Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer locking up constantly and turning screen to "fuzz" [S


  • This topic is locked This topic is locked
44 replies to this topic

#31 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 December 2014 - 01:05 AM

Hi ENYAW22,

Please wait to post your reply until you have all the requested logs available and ready to post. When you post them as they are done I get a seperate notification for each reply, but I cannot make an evaluation and a new reply until ALL the logs have been submitted.

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • FRST.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#32 ENYAW22

ENYAW22

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 19 December 2014 - 11:02 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Wayne at 2014-12-19 08:46:14
Running from C:\Users\Wayne\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.2.152.26 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version:  - ArcSoft)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.1209.2334 - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4794 - AVG Technologies)
AVG 2014 (Version: 14.0.4253 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden
Bejeweled 2 (HKLM-x32\...\Bejeweled 2) (Version:  - Spintop Media, Inc)
BlackBerry App World Browser Plugin (HKLM-x32\...\{CF3A3816-7E48-4556-8614-654377EDE1B5}) (Version: 2.1.3 - Research In Motion Limited)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Manager 6.0 (HKLM-x32\...\BlackBerry_{4080C564-7174-4CE4-B0F3-2C75D6ECB134}) (Version: 6.0.0.40 - Research In Motion Ltd.)
BlackBerry Device Manager 6.0 (x32 Version: 6.0.0.40 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd)
BlackBerry v4.2.2 for the 8320 Series Wireless Handheld (HKLM-x32\...\{844DA731-B8B0-4581-AF3C-5158CC16897E}) (Version: 4.2.2.184 (Platform 2.5.0.40) - Research In Motion Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon PowerShot SX150 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
ccc-core-static (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.2.10148.2 - Cisco Consumer Products LLC)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.34 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.3.0.0 - Dell Inc.)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
Dream Chronicles - The Book of Air - Collector's Edition (HKLM-x32\...\Dream Chronicles - The Book of Air - Collector's Edition) (Version:  - Spintop Media, Inc)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
Escape Whisper Valley (HKLM-x32\...\Escape Whisper Valley) (Version:  - Spintop Media, Inc)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Gardenscapes (HKLM-x32\...\Gardenscapes) (Version:  - Spintop Media, Inc)
Garmin BaseCamp (HKLM-x32\...\{F487FEEC-AE9F-4E68-82F2-300F49A8C435}) (Version: 4.2.2 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin nRoute - City Navigator North America v8 (HKLM-x32\...\{4D919200-A01C-4873-BADE-BA68FFB9D237}) (Version: 2.6.1.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version:  - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 Basic Device Software (HKLM\...\{AEC699FC-F916-46A0-B15E-70EF1534AE93}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6600 Help (HKLM-x32\...\{C818BA3A-226F-4ED0-9CEF-96A0DF300211}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mah Jong Medley (HKLM-x32\...\Mah Jong Medley) (Version:  - Spintop Media, Inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MapSource - Topo Canada v2 (HKLM-x32\...\InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673}) (Version: 2.00 - Garmin Ltd. and its subsidiaries)
MapSource - Topo Canada v2 (x32 Version: 2.00 - Garmin Ltd. and its subsidiaries) Hidden
MapSource - Trip & Waypoint Manager v2 (HKLM-x32\...\InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}) (Version: 2.00 - Garmin Ltd. and its subsidiaries)
MapSource - Trip & Waypoint Manager v2 (x32 Version: 2.00 - Garmin Ltd. and its subsidiaries) Hidden
MapSource (HKLM-x32\...\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}) (Version: 5.4 - Garmin Ltd. and its subsidiaries)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Monitor Webcam Driver (1.01.02.0804)   (HKLM\...\Creative OA002) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (HKLM-x32\...\Mystery P.I. - The London Caper) (Version:  - Spintop Media, Inc)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OVT Scanner (HKLM-x32\...\{A746CE98-A755-4AD7-B4B8-346DC74CDECD}) (Version: 1.00.0000 - OVT)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
Plants vs. Zombies - Game of the Year Edition (HKLM-x32\...\Plants vs. Zombies - Game of the Year Edition) (Version:  - Spintop Media, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (Version: 3.5.1205.18 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1404.34 - Trusteer) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.1 - Reimage) <==== ATTENTION
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skins (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.34 - Trusteer)
Unity Web Player (HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.2 - Nikon)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
08-12-2014 16:45:29 Installed Rapport
10-12-2014 03:00:21 Windows Update
14-12-2014 15:45:26 Windows Update
18-12-2014 03:00:30 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2012-12-31 09:10 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04C17A15-B949-4452-AAC7-2D31762F14ED} - System32\Tasks\{5F4E802B-B9EF-4514-8171-9C2DFA564BF2} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {2649B338-E0BB-4EF8-8877-842AC21509C1} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {4AC892F9-B506-4419-9878-0786907A3EB4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {71331576-5564-4708-9D78-063C6A617174} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {74EA848F-5D00-4CF4-A967-F5D27240FB47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {85E0DBC6-CC69-429D-AB20-2D800774C35A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-12-11] () <==== ATTENTION
Task: {AC82A75D-5B34-4C7E-816F-767F6A2F27E4} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-02] (Reimage®) <==== ATTENTION
Task: {AD1DBE74-2369-4B03-BFD4-82DCA44E4731} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {CE411EE3-2200-43EF-930E-9777058FEEE2} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {D48F3F12-AFD2-4337-9870-FAFC68BD33FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D6B75BB6-F568-4725-A949-B89DCA7F7027} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
Task: {FC876EFF-CB9A-4B79-90BB-40A74747C18E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2537701294-2937390200-3866314920-1000
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-02 03:50 - 2014-12-02 03:50 - 06745440 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2010-07-07 11:33 - 2010-07-07 11:33 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2010-04-01 21:19 - 2010-07-21 07:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-04-01 21:19 - 2010-07-21 07:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-04-01 21:19 - 2010-07-21 07:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-04-01 21:12 - 2009-06-29 09:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-12-14 15:37 - 2014-12-05 17:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-14 15:37 - 2014-12-05 17:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-14 15:37 - 2014-12-05 17:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-14 15:37 - 2014-12-05 17:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-14 15:37 - 2014-12-05 17:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:026B76F2
AlternateDataStreams: C:\ProgramData\TEMP:04107365
AlternateDataStreams: C:\ProgramData\TEMP:0441DB7A
AlternateDataStreams: C:\ProgramData\TEMP:04FDFCF6
AlternateDataStreams: C:\ProgramData\TEMP:0AC32449
AlternateDataStreams: C:\ProgramData\TEMP:117354E5
AlternateDataStreams: C:\ProgramData\TEMP:12B6A5EC
AlternateDataStreams: C:\ProgramData\TEMP:14859C24
AlternateDataStreams: C:\ProgramData\TEMP:157D4840
AlternateDataStreams: C:\ProgramData\TEMP:16ED1DDB
AlternateDataStreams: C:\ProgramData\TEMP:178D4338
AlternateDataStreams: C:\ProgramData\TEMP:1ED30878
AlternateDataStreams: C:\ProgramData\TEMP:2032CC2B
AlternateDataStreams: C:\ProgramData\TEMP:20767002
AlternateDataStreams: C:\ProgramData\TEMP:21F1378A
AlternateDataStreams: C:\ProgramData\TEMP:239CC213
AlternateDataStreams: C:\ProgramData\TEMP:2A6414DE
AlternateDataStreams: C:\ProgramData\TEMP:2D09AB80
AlternateDataStreams: C:\ProgramData\TEMP:2D7D575C
AlternateDataStreams: C:\ProgramData\TEMP:304D2C3C
AlternateDataStreams: C:\ProgramData\TEMP:32A38B26
AlternateDataStreams: C:\ProgramData\TEMP:3325D6E9
AlternateDataStreams: C:\ProgramData\TEMP:3477DE06
AlternateDataStreams: C:\ProgramData\TEMP:359163DE
AlternateDataStreams: C:\ProgramData\TEMP:35F7F01D
AlternateDataStreams: C:\ProgramData\TEMP:370A117C
AlternateDataStreams: C:\ProgramData\TEMP:38BFF11F
AlternateDataStreams: C:\ProgramData\TEMP:41D53451
AlternateDataStreams: C:\ProgramData\TEMP:43A7A7AD
AlternateDataStreams: C:\ProgramData\TEMP:452C4003
AlternateDataStreams: C:\ProgramData\TEMP:485A9313
AlternateDataStreams: C:\ProgramData\TEMP:4A7C296A
AlternateDataStreams: C:\ProgramData\TEMP:4AC9B4B7
AlternateDataStreams: C:\ProgramData\TEMP:4C6DC495
AlternateDataStreams: C:\ProgramData\TEMP:4F63029C
AlternateDataStreams: C:\ProgramData\TEMP:50B14AA6
AlternateDataStreams: C:\ProgramData\TEMP:53747726
AlternateDataStreams: C:\ProgramData\TEMP:55EFEB27
AlternateDataStreams: C:\ProgramData\TEMP:569033D0
AlternateDataStreams: C:\ProgramData\TEMP:56EE2CAF
AlternateDataStreams: C:\ProgramData\TEMP:57DC3B52
AlternateDataStreams: C:\ProgramData\TEMP:5A99DEB7
AlternateDataStreams: C:\ProgramData\TEMP:5D59B736
AlternateDataStreams: C:\ProgramData\TEMP:708E3F13
AlternateDataStreams: C:\ProgramData\TEMP:71173EF9
AlternateDataStreams: C:\ProgramData\TEMP:73C7924E
AlternateDataStreams: C:\ProgramData\TEMP:74E00408
AlternateDataStreams: C:\ProgramData\TEMP:77A023CE
AlternateDataStreams: C:\ProgramData\TEMP:78AFAE94
AlternateDataStreams: C:\ProgramData\TEMP:7B0B85D2
AlternateDataStreams: C:\ProgramData\TEMP:7B70C2D6
AlternateDataStreams: C:\ProgramData\TEMP:7C60A173
AlternateDataStreams: C:\ProgramData\TEMP:7D271B34
AlternateDataStreams: C:\ProgramData\TEMP:83E716F0
AlternateDataStreams: C:\ProgramData\TEMP:88E71AC6
AlternateDataStreams: C:\ProgramData\TEMP:8BB2EC84
AlternateDataStreams: C:\ProgramData\TEMP:8D25608D
AlternateDataStreams: C:\ProgramData\TEMP:90FD8AD5
AlternateDataStreams: C:\ProgramData\TEMP:987DED13
AlternateDataStreams: C:\ProgramData\TEMP:98DFF516
AlternateDataStreams: C:\ProgramData\TEMP:9AB15E7A
AlternateDataStreams: C:\ProgramData\TEMP:9AF9C79E
AlternateDataStreams: C:\ProgramData\TEMP:9B27D3A9
AlternateDataStreams: C:\ProgramData\TEMP:A17AFE82
AlternateDataStreams: C:\ProgramData\TEMP:A21E43C2
AlternateDataStreams: C:\ProgramData\TEMP:A25C1F6E
AlternateDataStreams: C:\ProgramData\TEMP:A2CEDFBB
AlternateDataStreams: C:\ProgramData\TEMP:A8C08E7E
AlternateDataStreams: C:\ProgramData\TEMP:AB957E48
AlternateDataStreams: C:\ProgramData\TEMP:AC8ECED1
AlternateDataStreams: C:\ProgramData\TEMP:ACECBBFF
AlternateDataStreams: C:\ProgramData\TEMP:ADE2C1A6
AlternateDataStreams: C:\ProgramData\TEMP:B30D9A49
AlternateDataStreams: C:\ProgramData\TEMP:B3BAC02F
AlternateDataStreams: C:\ProgramData\TEMP:B618BFFE
AlternateDataStreams: C:\ProgramData\TEMP:B7D0D9DB
AlternateDataStreams: C:\ProgramData\TEMP:B8761AAB
AlternateDataStreams: C:\ProgramData\TEMP:BB61BFAF
AlternateDataStreams: C:\ProgramData\TEMP:BB8B6B1E
AlternateDataStreams: C:\ProgramData\TEMP:BE7A0841
AlternateDataStreams: C:\ProgramData\TEMP:C447EE44
AlternateDataStreams: C:\ProgramData\TEMP:C48A983C
AlternateDataStreams: C:\ProgramData\TEMP:C60C6342
AlternateDataStreams: C:\ProgramData\TEMP:C6E49090
AlternateDataStreams: C:\ProgramData\TEMP:C7F04040
AlternateDataStreams: C:\ProgramData\TEMP:CCC4018A
AlternateDataStreams: C:\ProgramData\TEMP:CF6A6C8A
AlternateDataStreams: C:\ProgramData\TEMP:CFF21EA7
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D1BCFD4A
AlternateDataStreams: C:\ProgramData\TEMP:D35663D1
AlternateDataStreams: C:\ProgramData\TEMP:D3D507A6
AlternateDataStreams: C:\ProgramData\TEMP:D41AB8D0
AlternateDataStreams: C:\ProgramData\TEMP:D68FBF6D
AlternateDataStreams: C:\ProgramData\TEMP:D751C674
AlternateDataStreams: C:\ProgramData\TEMP:D853F961
AlternateDataStreams: C:\ProgramData\TEMP:DB8ED159
AlternateDataStreams: C:\ProgramData\TEMP:E51234A9
AlternateDataStreams: C:\ProgramData\TEMP:E8B5993B
AlternateDataStreams: C:\ProgramData\TEMP:EB6CB455
AlternateDataStreams: C:\ProgramData\TEMP:EFEF58CC
AlternateDataStreams: C:\ProgramData\TEMP:F0A3E54E
AlternateDataStreams: C:\ProgramData\TEMP:F1E651F6
AlternateDataStreams: C:\ProgramData\TEMP:F216755A
AlternateDataStreams: C:\ProgramData\TEMP:F28885DF
AlternateDataStreams: C:\ProgramData\TEMP:F321F01E
AlternateDataStreams: C:\ProgramData\TEMP:F4F4A435
AlternateDataStreams: C:\ProgramData\TEMP:F568DD7B
AlternateDataStreams: C:\ProgramData\TEMP:F57D2F43
AlternateDataStreams: C:\Users\Wayne\Downloads\KRAB.jpeg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Wayne\Downloads\noname.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wayne\Downloads\photo.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Wayne\Downloads\the Pharmacist.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wayne\Downloads\_ FW_ EMAIL NUMBER 1 of 2_ China opens record breaking 4,000 ft long bridge_.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wayne\Documents\ING Direct.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wayne\Documents\Marina Operators Legal Liability.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wayne\Documents\problemepsychiatriquelepitou.mpeg:TOC.WMV
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "DisplayName"="HandsFree Client"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ImagePath"="C:\Program Files (x86)\HandsFree\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client\Parameters => "Application"="C:\Program Files (x86)\HandsFree\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "DisplayName"="HFN Client"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "ImagePath"="C:\Program Files (x86)\HFN\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client\Parameters => "Application"="C:\Program Files (x86)\HFN\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: gupdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk => C:\Windows\pss\Dell Remote Access.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Wayne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: CAHeadless => c:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: HandsFreeCApp => C:\Program Files (x86)\HandsFree\Client\capp.exe -r
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
MSCONFIG\startupreg: {0228e555-4f9c-4e35-a3ec-b109a192b4c2} => C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2537701294-2937390200-3866314920-500 - Administrator - Disabled)
Guest (S-1-5-21-2537701294-2937390200-3866314920-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2537701294-2937390200-3866314920-1002 - Limited - Enabled)
Wayne (S-1-5-21-2537701294-2937390200-3866314920-1000 - Administrator - Enabled) => C:\Users\Wayne
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (12/18/2014 09:58:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RxFilter
 
