Member

Authentic Member
47 posts

Posted 21 December 2014 - 09:42 AM

I have tried many times to do as you directed to run FRST with the command copied to notepad with the same results. when I press Fix a box opens up and says"no fixlist found".

#37 OCD

SuperHelper

Malware Team
5,574 posts

Posted 21 December 2014 - 09:50 AM

I have tried many times to do as you directed to run FRST with the command copied to notepad with the same results. when I press Fix a box opens up and says"no fixlist found".

You are running FRST from the Downloads folder.

In order for the fix script to work, the program and the script MUST be in the same directory. In the beginning I requested that you save all programs to the desktop for this reason.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Wayne (administrator) on WAYNE-PC on 19-12-2014 08:45:26
Running from C:\Users\Wayne\Downloads
Loaded Profile: Wayne (Available profiles: Wayne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

You need to move the program to the desktop and retry the step.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#38 ENYAW22

Authentic Member

Authentic Member
47 posts

Posted 21 December 2014 - 11:27 AM

It works fiFix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014 01

Ran by Wayne at 2014-12-21 08:37:52 Run:1

Running from C:\Users\Wayne\Desktop

Loaded Profile: Wayne (Available profiles: Wayne)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.1 - Reimage) <==== ATTENTION

Task: {85E0DBC6-CC69-429D-AB20-2D800774C35A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-12-11] () <==== ATTENTION

Task: {AC82A75D-5B34-4C7E-816F-767F6A2F27E4} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-02] (Reimage®) <==== ATTENTION

2014-12-02 03:50 - 2014-12-02 03:50 - 06745440 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe

(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe

() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe

R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7138664 2014-12-02] (Reimage®)

2014-12-19 07:14 - 2014-12-19 08:30 - 00003434 _____ ()

C:\Windows\System32\Tasks\Reimage Reminder