Error: (12/18/2014 09:57:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (12/18/2014 09:57:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (12/18/2014 08:06:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}
 
Error: (12/18/2014 05:21:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RxFilter
 
 
Microsoft Office Sessions:
=========================
Error: (11/28/2014 02:07:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 931 seconds with 900 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-12-31 09:09:45.687
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-12-31 09:09:45.609
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 30%
Total physical RAM: 9206.99 MB
Available physical RAM: 6393.06 MB
Total Pagefile: 18412.16 MB
Available Pagefile: 15382.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.35 GB) (Free:738.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C796C701)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Wayne (administrator) on WAYNE-PC on 19-12-2014 08:45:26
Running from C:\Users\Wayne\Downloads
Loaded Profile: Wayne (Available profiles: Wayne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Creative Technology Ltd) C:\WINDOWS\SysWOW64\Ctxfihlp.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Creative Technology Ltd) C:\WINDOWS\SysWOW64\CTxfispi.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Wayne\Downloads\FRST64 (7).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\RunOnce: [Adobe Speed Launcher] => 1418968688
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> {ED2F724C-8FEE-4F8A-87E6-10678B5D6E07} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mah%20Jong%20Medley/Images/stg_drm.ocx
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15118/CTPID.cab
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2537701294-2937390200-3866314920-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Wayne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.c...v=210&ie=UTF-8"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (BlackBerry AppWorld) - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Wayne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09]
CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google Wallet) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-04-01] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-04-01] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-11-21] (IBM Corp.)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7138664 2014-12-02] (Reimage®)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [66360 2012-08-22] (Trend Micro Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [41272 2011-12-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
R1 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2014-12-08] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-11-21] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-11-21] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-11-21] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R3 cpuz134; \??\C:\Users\Wayne\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-19 08:44 - 2014-12-19 08:44 - 02121216 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (7).exe
2014-12-19 08:43 - 2014-12-19 08:43 - 00025329 _____ () C:\Users\Wayne\Desktop\farbar.htm
2014-12-19 08:36 - 2014-12-19 08:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (4).exe
2014-12-19 08:29 - 2014-12-19 08:29 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (3).exe
2014-12-19 08:28 - 2014-12-19 08:28 - 02121216 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (6).exe
2014-12-19 08:21 - 2014-12-19 08:21 - 00000000 ____D () C:\Users\Wayne\AppData\Local\{058E263E-A8CB-4229-B72F-8B88498BE914}
2014-12-19 07:14 - 2014-12-19 08:30 - 00003434 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2014-12-19 07:13 - 2014-12-19 07:13 - 00004274 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2014-12-19 07:13 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-12-19 07:08 - 2014-12-19 08:30 - 00000000 ____D () C:\rei
2014-12-19 07:08 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-12-19 07:08 - 2014-12-19 07:13 - 00000000 ____D () C:\Program Files\Reimage
2014-12-19 07:08 - 2014-12-19 07:08 - 00001903 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2014-12-19 07:07 - 2014-12-19 08:36 - 00000165 _____ () C:\Windows\Reimage.ini
2014-12-19 07:07 - 2014-12-19 07:07 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (2).exe
2014-12-19 07:06 - 2014-12-19 07:07 - 02121216 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (5).exe
2014-12-19 07:01 - 2014-12-19 07:01 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (1).exe
2014-12-19 07:00 - 2014-12-19 07:00 - 02121216 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (4).exe
2014-12-18 20:37 - 2014-12-18 20:37 - 00000437 _____ () C:\Users\Wayne\Desktop\Estscan.txt
2014-12-18 20:04 - 2014-12-18 20:04 - 00000000 __SHD () C:\Users\Wayne\AppData\Local\EmieBrowserModeList
2014-12-18 17:39 - 2014-12-18 17:39 - 00073085 _____ () C:\Users\Wayne\Desktop\malware.txt
2014-12-18 17:02 - 2014-12-18 21:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 17:01 - 2014-12-18 17:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 17:01 - 2014-12-18 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 17:01 - 2014-12-18 17:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 17:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-18 17:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-18 17:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-18 17:00 - 2014-12-18 17:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Wayne\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-18 16:55 - 2014-12-18 16:55 - 00005854 _____ () C:\Users\Wayne\Desktop\JRT.txt
2014-12-18 16:37 - 2014-12-18 16:41 - 00000000 ____D () C:\AdwCleaner
2014-12-18 16:36 - 2014-12-18 16:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair.exe
2014-12-18 16:35 - 2014-12-18 16:36 - 02166272 _____ () C:\Users\Wayne\Downloads\AdwCleaner.exe
2014-12-18 16:23 - 2014-12-18 16:23 - 00016963 _____ () C:\Users\Wayne\Desktop\malware bytes A.htm
2014-12-18 16:22 - 2014-12-18 16:22 - 01707646 _____ (Thisisu) C:\Users\Wayne\Desktop\junkware.exe
2014-12-18 16:21 - 2014-12-18 16:21 - 00028986 _____ () C:\Users\Wayne\Desktop\adwarecleaner v3.htm
2014-12-17 19:03 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 19:03 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 12:15 - 2014-12-16 16:15 - 00007456 _____ () C:\Users\Wayne\Desktop\SystemLook.txt
2014-12-16 12:13 - 2014-12-16 12:13 - 00165376 _____ () C:\Users\Wayne\Downloads\SystemLook_x64.exe
2014-12-16 12:13 - 2014-12-16 12:13 - 00165376 _____ () C:\Users\Wayne\Desktop\SystemLook_x64.exe
2014-12-15 20:17 - 2014-12-15 20:17 - 03149590 _____ () C:\Users\Wayne\Documents\screenshot.nfo
2014-12-15 17:40 - 2014-12-15 17:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-15 17:34 - 2014-12-15 17:36 - 122418480 _____ (Apple Inc.) C:\Users\Wayne\Downloads\iTunes64Setup.exe
2014-12-14 15:26 - 2014-12-17 10:25 - 00044894 _____ () C:\Users\Wayne\Desktop\sfcdetails.txt
2014-12-10 06:30 - 2014-12-10 06:30 - 02119680 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (3).exe
2014-12-10 06:26 - 2014-12-10 06:26 - 00000512 _____ () C:\Users\Wayne\Desktop\MBR.dat
2014-12-10 06:12 - 2014-12-10 06:12 - 00025317 _____ () C:\Users\Wayne\Desktop\download.htm
2014-12-10 06:11 - 2014-12-10 06:11 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Desktop\aswMBR (1).exe
2014-12-10 06:10 - 2014-12-10 06:10 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (4).exe
2014-12-10 03:23 - 2014-12-10 03:23 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:02 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:02 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:02 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 03:02 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 03:02 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 03:02 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 03:02 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 03:02 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 03:02 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 03:02 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 23:05 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 23:05 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 23:05 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 23:05 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 23:05 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 23:05 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 23:05 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 23:05 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 23:05 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 23:05 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 23:05 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 23:05 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 23:05 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 23:05 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 23:05 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 23:05 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 23:05 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 23:05 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 23:05 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 23:05 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 23:05 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 23:05 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 23:05 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 23:05 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 23:05 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 23:05 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 23:05 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 23:05 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 23:05 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 23:05 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 23:05 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 23:05 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 23:05 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 23:05 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 23:05 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 23:05 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 23:05 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 23:05 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 23:05 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 23:05 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 23:05 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 23:05 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 23:05 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 23:05 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 23:05 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 23:05 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 23:05 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 23:05 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 23:05 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 23:05 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 23:04 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 23:04 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 23:04 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 23:04 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 23:04 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 23:04 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 23:04 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 23:04 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 23:04 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 23:04 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 23:04 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 23:04 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 23:04 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 23:04 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 23:04 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 23:04 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 23:04 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 23:04 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 23:04 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 23:04 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 23:04 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 23:04 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 23:04 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 13:29 - 2014-12-08 13:29 - 00521277 _____ () C:\Users\Wayne\Downloads\fwd10reasonstoplaygolf.zip
2014-12-08 13:26 - 2014-12-08 13:26 - 02298880 _____ () C:\Users\Wayne\Downloads\PLUMBERSTEST.pps
2014-12-03 13:12 - 2014-12-03 13:12 - 00002259 _____ () C:\Users\Wayne\Downloads\little buck.wlmp
2014-11-29 09:31 - 2014-11-29 09:31 - 02117632 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (2).exe
2014-11-29 09:28 - 2014-11-29 09:29 - 00044112 _____ () C:\Users\Wayne\Downloads\Addition.txt
2014-11-29 09:27 - 2014-12-19 08:45 - 00022989 _____ () C:\Users\Wayne\Downloads\FRST.txt
2014-11-29 09:27 - 2014-12-19 08:45 - 00000000 ____D () C:\FRST
2014-11-29 09:26 - 2014-11-29 09:26 - 02117632 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (1).exe
2014-11-29 09:24 - 2014-11-29 09:24 - 02117632 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64.exe
2014-11-29 08:36 - 2014-11-29 08:37 - 00274832 _____ () C:\Windows\Minidump\112914-51355-01.dmp
2014-11-29 08:21 - 2014-11-29 08:21 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Desktop\aswMBR.exe
2014-11-29 08:20 - 2014-11-29 08:20 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (3).exe
2014-11-29 08:20 - 2014-11-29 08:20 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (2).exe
2014-11-29 08:16 - 2014-11-29 08:16 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (1).exe
2014-11-29 08:15 - 2014-11-29 08:16 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR.exe
2014-11-28 13:45 - 2014-11-28 13:45 - 00041759 _____ () C:\Users\Wayne\Downloads\Costco deals (1).htm
2014-11-28 12:38 - 2014-11-28 14:25 - 00000000 ____D () C:\Users\Wayne\Documents\Cristines Letters
2014-11-24 17:13 - 2014-11-24 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-24 17:11 - 2014-12-15 17:40 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-24 17:11 - 2014-12-15 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-24 17:10 - 2014-11-24 17:11 - 00000000 ____D () C:\Program Files\iTunes
2014-11-24 17:10 - 2014-11-24 17:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-24 17:10 - 2014-11-24 17:10 - 00000000 ____D () C:\Program Files\iPod
2014-11-24 16:59 - 2014-11-24 17:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-24 16:59 - 2014-11-24 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-24 16:53 - 2014-11-24 16:53 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-11-21 14:47 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-21 14:47 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-21 14:47 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-21 14:47 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-21 14:35 - 2014-11-21 14:35 - 00262144 _____ () C:\Windows\Minidump\112114-59217-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-19 08:36 - 2010-11-24 14:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 08:18 - 2010-06-10 16:35 - 00286720 ___SH () C:\Users\Wayne\Desktop\Thumbs.db
2014-12-19 08:17 - 2013-10-28 07:39 - 05696512 ___SH () C:\Users\Wayne\Downloads\Thumbs.db
2014-12-19 07:56 - 2014-05-02 14:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-19 03:00 - 2011-01-03 13:24 - 01646275 _____ () C:\Windows\WindowsUpdate.log
2014-12-18 22:05 - 2009-07-13 20:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-18 22:05 - 2009-07-13 20:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-18 22:02 - 2009-07-13 21:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-18 21:58 - 2010-11-24 14:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-18 21:57 - 2011-02-10 16:26 - 00907834 _____ () C:\Windows\PFRO.log
2014-12-18 21:57 - 2011-02-10 12:00 - 00109244 _____ () C:\Windows\setupact.log
2014-12-18 21:57 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 17:01 - 2011-01-03 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 10:54 - 2013-01-24 09:22 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\ZoomBrowser EX
2014-12-16 16:39 - 2012-10-18 09:28 - 00000000 ____D () C:\Users\Wayne\Documents\MY New Scans
2014-12-15 20:39 - 2010-06-10 16:35 - 01326592 ___SH () C:\Users\Wayne\Documents\Thumbs.db
2014-12-15 20:32 - 2010-06-10 16:35 - 01795072 _____ () C:\Users\Wayne\Documents\contacts.pst
2014-12-14 14:56 - 2012-11-07 06:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 03:23 - 2014-05-09 14:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:08 - 2010-04-01 21:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:07 - 2013-07-22 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:03 - 2010-06-10 22:18 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-08 16:46 - 2013-08-23 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-11-30 15:25 - 2010-12-10 07:52 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Apple Computer
2014-11-29 08:36 - 2011-02-27 13:10 - 751512204 _____ () C:\Windows\MEMORY.DMP
2014-11-29 08:36 - 2011-02-27 13:10 - 00000000 ____D () C:\Windows\Minidump
2014-11-24 17:10 - 2010-12-10 07:51 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-24 17:09 - 2014-07-13 05:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-24 16:53 - 2010-12-10 07:51 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-21 14:45 - 2014-05-22 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-21 14:43 - 2014-05-02 15:46 - 00000000 ____D () C:\Users\Wayne\AppData\Local\AVG
2014-11-21 00:30 - 2011-02-26 06:53 - 00534104 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
 
Some content of TEMP:
====================
C:\Users\Wayne\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Wayne\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Wayne\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Wayne\AppData\Local\Temp\Quarantine.exe
C:\Users\Wayne\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Wayne\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Wayne\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Wayne\AppData\Local\Temp\sqlite3.dll
C:\Users\Wayne\AppData\Local\Temp\sqlite3.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2010-12-27 21:01
 
==================== End Of Log ============================
 
computer seems to be running OK. not so sure about the operator. Sorry about the multiple posts.  


#33 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 December 2014 - 08:37 PM

Hi ENYAW22,

You appear to be downloading a new copy of FRST each time I ask you to run a scan. This is not necessary, only one copy is needed. Also, please do not install any new software until we have completed the malware removal process. It is OK to get windows and security software updates during the process.

Here is some information about Reimage and why you should remove it. If after reading the information you still choose to keep it installed, skip the steps below and let me know. Then we will do some clean up and send you on your way.

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • Reimage Repair

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt





Start
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.1 - Reimage) <==== ATTENTION
Task: {85E0DBC6-CC69-429D-AB20-2D800774C35A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-12-11] () <==== ATTENTION
Task: {AC82A75D-5B34-4C7E-816F-767F6A2F27E4} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-02] (Reimage®) <==== ATTENTION
2014-12-02 03:50 - 2014-12-02 03:50 - 06745440 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7138664 2014-12-02] (Reimage®)
2014-12-19 07:14 - 2014-12-19 08:30 - 00003434 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2014-12-19 07:13 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-12-19 07:08 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} ->  No File
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path
2014-12-19 08:36 - 2014-12-19 08:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (4).exe
2014-12-19 08:29 - 2014-12-19 08:29 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (3).exe
2014-12-19 07:07 - 2014-12-19 07:07 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (2).exe
2014-12-19 07:01 - 2014-12-19 07:01 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (1).exe
2014-12-18 16:36 - 2014-12-18 16:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair.exe
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

  • Fixlog.txt
  • new FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#34 ENYAW22

ENYAW22

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 20 December 2014 - 02:14 PM

I suspect that I am to copy the saved text into FARBAR. but it is unclear so I will wait till I hear from you.The reimage must have downloaded when I pressed the wrong start in Farbar.



#35 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 December 2014 - 09:39 PM

I suspect that I am to copy the saved text into FARBAR. but it is unclear so I will wait till I hear from you.The reimage must have downloaded when I pressed the wrong start in Farbar.

 
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
Start
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.1 - Reimage) <==== ATTENTION
Task: {85E0DBC6-CC69-429D-AB20-2D800774C35A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-12-11] () <==== ATTENTION
Task: {AC82A75D-5B34-4C7E-816F-767F6A2F27E4} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-02] (Reimage®) <==== ATTENTION
2014-12-02 03:50 - 2014-12-02 03:50 - 06745440 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7138664 2014-12-02] (Reimage®)
2014-12-19 07:14 - 2014-12-19 08:30 - 00003434 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2014-12-19 07:13 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-12-19 07:08 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} ->  No File
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path
2014-12-19 08:36 - 2014-12-19 08:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (4).exe
2014-12-19 08:29 - 2014-12-19 08:29 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (3).exe
2014-12-19 07:07 - 2014-12-19 07:07 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (2).exe
2014-12-19 07:01 - 2014-12-19 07:01 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (1).exe
2014-12-18 16:36 - 2014-12-18 16:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair.exe
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

Run the FRST fix, reboot then run a new scan with FRST.

In your next reply:

Fixlog.txt
New FRST.txt
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#36 ENYAW22

ENYAW22

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 21 December 2014 - 09:42 AM

I have tried many times to do as you directed to run FRST with the command copied to notepad with the same results. when I press Fix a box opens up and says"no fixlist found".



#37 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 December 2014 - 09:50 AM

I have tried many times to do as you directed to run FRST with the command copied to notepad with the same results. when I press Fix a box opens up and says"no fixlist found".

You are running FRST from the Downloads folder.

 

In order for the fix script to work, the program and the script MUST be in the same directory. In the beginning I requested that you save all programs to the desktop for this reason.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Wayne (administrator) on WAYNE-PC on 19-12-2014 08:45:26
Running from C:\Users\Wayne\Downloads
Loaded Profile: Wayne (Available profiles: Wayne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

 

 You need to move the program to the desktop and retry the step.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#38 ENYAW22

ENYAW22

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 21 December 2014 - 11:27 AM

It works fiFix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014 01

Ran by Wayne at 2014-12-21 08:37:52 Run:1
Running from C:\Users\Wayne\Desktop
Loaded Profile: Wayne (Available profiles: Wayne)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.1 - Reimage) <==== ATTENTION
Task: {85E0DBC6-CC69-429D-AB20-2D800774C35A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-12-11] () <==== ATTENTION
Task: {AC82A75D-5B34-4C7E-816F-767F6A2F27E4} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-02] (Reimage®) <==== ATTENTION
2014-12-02 03:50 - 2014-12-02 03:50 - 06745440 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7138664 2014-12-02] (Reimage®)
2014-12-19 07:14 - 2014-12-19 08:30 - 00003434 _____ ()
C:\Windows\System32\Tasks\Reimage Reminder
2014-12-19 07:13 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-12-19 07:08 - 2014-12-19 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} ->  No File
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path
2014-12-19 08:36 - 2014-12-19
08:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (4).exe
2014-12-19 08:29 - 2014-12-19 08:29 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (3).exe
2014-12-19 07:07 - 2014-12-19 07:07 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (2).exe
2014-12-19 07:01 - 2014-12-19 07:01 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (1).exe
2014-12-18 16:36 - 2014-12-18 16:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair.exe
EmptyTemp:
End
*****************
 
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.1 - Reimage) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85E0DBC6-CC69-429D-AB20-2D800774C35A} => Key not found. 
C:\Windows\System32\Tasks\Reimage Reminder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC82A75D-5B34-4C7E-816F-767F6A2F27E4} => Key not found. 
C:\Windows\System32\Tasks\ReimageUpdater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => Key not found. 
"C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe" => File/Directory not found.
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe => No running process found
C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe => No running process found
ReimageRealTimeProtector => Service not found.
"2014-12-19 07:14 - 2014-12-19 08:30 - 00003434 _____ ()" => File/Directory not found.
"C:\Windows\System32\Tasks\Reimage Reminder" => File/Directory not found.
"C:\ProgramData\Reimage Protector" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair" => File/Directory not found.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => Key deleted successfully.
"HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn" => Key deleted successfully.
"2014-12-19 08:36 - 2014-12-19" => File/Directory not found.
08:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (4).exe => Error: No automatic fix found for this entry.
C:\Users\Wayne\Downloads\ReimageRepair (3).exe => Moved successfully.
C:\Users\Wayne\Downloads\ReimageRepair (2).exe => Moved successfully.
C:\Users\Wayne\Downloads\ReimageRepair (1).exe => Moved successfully.
C:\Users\Wayne\Downloads\ReimageRepair.exe => Moved successfully.
EmptyTemp: => Removed 1.4 GB temporary data.Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014 01
Ran by Wayne at 2014-12-21 08:48:27
Running from C:\Users\Wayne\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.2.152.26 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version:  - ArcSoft)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.1209.2334 - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4794 - AVG Technologies)
AVG 2014 (Version: 14.0.4253 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden
Bejeweled 2 (HKLM-x32\...\Bejeweled 2) (Version:  - Spintop Media, Inc)
BlackBerry App World Browser Plugin (HKLM-x32\...\{CF3A3816-7E48-4556-8614-654377EDE1B5}) (Version: 2.1.3 - Research In Motion Limited)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Manager 6.0 (HKLM-x32\...\BlackBerry_{4080C564-7174-4CE4-B0F3-2C75D6ECB134}) (Version: 6.0.0.40 - Research In Motion Ltd.)
BlackBerry Device Manager 6.0 (x32 Version: 6.0.0.40 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd)
BlackBerry v4.2.2 for the 8320 Series Wireless Handheld (HKLM-x32\...\{844DA731-B8B0-4581-AF3C-5158CC16897E}) (Version: 4.2.2.184 (Platform 2.5.0.40) - Research In Motion Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon PowerShot SX150 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
ccc-core-static (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.2.10148.2 - Cisco Consumer Products LLC)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.34 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.3.0.0 - Dell Inc.)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
Dream Chronicles - The Book of Air - Collector's Edition (HKLM-x32\...\Dream Chronicles - The Book of Air - Collector's Edition) (Version:  - Spintop Media, Inc)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
Escape Whisper Valley (HKLM-x32\...\Escape Whisper Valley) (Version:  - Spintop Media, Inc)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Gardenscapes (HKLM-x32\...\Gardenscapes) (Version:  - Spintop Media, Inc)
Garmin BaseCamp (HKLM-x32\...\{F487FEEC-AE9F-4E68-82F2-300F49A8C435}) (Version: 4.2.2 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin nRoute - City Navigator North America v8 (HKLM-x32\...\{4D919200-A01C-4873-BADE-BA68FFB9D237}) (Version: 2.6.1.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version:  - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 Basic Device Software (HKLM\...\{AEC699FC-F916-46A0-B15E-70EF1534AE93}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6600 Help (HKLM-x32\...\{C818BA3A-226F-4ED0-9CEF-96A0DF300211}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mah Jong Medley (HKLM-x32\...\Mah Jong Medley) (Version:  - Spintop Media, Inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MapSource - Topo Canada v2 (HKLM-x32\...\InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673}) (Version: 2.00 - Garmin Ltd. and its subsidiaries)
MapSource - Topo Canada v2 (x32 Version: 2.00 - Garmin Ltd. and its subsidiaries) Hidden
MapSource - Trip & Waypoint Manager v2 (HKLM-x32\...\InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}) (Version: 2.00 - Garmin Ltd. and its subsidiaries)
MapSource - Trip & Waypoint Manager v2 (x32 Version: 2.00 - Garmin Ltd. and its subsidiaries) Hidden
MapSource (HKLM-x32\...\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}) (Version: 5.4 - Garmin Ltd. and its subsidiaries)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Monitor Webcam Driver (1.01.02.0804)   (HKLM\...\Creative OA002) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (HKLM-x32\...\Mystery P.I. - The London Caper) (Version:  - Spintop Media, Inc)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OVT Scanner (HKLM-x32\...\{A746CE98-A755-4AD7-B4B8-346DC74CDECD}) (Version: 1.00.0000 - OVT)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
Plants vs. Zombies - Game of the Year Edition (HKLM-x32\...\Plants vs. Zombies - Game of the Year Edition) (Version:  - Spintop Media, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (Version: 3.5.1205.18 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1404.34 - Trusteer) Hidden
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skins (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.34 - Trusteer)
Unity Web Player (HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.2 - Nikon)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
08-12-2014 16:45:29 Installed Rapport
10-12-2014 03:00:21 Windows Update
14-12-2014 15:45:26 Windows Update
18-12-2014 03:00:30 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2012-12-31 09:10 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04C17A15-B949-4452-AAC7-2D31762F14ED} - System32\Tasks\{5F4E802B-B9EF-4514-8171-9C2DFA564BF2} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {2649B338-E0BB-4EF8-8877-842AC21509C1} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {4AC892F9-B506-4419-9878-0786907A3EB4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {71331576-5564-4708-9D78-063C6A617174} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {74EA848F-5D00-4CF4-A967-F5D27240FB47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {AD1DBE74-2369-4B03-BFD4-82DCA44E4731} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {CE411EE3-2200-43EF-930E-9777058FEEE2} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {D48F3F12-AFD2-4337-9870-FAFC68BD33FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D6B75BB6-F568-4725-A949-B89DCA7F7027} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
Task: {FC876EFF-CB9A-4B79-90BB-40A74747C18E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2537701294-2937390200-3866314920-1000
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2010-07-07 11:33 - 2010-07-07 11:33 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2010-04-01 21:19 - 2010-07-21 07:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-04-01 21:19 - 2010-07-21 07:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-04-01 21:19 - 2010-07-21 07:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-04-01 21:12 - 2009-06-29 09:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:026B76F2
AlternateDataStreams: C:\ProgramData\TEMP:04107365
AlternateDataStreams: C:\ProgramData\TEMP:0441DB7A
AlternateDataStreams: C:\ProgramData\TEMP:04FDFCF6
AlternateDataStreams: C:\ProgramData\TEMP:0AC32449
AlternateDataStreams: C:\ProgramData\TEMP:117354E5
AlternateDataStreams: C:\ProgramData\TEMP:12B6A5EC
AlternateDataStreams: C:\ProgramData\TEMP:14859C24
AlternateDataStreams: C:\ProgramData\TEMP:157D4840
AlternateDataStreams: C:\ProgramData\TEMP:16ED1DDB
AlternateDataStreams: C:\ProgramData\TEMP:178D4338
AlternateDataStreams: C:\ProgramData\TEMP:1ED30878
AlternateDataStreams: C:\ProgramData\TEMP:2032CC2B
AlternateDataStreams: C:\ProgramData\TEMP:20767002
AlternateDataStreams: C:\ProgramData\TEMP:21F1378A
AlternateDataStreams: C:\ProgramData\TEMP:239CC213
AlternateDataStreams: C:\ProgramData\TEMP:2A6414DE
AlternateDataStreams: C:\ProgramData\TEMP:2D09AB80
AlternateDataStreams: C:\ProgramData\TEMP:2D7D575C
AlternateDataStreams: C:\ProgramData\TEMP:304D2C3C
AlternateDataStreams: C:\ProgramData\TEMP:32A38B26
AlternateDataStreams: C:\ProgramData\TEMP:3325D6E9
AlternateDataStreams: C:\ProgramData\TEMP:3477DE06
AlternateDataStreams: C:\ProgramData\TEMP:359163DE
AlternateDataStreams: C:\ProgramData\TEMP:35F7F01D
AlternateDataStreams: C:\ProgramData\TEMP:370A117C
AlternateDataStreams: C:\ProgramData\TEMP:38BFF11F
AlternateDataStreams: C:\ProgramData\TEMP:41D53451
AlternateDataStreams: C:\ProgramData\TEMP:43A7A7AD
AlternateDataStreams: C:\ProgramData\TEMP:452C4003
AlternateDataStreams: C:\ProgramData\TEMP:485A9313
AlternateDataStreams: C:\ProgramData\TEMP:4A7C296A
AlternateDataStreams: C:\ProgramData\TEMP:4AC9B4B7
AlternateDataStreams: C:\ProgramData\TEMP:4C6DC495
AlternateDataStreams: C:\ProgramData\TEMP:4F63029C
AlternateDataStreams: C:\ProgramData\TEMP:50B14AA6
AlternateDataStreams: C:\ProgramData\TEMP:53747726
AlternateDataStreams: C:\ProgramData\TEMP:55EFEB27
AlternateDataStreams: C:\ProgramData\TEMP:569033D0
AlternateDataStreams: C:\ProgramData\TEMP:56EE2CAF
AlternateDataStreams: C:\ProgramData\TEMP:57DC3B52
AlternateDataStreams: C:\ProgramData\TEMP:5A99DEB7
AlternateDataStreams: C:\ProgramData\TEMP:5D59B736
AlternateDataStreams: C:\ProgramData\TEMP:708E3F13
AlternateDataStreams: C:\ProgramData\TEMP:71173EF9
AlternateDataStreams: C:\ProgramData\TEMP:73C7924E
AlternateDataStreams: C:\ProgramData\TEMP:74E00408
AlternateDataStreams: C:\ProgramData\TEMP:77A023CE
AlternateDataStreams: C:\ProgramData\TEMP:78AFAE94
AlternateDataStreams: C:\ProgramData\TEMP:7B0B85D2
AlternateDataStreams: C:\ProgramData\TEMP:7B70C2D6
AlternateDataStreams: C:\ProgramData\TEMP:7C60A173
AlternateDataStreams: C:\ProgramData\TEMP:7D271B34
AlternateDataStreams: C:\ProgramData\TEMP:83E716F0
AlternateDataStreams: C:\ProgramData\TEMP:88E71AC6
AlternateDataStreams: C:\ProgramData\TEMP:8BB2EC84
AlternateDataStreams: C:\ProgramData\TEMP:8D25608D
AlternateDataStreams: C:\ProgramData\TEMP:90FD8AD5
AlternateDataStreams: C:\ProgramData\TEMP:987DED13
AlternateDataStreams: C:\ProgramData\TEMP:98DFF516
AlternateDataStreams: C:\ProgramData\TEMP:9AB15E7A
AlternateDataStreams: C:\ProgramData\TEMP:9AF9C79E
AlternateDataStreams: C:\ProgramData\TEMP:9B27D3A9
AlternateDataStreams: C:\ProgramData\TEMP:A17AFE82
AlternateDataStreams: C:\ProgramData\TEMP:A21E43C2
AlternateDataStreams: C:\ProgramData\TEMP:A25C1F6E
AlternateDataStreams: C:\ProgramData\TEMP:A2CEDFBB
AlternateDataStreams: C:\ProgramData\TEMP:A8C08E7E
AlternateDataStreams: C:\ProgramData\TEMP:AB957E48
AlternateDataStreams: C:\ProgramData\TEMP:AC8ECED1
AlternateDataStreams: C:\ProgramData\TEMP:ACECBBFF
AlternateDataStreams: C:\ProgramData\TEMP:ADE2C1A6
AlternateDataStreams: C:\ProgramData\TEMP:B30D9A49
AlternateDataStreams: C:\ProgramData\TEMP:B3BAC02F
AlternateDataStreams: C:\ProgramData\TEMP:B618BFFE
AlternateDataStreams: C:\ProgramData\TEMP:B7D0D9DB
AlternateDataStreams: C:\ProgramData\TEMP:B8761AAB
AlternateDataStreams: C:\ProgramData\TEMP:BB61BFAF
AlternateDataStreams: C:\ProgramData\TEMP:BB8B6B1E
AlternateDataStreams: C:\ProgramData\TEMP:BE7A0841
AlternateDataStreams: C:\ProgramData\TEMP:C447EE44
AlternateDataStreams: C:\ProgramData\TEMP:C48A983C
AlternateDataStreams: C:\ProgramData\TEMP:C60C6342
AlternateDataStreams: C:\ProgramData\TEMP:C6E49090
AlternateDataStreams: C:\ProgramData\TEMP:C7F04040
AlternateDataStreams: C:\ProgramData\TEMP:CCC4018A
AlternateDataStreams: C:\ProgramData\TEMP:CF6A6C8A
AlternateDataStreams: C:\ProgramData\TEMP:CFF21EA7
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D1BCFD4A
AlternateDataStreams: C:\ProgramData\TEMP:D35663D1
AlternateDataStreams: C:\ProgramData\TEMP:D3D507A6
AlternateDataStreams: C:\ProgramData\TEMP:D41AB8D0
AlternateDataStreams: C:\ProgramData\TEMP:D68FBF6D
AlternateDataStreams: C:\ProgramData\TEMP:D751C674
AlternateDataStreams: C:\ProgramData\TEMP:D853F961
AlternateDataStreams: C:\ProgramData\TEMP:DB8ED159
AlternateDataStreams: C:\ProgramData\TEMP:E51234A9
AlternateDataStreams: C:\ProgramData\TEMP:E8B5993B
AlternateDataStreams: C:\ProgramData\TEMP:EB6CB455
AlternateDataStreams: C:\ProgramData\TEMP:EFEF58CC
AlternateDataStreams: C:\ProgramData\TEMP:F0A3E54E
AlternateDataStreams: C:\ProgramData\TEMP:F1E651F6
AlternateDataStreams: C:\ProgramData\TEMP:F216755A
AlternateDataStreams: C:\ProgramData\TEMP:F28885DF
AlternateDataStreams: C:\ProgramData\TEMP:F321F01E
AlternateDataStreams: C:\ProgramData\TEMP:F4F4A435
AlternateDataStreams: C:\ProgramData\TEMP:F568DD7B
AlternateDataStreams: C:\ProgramData\TEMP:F57D2F43
AlternateDataStreams: C:\Users\Wayne\Downloads\KRAB.jpeg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Wayne\Downloads\noname.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wayne\Downloads\photo.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Wayne\Downloads\the Pharmacist.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wayne\Downloads\_ FW_ EMAIL NUMBER 1 of 2_ China opens record breaking 4,000 ft long bridge_.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wayne\Documents\ING Direct.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wayne\Documents\Marina Operators Legal Liability.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wayne\Documents\problemepsychiatriquelepitou.mpeg:TOC.WMV
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "DisplayName"="HandsFree Client"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ImagePath"="C:\Program Files (x86)\HandsFree\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client\Parameters => "Application"="C:\Program Files (x86)\HandsFree\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "DisplayName"="HFN Client"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "ImagePath"="C:\Program Files (x86)\HFN\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client\Parameters => "Application"="C:\Program Files (x86)\HFN\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: gupdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk => C:\Windows\pss\Dell Remote Access.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Wayne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: CAHeadless => c:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: HandsFreeCApp => C:\Program Files (x86)\HandsFree\Client\capp.exe -r
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
MSCONFIG\startupreg: {0228e555-4f9c-4e35-a3ec-b109a192b4c2} => C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2537701294-2937390200-3866314920-500 - Administrator - Disabled)
Guest (S-1-5-21-2537701294-2937390200-3866314920-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2537701294-2937390200-3866314920-1002 - Limited - Enabled)
Wayne (S-1-5-21-2537701294-2937390200-3866314920-1000 - Administrator - Enabled) => C:\Users\Wayne
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (12/21/2014 08:42:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RxFilter
 
Error: (12/21/2014 08:41:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (12/21/2014 08:41:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (12/21/2014 07:03:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RxFilter
 
Error: (12/21/2014 07:03:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error: 
%%1053
 
Error: (12/21/2014 07:03:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
 
Error: (12/18/2014 09:58:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RxFilter
 
Error: (12/18/2014 09:57:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (12/18/2014 09:57:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (12/18/2014 08:06:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}
 
 
Microsoft Office Sessions:
=========================
Error: (11/28/2014 02:07:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 931 seconds with 900 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-12-31 09:09:45.687
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-12-31 09:09:45.609
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 29%
Total physical RAM: 9206.99 MB
Available physical RAM: 6493.41 MB
Total Pagefile: 18412.16 MB
Available Pagefile: 15795.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.35 GB) (Free:767.37 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C796C701)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by Wayne (administrator) on WAYNE-PC on 21-12-2014 08:47:31
Running from C:\Users\Wayne\Desktop
Loaded Profile: Wayne (Available profiles: Wayne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Creative Technology Ltd) C:\WINDOWS\SysWOW64\Ctxfihlp.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\WINDOWS\System32\UI0Detect.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Creative Technology Ltd) C:\WINDOWS\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\RunOnce: [Adobe Speed Launcher] => 1419180118
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> {ED2F724C-8FEE-4F8A-87E6-10678B5D6E07} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mah%20Jong%20Medley/Images/stg_drm.ocx
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15118/CTPID.cab
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2537701294-2937390200-3866314920-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Wayne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.c...v=210&ie=UTF-8"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (BlackBerry AppWorld) - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Wayne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09]
CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google Wallet) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-04-01] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-04-01] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-11-21] (IBM Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [66360 2012-08-22] (Trend Micro Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [41272 2011-12-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
R1 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2014-12-08] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-11-21] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-11-21] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-11-21] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S3 cpuz134; \??\C:\Users\Wayne\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-21 08:47 - 2014-12-21 08:47 - 00021498 _____ () C:\Users\Wayne\Desktop\FRST.txt
2014-12-21 08:36 - 2014-12-21 08:36 - 00001134 _____ () C:\Users\Wayne\Desktop\FRST64 - Shortcut.lnk
2014-12-21 08:35 - 2014-12-21 08:35 - 00000000 ____D () C:\Users\Wayne\Downloads\FRST-OlderVersion
2014-12-21 08:34 - 2014-12-21 08:34 - 00001172 _____ () C:\Users\Wayne\Desktop\FRST64 (1) - Shortcut.lnk
2014-12-21 07:19 - 2014-12-21 07:19 - 00022300 _____ () C:\Windows\system32\ScanResults.xml
2014-12-21 07:13 - 2014-12-21 07:13 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-12-19 08:43 - 2014-12-19 08:43 - 00025329 _____ () C:\Users\Wayne\Desktop\farbar.htm
2014-12-19 08:36 - 2014-12-19 08:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (4).exe
2014-12-19 08:21 - 2014-12-19 08:21 - 00000000 ____D () C:\Users\Wayne\AppData\Local\{058E263E-A8CB-4229-B72F-8B88498BE914}
2014-12-19 07:07 - 2014-12-19 08:36 - 00000165 _____ () C:\Windows\Reimage.ini
2014-12-18 20:37 - 2014-12-18 20:37 - 00000437 _____ () C:\Users\Wayne\Desktop\Estscan.txt
2014-12-18 20:04 - 2014-12-18 20:04 - 00000000 __SHD () C:\Users\Wayne\AppData\Local\EmieBrowserModeList
2014-12-18 17:39 - 2014-12-18 17:39 - 00073085 _____ () C:\Users\Wayne\Desktop\malware.txt
2014-12-18 17:02 - 2014-12-18 21:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 17:01 - 2014-12-18 17:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 17:01 - 2014-12-18 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 17:01 - 2014-12-18 17:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 17:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-18 17:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-18 17:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-18 17:00 - 2014-12-18 17:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Wayne\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-18 16:55 - 2014-12-18 16:55 - 00005854 _____ () C:\Users\Wayne\Desktop\JRT.txt
2014-12-18 16:37 - 2014-12-18 16:41 - 00000000 ____D () C:\AdwCleaner
2014-12-18 16:35 - 2014-12-18 16:36 - 02166272 _____ () C:\Users\Wayne\Downloads\AdwCleaner.exe
2014-12-18 16:23 - 2014-12-18 16:23 - 00016963 _____ () C:\Users\Wayne\Desktop\malware bytes A.htm
2014-12-18 16:22 - 2014-12-18 16:22 - 01707646 _____ (Thisisu) C:\Users\Wayne\Desktop\junkware.exe
2014-12-18 16:21 - 2014-12-18 16:21 - 00028986 _____ () C:\Users\Wayne\Desktop\adwarecleaner v3.htm
2014-12-17 19:03 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 19:03 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 12:15 - 2014-12-16 16:15 - 00007456 _____ () C:\Users\Wayne\Desktop\SystemLook.txt
2014-12-16 12:13 - 2014-12-16 12:13 - 00165376 _____ () C:\Users\Wayne\Downloads\SystemLook_x64.exe
2014-12-16 12:13 - 2014-12-16 12:13 - 00165376 _____ () C:\Users\Wayne\Desktop\SystemLook_x64.exe
2014-12-15 20:17 - 2014-12-15 20:17 - 03149590 _____ () C:\Users\Wayne\Documents\screenshot.nfo
2014-12-15 17:40 - 2014-12-15 17:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-15 17:34 - 2014-12-15 17:36 - 122418480 _____ (Apple Inc.) C:\Users\Wayne\Downloads\iTunes64Setup.exe
2014-12-14 15:26 - 2014-12-17 10:25 - 00044894 _____ () C:\Users\Wayne\Desktop\sfcdetails.txt
2014-12-10 06:26 - 2014-12-10 06:26 - 00000512 _____ () C:\Users\Wayne\Desktop\MBR.dat
2014-12-10 06:12 - 2014-12-10 06:12 - 00025317 _____ () C:\Users\Wayne\Desktop\download.htm
2014-12-10 06:11 - 2014-12-10 06:11 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Desktop\aswMBR (1).exe
2014-12-10 06:10 - 2014-12-10 06:10 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (4).exe
2014-12-10 03:23 - 2014-12-10 03:23 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:02 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:02 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:02 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 03:02 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 03:02 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 03:02 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 03:02 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 03:02 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 03:02 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 03:02 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 23:05 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 23:05 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 23:05 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 23:05 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 23:05 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 23:05 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 23:05 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 23:05 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 23:05 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 23:05 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 23:05 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 23:05 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 23:05 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 23:05 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 23:05 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 23:05 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 23:05 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 23:05 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 23:05 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 23:05 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 23:05 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 23:05 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 23:05 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 23:05 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 23:05 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 23:05 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 23:05 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 23:05 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 23:05 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 23:05 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 23:05 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 23:05 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 23:05 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 23:05 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 23:05 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 23:05 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 23:05 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 23:05 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 23:05 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 23:05 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 23:05 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 23:05 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 23:05 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 23:05 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 23:05 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 23:05 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 23:05 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 23:05 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 23:05 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 23:05 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 23:04 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 23:04 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 23:04 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 23:04 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 23:04 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 23:04 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 23:04 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 23:04 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 23:04 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 23:04 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 23:04 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 23:04 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 23:04 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 23:04 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 23:04 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 23:04 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 23:04 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 23:04 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 23:04 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 23:04 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 23:04 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 23:04 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 23:04 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 13:29 - 2014-12-08 13:29 - 00521277 _____ () C:\Users\Wayne\Downloads\fwd10reasonstoplaygolf.zip
2014-12-08 13:26 - 2014-12-08 13:26 - 02298880 _____ () C:\Users\Wayne\Downloads\PLUMBERSTEST.pps
2014-12-03 13:12 - 2014-12-03 13:12 - 00002259 _____ () C:\Users\Wayne\Downloads\little buck.wlmp
2014-11-29 09:28 - 2014-12-19 08:46 - 00038287 _____ () C:\Users\Wayne\Downloads\Addition.txt
2014-11-29 09:27 - 2014-12-21 08:47 - 00000000 ____D () C:\FRST
2014-11-29 09:27 - 2014-12-19 08:46 - 00046622 _____ () C:\Users\Wayne\Downloads\FRST.txt
2014-11-29 09:24 - 2014-12-21 08:35 - 02122240 _____ (Farbar) C:\Users\Wayne\Desktop\FRST64.exe
2014-11-29 08:36 - 2014-11-29 08:37 - 00274832 _____ () C:\Windows\Minidump\112914-51355-01.dmp
2014-11-29 08:21 - 2014-11-29 08:21 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Desktop\aswMBR.exe
2014-11-29 08:20 - 2014-11-29 08:20 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (3).exe
2014-11-29 08:20 - 2014-11-29 08:20 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (2).exe
2014-11-29 08:16 - 2014-11-29 08:16 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (1).exe
2014-11-29 08:15 - 2014-11-29 08:16 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR.exe
2014-11-28 13:45 - 2014-11-28 13:45 - 00041759 _____ () C:\Users\Wayne\Downloads\Costco deals (1).htm
2014-11-28 12:38 - 2014-11-28 14:25 - 00000000 ____D () C:\Users\Wayne\Documents\Cristines Letters
2014-11-24 17:13 - 2014-11-24 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-24 17:11 - 2014-12-15 17:40 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-24 17:11 - 2014-12-15 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-24 17:10 - 2014-11-24 17:11 - 00000000 ____D () C:\Program Files\iTunes
2014-11-24 17:10 - 2014-11-24 17:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-24 17:10 - 2014-11-24 17:10 - 00000000 ____D () C:\Program Files\iPod
2014-11-24 16:59 - 2014-11-24 17:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-24 16:59 - 2014-11-24 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-24 16:53 - 2014-11-24 16:53 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-11-21 14:47 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-21 14:47 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-21 14:47 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-21 14:47 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-21 14:35 - 2014-11-21 14:35 - 00262144 _____ () C:\Windows\Minidump\112114-59217-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-21 08:46 - 2011-01-03 13:24 - 01706931 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 08:46 - 2009-07-13 21:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 08:42 - 2010-06-10 16:35 - 00286720 ___SH () C:\Users\Wayne\Desktop\Thumbs.db
2014-12-21 08:41 - 2010-11-24 14:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 08:40 - 2011-02-10 16:26 - 00909186 _____ () C:\Windows\PFRO.log
2014-12-21 08:40 - 2011-02-10 12:00 - 00109356 _____ () C:\Windows\setupact.log
2014-12-21 08:40 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-21 08:36 - 2010-11-24 14:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 07:56 - 2014-05-02 14:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-21 07:10 - 2009-07-13 20:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-21 07:10 - 2009-07-13 20:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-19 08:17 - 2013-10-28 07:39 - 05696512 ___SH () C:\Users\Wayne\Downloads\Thumbs.db
2014-12-18 17:01 - 2011-01-03 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 10:54 - 2013-01-24 09:22 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\ZoomBrowser EX
2014-12-16 16:39 - 2012-10-18 09:28 - 00000000 ____D () C:\Users\Wayne\Documents\MY New Scans
2014-12-15 20:39 - 2010-06-10 16:35 - 01326592 ___SH () C:\Users\Wayne\Documents\Thumbs.db
2014-12-15 20:32 - 2010-06-10 16:35 - 01795072 _____ () C:\Users\Wayne\Documents\contacts.pst
2014-12-14 14:56 - 2012-11-07 06:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 03:23 - 2014-05-09 14:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:08 - 2010-04-01 21:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:07 - 2013-07-22 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:03 - 2010-06-10 22:18 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-08 16:46 - 2013-08-23 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-11-30 15:25 - 2010-12-10 07:52 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Apple Computer
2014-11-29 08:36 - 2011-02-27 13:10 - 751512204 _____ () C:\Windows\MEMORY.DMP
2014-11-29 08:36 - 2011-02-27 13:10 - 00000000 ____D () C:\Windows\Minidump
2014-11-24 17:10 - 2010-12-10 07:51 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-24 17:09 - 2014-07-13 05:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-24 16:53 - 2010-12-10 07:51 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-21 14:45 - 2014-05-22 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-21 14:43 - 2014-05-02 15:46 - 00000000 ____D () C:\Users\Wayne\AppData\Local\AVG
2014-11-21 00:30 - 2011-02-26 06:53 - 00534104 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2010-12-27 21:01
 
==================== End Of Log ============================
 

ne when done right



#39 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 December 2014 - 10:16 PM

Hi ENYAW22,

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 
Start
AlternateDataStreams: C:\ProgramData\TEMP:026B76F2
AlternateDataStreams: C:\ProgramData\TEMP:04107365
AlternateDataStreams: C:\ProgramData\TEMP:0441DB7A
AlternateDataStreams: C:\ProgramData\TEMP:04FDFCF6
AlternateDataStreams: C:\ProgramData\TEMP:0AC32449
AlternateDataStreams: C:\ProgramData\TEMP:117354E5
AlternateDataStreams: C:\ProgramData\TEMP:12B6A5EC
AlternateDataStreams: C:\ProgramData\TEMP:14859C24
AlternateDataStreams: C:\ProgramData\TEMP:157D4840
AlternateDataStreams: C:\ProgramData\TEMP:16ED1DDB
AlternateDataStreams: C:\ProgramData\TEMP:178D4338
AlternateDataStreams: C:\ProgramData\TEMP:1ED30878
AlternateDataStreams: C:\ProgramData\TEMP:2032CC2B
AlternateDataStreams: C:\ProgramData\TEMP:20767002
AlternateDataStreams: C:\ProgramData\TEMP:21F1378A
AlternateDataStreams: C:\ProgramData\TEMP:239CC213
AlternateDataStreams: C:\ProgramData\TEMP:2A6414DE
AlternateDataStreams: C:\ProgramData\TEMP:2D09AB80
AlternateDataStreams: C:\ProgramData\TEMP:2D7D575C
AlternateDataStreams: C:\ProgramData\TEMP:304D2C3C
AlternateDataStreams: C:\ProgramData\TEMP:32A38B26
AlternateDataStreams: C:\ProgramData\TEMP:3325D6E9
AlternateDataStreams: C:\ProgramData\TEMP:3477DE06
AlternateDataStreams: C:\ProgramData\TEMP:359163DE
AlternateDataStreams: C:\ProgramData\TEMP:35F7F01D
AlternateDataStreams: C:\ProgramData\TEMP:370A117C
AlternateDataStreams: C:\ProgramData\TEMP:38BFF11F
AlternateDataStreams: C:\ProgramData\TEMP:41D53451
AlternateDataStreams: C:\ProgramData\TEMP:43A7A7AD
AlternateDataStreams: C:\ProgramData\TEMP:452C4003
AlternateDataStreams: C:\ProgramData\TEMP:485A9313
AlternateDataStreams: C:\ProgramData\TEMP:4A7C296A
AlternateDataStreams: C:\ProgramData\TEMP:4AC9B4B7
AlternateDataStreams: C:\ProgramData\TEMP:4C6DC495
AlternateDataStreams: C:\ProgramData\TEMP:4F63029C
AlternateDataStreams: C:\ProgramData\TEMP:50B14AA6
AlternateDataStreams: C:\ProgramData\TEMP:5374772
AlternateDataStreams: C:\ProgramData\TEMP:55EFEB27
AlternateDataStreams: C:\ProgramData\TEMP:569033D0
AlternateDataStreams: C:\ProgramData\TEMP:56EE2CAF
AlternateDataStreams: C:\ProgramData\TEMP:57DC3B52
AlternateDataStreams: C:\ProgramData\TEMP:5A99DEB7
AlternateDataStreams: C:\ProgramData\TEMP:5D59B736
AlternateDataStreams: C:\ProgramData\TEMP:708E3F13
AlternateDataStreams: C:\ProgramData\TEMP:71173EF9
AlternateDataStreams: C:\ProgramData\TEMP:73C7924E
AlternateDataStreams: C:\ProgramData\TEMP:74E00408
AlternateDataStreams: C:\ProgramData\TEMP:77A023CE
AlternateDataStreams: C:\ProgramData\TEMP:78AFAE94
AlternateDataStreams: C:\ProgramData\TEMP:7B0B85D2
AlternateDataStreams: C:\ProgramData\TEMP:7B70C2D6
AlternateDataStreams: C:\ProgramData\TEMP:7C60A173
AlternateDataStreams: C:\ProgramData\TEMP:7D271B34
AlternateDataStreams: C:\ProgramData\TEMP:83E716F0
AlternateDataStreams: C:\ProgramData\TEMP:88E71AC6
AlternateDataStreams: C:\ProgramData\TEMP:8BB2EC84
AlternateDataStreams: C:\ProgramData\TEMP:8D25608D
AlternateDataStreams: C:\ProgramData\TEMP:90FD8AD5
AlternateDataStreams: C:\ProgramData\TEMP:987DED13
AlternateDataStreams: C:\ProgramData\TEMP:98DFF516
AlternateDataStreams: C:\ProgramData\TEMP:9AB15E7
AlternateDataStreams: C:\ProgramData\TEMP:9AF9C79E
AlternateDataStreams: C:\ProgramData\TEMP:9B27D3A9
AlternateDataStreams: C:\ProgramData\TEMP:A17AFE82
AlternateDataStreams: C:\ProgramData\TEMP:A21E43C2
AlternateDataStreams: C:\ProgramData\TEMP:A25C1F6E
AlternateDataStreams: C:\ProgramData\TEMP:A2CEDFBB
AlternateDataStreams: C:\ProgramData\TEMP:A8C08E7E
AlternateDataStreams: C:\ProgramData\TEMP:AB957E48
AlternateDataStreams: C:\ProgramData\TEMP:AC8ECED1
AlternateDataStreams: C:\ProgramData\TEMP:ACECBBFF
AlternateDataStreams: C:\ProgramData\TEMP:ADE2C1A6
AlternateDataStreams: C:\ProgramData\TEMP:B30D9A49
AlternateDataStreams: C:\ProgramData\TEMP:B3BAC02F
AlternateDataStreams: C:\ProgramData\TEMP:B618BFFE
AlternateDataStreams: C:\ProgramData\TEMP:B7D0D9DB
AlternateDataStreams: C:\ProgramData\TEMP:B8761AAB
AlternateDataStreams: C:\ProgramData\TEMP:BB61BFAF
AlternateDataStreams: C:\ProgramData\TEMP:BB8B6B1E
AlternateDataStreams: C:\ProgramData\TEMP:BE7A0841
AlternateDataStreams: C:\ProgramData\TEMP:C447EE44
AlternateDataStreams: C:\ProgramData\TEMP:C48A983C
AlternateDataStreams: C:\ProgramData\TEMP:C60C6342
AlternateDataStreams: C:\ProgramData\TEMP:C6E49090
AlternateDataStreams: C:\ProgramData\TEMP:C7F04040
AlternateDataStreams: C:\ProgramData\TEMP:CCC4018A
AlternateDataStreams: C:\ProgramData\TEMP:CF6A6C8A
AlternateDataStreams: C:\ProgramData\TEMP:CFF21EA7
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D1BCFD4A
AlternateDataStreams: C:\ProgramData\TEMP:D35663D1
AlternateDataStreams: C:\ProgramData\TEMP:D3D507A6
AlternateDataStreams: C:\ProgramData\TEMP:D41AB8D0
AlternateDataStreams: C:\ProgramData\TEMP:D68FBF6D
AlternateDataStreams: C:\ProgramData\TEMP:D751C674
AlternateDataStreams: C:\ProgramData\TEMP:D853F961
AlternateDataStreams: C:\ProgramData\TEMP:DB8ED159
AlternateDataStreams: C:\ProgramData\TEMP:E51234A9
AlternateDataStreams: C:\ProgramData\TEMP:E8B5993B
AlternateDataStreams: C:\ProgramData\TEMP:EB6CB455
AlternateDataStreams: C:\ProgramData\TEMP:EFEF58CC
AlternateDataStreams: C:\ProgramData\TEMP:F0A3E54E
AlternateDataStreams: C:\ProgramData\TEMP:F1E651F6
AlternateDataStreams: C:\ProgramData\TEMP:F216755
AlternateDataStreams: C:\ProgramData\TEMP:F28885DF
AlternateDataStreams: C:\ProgramData\TEMP:F321F01E
AlternateDataStreams: C:\ProgramData\TEMP:F4F4A435
AlternateDataStreams: C:\ProgramData\TEMP:F568DD7B
AlternateDataStreams: C:\ProgramData\TEMP:F57D2F43
HKLM-x32\...\Run: [] => [X]
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
2014-12-19 08:36 - 2014-12-19 08:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (4).exe
2014-12-19 07:07 - 2014-12-19 08:36 - 00000165 _____ () C:\Windows\Reimage.ini
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:
  • Fixlog.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#40 ENYAW22

ENYAW22

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 21 December 2014 - 11:07 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by Wayne (administrator) on WAYNE-PC on 21-12-2014 08:47:31
Running from C:\Users\Wayne\Desktop
Loaded Profile: Wayne (Available profiles: Wayne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Creative Technology Ltd) C:\WINDOWS\SysWOW64\Ctxfihlp.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\WINDOWS\System32\UI0Detect.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Creative Technology Ltd) C:\WINDOWS\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\...\RunOnce: [Adobe Speed Launcher] => 1419180118
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2537701294-2937390200-3866314920-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> {ED2F724C-8FEE-4F8A-87E6-10678B5D6E07} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mah%20Jong%20Medley/Images/stg_drm.ocx
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15118/CTPID.cab
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2537701294-2937390200-3866314920-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Wayne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.c...v=210&ie=UTF-8"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (BlackBerry AppWorld) - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Wayne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09]
CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google Wallet) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-04-01] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-04-01] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-11-21] (IBM Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [66360 2012-08-22] (Trend Micro Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [41272 2011-12-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
R1 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2014-12-08] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-11-21] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-11-21] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-11-21] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S3 cpuz134; \??\C:\Users\Wayne\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-21 08:47 - 2014-12-21 08:47 - 00021498 _____ () C:\Users\Wayne\Desktop\FRST.txt
2014-12-21 08:36 - 2014-12-21 08:36 - 00001134 _____ () C:\Users\Wayne\Desktop\FRST64 - Shortcut.lnk
2014-12-21 08:35 - 2014-12-21 08:35 - 00000000 ____D () C:\Users\Wayne\Downloads\FRST-OlderVersion
2014-12-21 08:34 - 2014-12-21 08:34 - 00001172 _____ () C:\Users\Wayne\Desktop\FRST64 (1) - Shortcut.lnk
2014-12-21 07:19 - 2014-12-21 07:19 - 00022300 _____ () C:\Windows\system32\ScanResults.xml
2014-12-21 07:13 - 2014-12-21 07:13 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-12-19 08:43 - 2014-12-19 08:43 - 00025329 _____ () C:\Users\Wayne\Desktop\farbar.htm
2014-12-19 08:36 - 2014-12-19 08:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (4).exe
2014-12-19 08:21 - 2014-12-19 08:21 - 00000000 ____D () C:\Users\Wayne\AppData\Local\{058E263E-A8CB-4229-B72F-8B88498BE914}
2014-12-19 07:07 - 2014-12-19 08:36 - 00000165 _____ () C:\Windows\Reimage.ini
2014-12-18 20:37 - 2014-12-18 20:37 - 00000437 _____ () C:\Users\Wayne\Desktop\Estscan.txt
2014-12-18 20:04 - 2014-12-18 20:04 - 00000000 __SHD () C:\Users\Wayne\AppData\Local\EmieBrowserModeList
2014-12-18 17:39 - 2014-12-18 17:39 - 00073085 _____ () C:\Users\Wayne\Desktop\malware.txt
2014-12-18 17:02 - 2014-12-18 21:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 17:01 - 2014-12-18 17:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 17:01 - 2014-12-18 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 17:01 - 2014-12-18 17:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 17:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-18 17:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-18 17:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-18 17:00 - 2014-12-18 17:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Wayne\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-18 16:55 - 2014-12-18 16:55 - 00005854 _____ () C:\Users\Wayne\Desktop\JRT.txt
2014-12-18 16:37 - 2014-12-18 16:41 - 00000000 ____D () C:\AdwCleaner
2014-12-18 16:35 - 2014-12-18 16:36 - 02166272 _____ () C:\Users\Wayne\Downloads\AdwCleaner.exe
2014-12-18 16:23 - 2014-12-18 16:23 - 00016963 _____ () C:\Users\Wayne\Desktop\malware bytes A.htm
2014-12-18 16:22 - 2014-12-18 16:22 - 01707646 _____ (Thisisu) C:\Users\Wayne\Desktop\junkware.exe
2014-12-18 16:21 - 2014-12-18 16:21 - 00028986 _____ () C:\Users\Wayne\Desktop\adwarecleaner v3.htm
2014-12-17 19:03 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 19:03 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 12:15 - 2014-12-16 16:15 - 00007456 _____ () C:\Users\Wayne\Desktop\SystemLook.txt
2014-12-16 12:13 - 2014-12-16 12:13 - 00165376 _____ () C:\Users\Wayne\Downloads\SystemLook_x64.exe
2014-12-16 12:13 - 2014-12-16 12:13 - 00165376 _____ () C:\Users\Wayne\Desktop\SystemLook_x64.exe
2014-12-15 20:17 - 2014-12-15 20:17 - 03149590 _____ () C:\Users\Wayne\Documents\screenshot.nfo
2014-12-15 17:40 - 2014-12-15 17:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-15 17:34 - 2014-12-15 17:36 - 122418480 _____ (Apple Inc.) C:\Users\Wayne\Downloads\iTunes64Setup.exe
2014-12-14 15:26 - 2014-12-17 10:25 - 00044894 _____ () C:\Users\Wayne\Desktop\sfcdetails.txt
2014-12-10 06:26 - 2014-12-10 06:26 - 00000512 _____ () C:\Users\Wayne\Desktop\MBR.dat
2014-12-10 06:12 - 2014-12-10 06:12 - 00025317 _____ () C:\Users\Wayne\Desktop\download.htm
2014-12-10 06:11 - 2014-12-10 06:11 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Desktop\aswMBR (1).exe
2014-12-10 06:10 - 2014-12-10 06:10 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (4).exe
2014-12-10 03:23 - 2014-12-10 03:23 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:02 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:02 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:02 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 03:02 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 03:02 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 03:02 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 03:02 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 03:02 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 03:02 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 03:02 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 23:05 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 23:05 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 23:05 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 23:05 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 23:05 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 23:05 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 23:05 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 23:05 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 23:05 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 23:05 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 23:05 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 23:05 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 23:05 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 23:05 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 23:05 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 23:05 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 23:05 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 23:05 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 23:05 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 23:05 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 23:05 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 23:05 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 23:05 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 23:05 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 23:05 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 23:05 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 23:05 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 23:05 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 23:05 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 23:05 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 23:05 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 23:05 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 23:05 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 23:05 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 23:05 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 23:05 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 23:05 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 23:05 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 23:05 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 23:05 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 23:05 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 23:05 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 23:05 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 23:05 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 23:05 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 23:05 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 23:05 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 23:05 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 23:05 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 23:05 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 23:05 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 23:04 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 23:04 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 23:04 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 23:04 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 23:04 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 23:04 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 23:04 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 23:04 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 23:04 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 23:04 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 23:04 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 23:04 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 23:04 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 23:04 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 23:04 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 23:04 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 23:04 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 23:04 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 23:04 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 23:04 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 23:04 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 23:04 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 23:04 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 13:29 - 2014-12-08 13:29 - 00521277 _____ () C:\Users\Wayne\Downloads\fwd10reasonstoplaygolf.zip
2014-12-08 13:26 - 2014-12-08 13:26 - 02298880 _____ () C:\Users\Wayne\Downloads\PLUMBERSTEST.pps
2014-12-03 13:12 - 2014-12-03 13:12 - 00002259 _____ () C:\Users\Wayne\Downloads\little buck.wlmp
2014-11-29 09:28 - 2014-12-19 08:46 - 00038287 _____ () C:\Users\Wayne\Downloads\Addition.txt
2014-11-29 09:27 - 2014-12-21 08:47 - 00000000 ____D () C:\FRST
2014-11-29 09:27 - 2014-12-19 08:46 - 00046622 _____ () C:\Users\Wayne\Downloads\FRST.txt
2014-11-29 09:24 - 2014-12-21 08:35 - 02122240 _____ (Farbar) C:\Users\Wayne\Desktop\FRST64.exe
2014-11-29 08:36 - 2014-11-29 08:37 - 00274832 _____ () C:\Windows\Minidump\112914-51355-01.dmp
2014-11-29 08:21 - 2014-11-29 08:21 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Desktop\aswMBR.exe
2014-11-29 08:20 - 2014-11-29 08:20 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (3).exe
2014-11-29 08:20 - 2014-11-29 08:20 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (2).exe
2014-11-29 08:16 - 2014-11-29 08:16 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR (1).exe
2014-11-29 08:15 - 2014-11-29 08:16 - 05198336 _____ (AVAST Software) C:\Users\Wayne\Downloads\aswMBR.exe
2014-11-28 13:45 - 2014-11-28 13:45 - 00041759 _____ () C:\Users\Wayne\Downloads\Costco deals (1).htm
2014-11-28 12:38 - 2014-11-28 14:25 - 00000000 ____D () C:\Users\Wayne\Documents\Cristines Letters
2014-11-24 17:13 - 2014-11-24 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-24 17:11 - 2014-12-15 17:40 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-24 17:11 - 2014-12-15 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-24 17:10 - 2014-11-24 17:11 - 00000000 ____D () C:\Program Files\iTunes
2014-11-24 17:10 - 2014-11-24 17:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-24 17:10 - 2014-11-24 17:10 - 00000000 ____D () C:\Program Files\iPod
2014-11-24 16:59 - 2014-11-24 17:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-24 16:59 - 2014-11-24 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-24 16:53 - 2014-11-24 16:53 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-11-21 14:47 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-21 14:47 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-21 14:47 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-21 14:47 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-21 14:35 - 2014-11-21 14:35 - 00262144 _____ () C:\Windows\Minidump\112114-59217-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-21 08:46 - 2011-01-03 13:24 - 01706931 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 08:46 - 2009-07-13 21:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 08:42 - 2010-06-10 16:35 - 00286720 ___SH () C:\Users\Wayne\Desktop\Thumbs.db
2014-12-21 08:41 - 2010-11-24 14:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 08:40 - 2011-02-10 16:26 - 00909186 _____ () C:\Windows\PFRO.log
2014-12-21 08:40 - 2011-02-10 12:00 - 00109356 _____ () C:\Windows\setupact.log
2014-12-21 08:40 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-21 08:36 - 2010-11-24 14:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 07:56 - 2014-05-02 14:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-21 07:10 - 2009-07-13 20:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-21 07:10 - 2009-07-13 20:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-19 08:17 - 2013-10-28 07:39 - 05696512 ___SH () C:\Users\Wayne\Downloads\Thumbs.db
2014-12-18 17:01 - 2011-01-03 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 10:54 - 2013-01-24 09:22 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\ZoomBrowser EX
2014-12-16 16:39 - 2012-10-18 09:28 - 00000000 ____D () C:\Users\Wayne\Documents\MY New Scans
2014-12-15 20:39 - 2010-06-10 16:35 - 01326592 ___SH () C:\Users\Wayne\Documents\Thumbs.db
2014-12-15 20:32 - 2010-06-10 16:35 - 01795072 _____ () C:\Users\Wayne\Documents\contacts.pst
2014-12-14 14:56 - 2012-11-07 06:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 03:23 - 2014-05-09 14:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:08 - 2010-04-01 21:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:07 - 2013-07-22 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:03 - 2010-06-10 22:18 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-08 16:46 - 2013-08-23 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-11-30 15:25 - 2010-12-10 07:52 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Apple Computer
2014-11-29 08:36 - 2011-02-27 13:10 - 751512204 _____ () C:\Windows\MEMORY.DMP
2014-11-29 08:36 - 2011-02-27 13:10 - 00000000 ____D () C:\Windows\Minidump
2014-11-24 17:10 - 2010-12-10 07:51 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-24 17:09 - 2014-07-13 05:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-24 16:53 - 2010-12-10 07:51 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-21 14:45 - 2014-05-22 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-21 14:43 - 2014-05-02 15:46 - 00000000 ____D () C:\Users\Wayne\AppData\Local\AVG
2014-11-21 00:30 - 2011-02-26 06:53 - 00534104 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2010-12-27 21:01
 
==================== End Of Log ============================
 
computer seems to be working OK.

    Advertisements

Register to Remove


#41 ENYAW22

ENYAW22

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 21 December 2014 - 11:14 PM

I may have sent the wrong log last time.i am getting so many on my desktop

.Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014 01

Ran by Wayne at 2014-12-21 20:46:21 Run:2
Running from C:\Users\Wayne\Desktop
Loaded Profile: Wayne (Available profiles: Wayne)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
AlternateDataStreams: C:\ProgramData\TEMP:026B76F2
AlternateDataStreams: C:\ProgramData\TEMP:04107365
AlternateDataStreams: C:\ProgramData\TEMP:0441DB7A
AlternateDataStreams: C:\ProgramData\TEMP:04FDFCF6
AlternateDataStreams: C:\ProgramData\TEMP:0AC32449
AlternateDataStreams: C:\ProgramData\TEMP:117354E5
AlternateDataStreams: C:\ProgramData\TEMP:12B6A5EC
AlternateDataStreams: C:\ProgramData\TEMP:14859C24
AlternateDataStreams: C:\ProgramData\TEMP:157D4840
AlternateDataStreams: C:\ProgramData\TEMP:16ED1DDB
AlternateDataStreams: C:\ProgramData\TEMP:178D4338
AlternateDataStreams: C:\ProgramData\TEMP:1ED30878
AlternateDataStreams: C:\ProgramData\TEMP:2032CC2B
AlternateDataStreams: C:\ProgramData\TEMP:20767002
AlternateDataStreams: C:\ProgramData\TEMP:21F1378A
AlternateDataStreams: C:\ProgramData\TEMP:239CC213
AlternateDataStreams: C:\ProgramData\TEMP:2A6414DE
AlternateDataStreams: C:\ProgramData\TEMP:2D09AB80
AlternateDataStreams: C:\ProgramData\TEMP:2D7D575C
AlternateDataStreams: C:\ProgramData\TEMP:304D2C3C
AlternateDataStreams: C:\ProgramData\TEMP:32A38B26
AlternateDataStreams: C:\ProgramData\TEMP:3325D6E9
AlternateDataStreams: C:\ProgramData\TEMP:3477DE06
AlternateDataStreams: C:\ProgramData\TEMP:359163DE
AlternateDataStreams: C:\ProgramData\TEMP:35F7F01D
AlternateDataStreams: C:\ProgramData\TEMP:370A117C
AlternateDataStreams: C:\ProgramData\TEMP:38BFF11F
AlternateDataStreams: C:\ProgramData\TEMP:41D53451
AlternateDataStreams: C:\ProgramData\TEMP:43A7A7AD
AlternateDataStreams: C:\ProgramData\TEMP:452C4003
AlternateDataStreams: C:\ProgramData\TEMP:485A9313
AlternateDataStreams: C:\ProgramData\TEMP:4A7C296A
AlternateDataStreams: C:\ProgramData\TEMP:4AC9B4B7
AlternateDataStreams: C:\ProgramData\TEMP:4C6DC495
AlternateDataStreams: C:\ProgramData\TEMP:4F63029C
AlternateDataStreams: C:\ProgramData\TEMP:50B14AA6
AlternateDataStreams: C:\ProgramData\TEMP:5374772
AlternateDataStreams: C:\ProgramData\TEMP:55EFEB27
AlternateDataStreams: C:\ProgramData\TEMP:569033D0
AlternateDataStreams: C:\ProgramData\TEMP:56EE2CAF
AlternateDataStreams: C:\ProgramData\TEMP:57DC3B52
AlternateDataStreams: C:\ProgramData\TEMP:5A99DEB7
AlternateDataStreams: C:\ProgramData\TEMP:5D59B736
AlternateDataStreams: C:\ProgramData\TEMP:708E3F13
AlternateDataStreams: C:\ProgramData\TEMP:71173EF9
AlternateDataStreams: C:\ProgramData\TEMP:73C7924E
AlternateDataStreams: C:\ProgramData\TEMP:74E00408
AlternateDataStreams: C:\ProgramData\TEMP:77A023CE
AlternateDataStreams: C:\ProgramData\TEMP:78AFAE94
AlternateDataStreams: C:\ProgramData\TEMP:7B0B85D2
AlternateDataStreams: C:\ProgramData\TEMP:7B70C2D6
AlternateDataStreams: C:\ProgramData\TEMP:7C60A173
AlternateDataStreams: C:\ProgramData\TEMP:7D271B34
AlternateDataStreams: C:\ProgramData\TEMP:83E716F0
AlternateDataStreams: C:\ProgramData\TEMP:88E71AC6
AlternateDataStreams: C:\ProgramData\TEMP:8BB2EC84
AlternateDataStreams: C:\ProgramData\TEMP:8D25608D
AlternateDataStreams: C:\ProgramData\TEMP:90FD8AD5
AlternateDataStreams: C:\ProgramData\TEMP:987DED13
AlternateDataStreams: C:\ProgramData\TEMP:98DFF516
AlternateDataStreams: C:\ProgramData\TEMP:9AB15E7
AlternateDataStreams: C:\ProgramData\TEMP:9AF9C79E
AlternateDataStreams: C:\ProgramData\TEMP:9B27D3A9
AlternateDataStreams: C:\ProgramData\TEMP:A17AFE82
AlternateDataStreams: C:\ProgramData\TEMP:A21E43C2
AlternateDataStreams: C:\ProgramData\TEMP:A25C1F6E
AlternateDataStreams: C:\ProgramData\TEMP:A2CEDFBB
AlternateDataStreams: C:\ProgramData\TEMP:A8C08E7E
AlternateDataStreams: C:\ProgramData\TEMP:AB957E48
AlternateDataStreams: C:\ProgramData\TEMP:AC8ECED1
AlternateDataStreams: C:\ProgramData\TEMP:ACECBBFF
AlternateDataStreams: C:\ProgramData\TEMP:ADE2C1A6
AlternateDataStreams: C:\ProgramData\TEMP:B30D9A49
AlternateDataStreams: C:\ProgramData\TEMP:B3BAC02F
AlternateDataStreams: C:\ProgramData\TEMP:B618BFFE
AlternateDataStreams: C:\ProgramData\TEMP:B7D0D9DB
AlternateDataStreams: C:\ProgramData\TEMP:B8761AAB
AlternateDataStreams: C:\ProgramData\TEMP:BB61BFAF
AlternateDataStreams: C:\ProgramData\TEMP:BB8B6B1E
AlternateDataStreams: C:\ProgramData\TEMP:BE7A0841
AlternateDataStreams: C:\ProgramData\TEMP:C447EE44
AlternateDataStreams: C:\ProgramData\TEMP:C48A983C
AlternateDataStreams: C:\ProgramData\TEMP:C60C6342
AlternateDataStreams: C:\ProgramData\TEMP:C6E49090
AlternateDataStreams: C:\ProgramData\TEMP:C7F04040
AlternateDataStreams: C:\ProgramData\TEMP:CCC4018A
AlternateDataStreams: C:\ProgramData\TEMP:CF6A6C8A
AlternateDataStreams: C:\ProgramData\TEMP:CFF21EA7
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D1BCFD4A
AlternateDataStreams: C:\ProgramData\TEMP:D35663D1
AlternateDataStreams: C:\ProgramData\TEMP:D3D507A6
AlternateDataStreams: C:\ProgramData\TEMP:D41AB8D0
AlternateDataStreams: C:\ProgramData\TEMP:D68FBF6D
AlternateDataStreams: C:\ProgramData\TEMP:D751C674
AlternateDataStreams: C:\ProgramData\TEMP:D853F961
AlternateDataStreams: C:\ProgramData\TEMP:DB8ED159
AlternateDataStreams: C:\ProgramData\TEMP:E51234A9
AlternateDataStreams: C:\ProgramData\TEMP:E8B5993B
AlternateDataStreams: C:\ProgramData\TEMP:EB6CB455
AlternateDataStreams: C:\ProgramData\TEMP:EFEF58CC
AlternateDataStreams: C:\ProgramData\TEMP:F0A3E54E
AlternateDataStreams: C:\ProgramData\TEMP:F1E651F6
AlternateDataStreams: C:\ProgramData\TEMP:F216755
AlternateDataStreams: C:\ProgramData\TEMP:F28885DF
AlternateDataStreams: C:\ProgramData\TEMP:F321F01E
AlternateDataStreams: C:\ProgramData\TEMP:F4F4A435
AlternateDataStreams: C:\ProgramData\TEMP:F568DD7B
AlternateDataStreams: C:\ProgramData\TEMP:F57D2F43
HKLM-x32\...\Run: [] => [X]
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
2014-12-19 08:36 - 2014-12-19 08:36 - 00775968 _____ (Reimage®) C:\Users\Wayne\Downloads\ReimageRepair (4).exe
2014-12-19 07:07 - 2014-12-19 08:36 - 00000165 _____ () C:\Windows\Reimage.ini
EmptyTemp:
End
*****************
 
C:\ProgramData\TEMP => ":026B76F2" ADS removed successfully.
C:\ProgramData\TEMP => ":04107365" ADS removed successfully.
C:\ProgramData\TEMP => ":0441DB7A" ADS removed successfully.
C:\ProgramData\TEMP => ":04FDFCF6" ADS removed successfully.
C:\ProgramData\TEMP => ":0AC32449" ADS removed successfully.
C:\ProgramData\TEMP => ":117354E5" ADS removed successfully.
C:\ProgramData\TEMP => ":12B6A5EC" ADS removed successfully.
C:\ProgramData\TEMP => ":14859C24" ADS removed successfully.
C:\ProgramData\TEMP => ":157D4840" ADS removed successfully.
C:\ProgramData\TEMP => ":16ED1DDB" ADS removed successfully.
C:\ProgramData\TEMP => ":178D4338" ADS removed successfully.
C:\ProgramData\TEMP => ":1ED30878" ADS removed successfully.
C:\ProgramData\TEMP => ":2032CC2B" ADS removed successfully.
C:\ProgramData\TEMP => ":20767002" ADS removed successfully.
C:\ProgramData\TEMP => ":21F1378A" ADS removed successfully.
C:\ProgramData\TEMP => ":239CC213" ADS removed successfully.
C:\ProgramData\TEMP => ":2A6414DE" ADS removed successfully.
C:\ProgramData\TEMP => ":2D09AB80" ADS removed successfully.
C:\ProgramData\TEMP => ":2D7D575C" ADS removed successfully.
C:\ProgramData\TEMP => ":304D2C3C" ADS removed successfully.
C:\ProgramData\TEMP => ":32A38B26" ADS removed successfully.
C:\ProgramData\TEMP => ":3325D6E9" ADS removed successfully.
C:\ProgramData\TEMP => ":3477DE06" ADS removed successfully.
C:\ProgramData\TEMP => ":359163DE" ADS removed successfully.
C:\ProgramData\TEMP => ":35F7F01D" ADS removed successfully.
C:\ProgramData\TEMP => ":370A117C" ADS removed successfully.
C:\ProgramData\TEMP => ":38BFF11F" ADS removed successfully.
C:\ProgramData\TEMP => ":41D53451" ADS removed successfully.
C:\ProgramData\TEMP => ":43A7A7AD" ADS removed successfully.
C:\ProgramData\TEMP => ":452C4003" ADS removed successfully.
C:\ProgramData\TEMP => ":485A9313" ADS removed successfully.
C:\ProgramData\TEMP => ":4A7C296A" ADS removed successfully.
C:\ProgramData\TEMP => ":4AC9B4B7" ADS removed successfully.
C:\ProgramData\TEMP => ":4C6DC495" ADS removed successfully.
C:\ProgramData\TEMP => ":4F63029C" ADS removed successfully.
C:\ProgramData\TEMP => ":50B14AA6" ADS removed successfully.
"C:\ProgramData\TEMP" => ":5374772" ADS not found.
C:\ProgramData\TEMP => ":55EFEB27" ADS removed successfully.
C:\ProgramData\TEMP => ":569033D0" ADS removed successfully.
C:\ProgramData\TEMP => ":56EE2CAF" ADS removed successfully.
C:\ProgramData\TEMP => ":57DC3B52" ADS removed successfully.
C:\ProgramData\TEMP => ":5A99DEB7" ADS removed successfully.
C:\ProgramData\TEMP => ":5D59B736" ADS removed successfully.
C:\ProgramData\TEMP => ":708E3F13" ADS removed successfully.
C:\ProgramData\TEMP => ":71173EF9" ADS removed successfully.
C:\ProgramData\TEMP => ":73C7924E" ADS removed successfully.
C:\ProgramData\TEMP => ":74E00408" ADS removed successfully.
C:\ProgramData\TEMP => ":77A023CE" ADS removed successfully.
C:\ProgramData\TEMP => ":78AFAE94" ADS removed successfully.
C:\ProgramData\TEMP => ":7B0B85D2" ADS removed successfully.
C:\ProgramData\TEMP => ":7B70C2D6" ADS removed successfully.
C:\ProgramData\TEMP => ":7C60A173" ADS removed successfully.
C:\ProgramData\TEMP => ":7D271B34" ADS removed successfully.
C:\ProgramData\TEMP => ":83E716F0" ADS removed successfully.
C:\ProgramData\TEMP => ":88E71AC6" ADS removed successfully.
C:\ProgramData\TEMP => ":8BB2EC84" ADS removed successfully.
C:\ProgramData\TEMP => ":8D25608D" ADS removed successfully.
C:\ProgramData\TEMP => ":90FD8AD5" ADS removed successfully.
C:\ProgramData\TEMP => ":987DED13" ADS removed successfully.
C:\ProgramData\TEMP => ":98DFF516" ADS removed successfully.
"C:\ProgramData\TEMP" => ":9AB15E7" ADS not found.
C:\ProgramData\TEMP => ":9AF9C79E" ADS removed successfully.
C:\ProgramData\TEMP => ":9B27D3A9" ADS removed successfully.
C:\ProgramData\TEMP => ":A17AFE82" ADS removed successfully.
C:\ProgramData\TEMP => ":A21E43C2" ADS removed successfully.
C:\ProgramData\TEMP => ":A25C1F6E" ADS removed successfully.
C:\ProgramData\TEMP => ":A2CEDFBB" ADS removed successfully.
C:\ProgramData\TEMP => ":A8C08E7E" ADS removed successfully.
C:\ProgramData\TEMP => ":AB957E48" ADS removed successfully.
C:\ProgramData\TEMP => ":AC8ECED1" ADS removed successfully.
C:\ProgramData\TEMP => ":ACECBBFF" ADS removed successfully.
C:\ProgramData\TEMP => ":ADE2C1A6" ADS removed successfully.
C:\ProgramData\TEMP => ":B30D9A49" ADS removed successfully.
C:\ProgramData\TEMP => ":B3BAC02F" ADS removed successfully.
C:\ProgramData\TEMP => ":B618BFFE" ADS removed successfully.
C:\ProgramData\TEMP => ":B7D0D9DB" ADS removed successfully.
C:\ProgramData\TEMP => ":B8761AAB" ADS removed successfully.
C:\ProgramData\TEMP => ":BB61BFAF" ADS removed successfully.
C:\ProgramData\TEMP => ":BB8B6B1E" ADS removed successfully.
C:\ProgramData\TEMP => ":BE7A0841" ADS removed successfully.
C:\ProgramData\TEMP => ":C447EE44" ADS removed successfully.
C:\ProgramData\TEMP => ":C48A983C" ADS removed successfully.
C:\ProgramData\TEMP => ":C60C6342" ADS removed successfully.
C:\ProgramData\TEMP => ":C6E49090" ADS removed successfully.
C:\ProgramData\TEMP => ":C7F04040" ADS removed successfully.
C:\ProgramData\TEMP => ":CCC4018A" ADS removed successfully.
C:\ProgramData\TEMP => ":CF6A6C8A" ADS removed successfully.
C:\ProgramData\TEMP => ":CFF21EA7" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\ProgramData\TEMP => ":D1BCFD4A" ADS removed successfully.
C:\ProgramData\TEMP => ":D35663D1" ADS removed successfully.
C:\ProgramData\TEMP => ":D3D507A6" ADS removed successfully.
C:\ProgramData\TEMP => ":D41AB8D0" ADS removed successfully.
C:\ProgramData\TEMP => ":D68FBF6D" ADS removed successfully.
C:\ProgramData\TEMP => ":D751C674" ADS removed successfully.
C:\ProgramData\TEMP => ":D853F961" ADS removed successfully.
C:\ProgramData\TEMP => ":DB8ED159" ADS removed successfully.
C:\ProgramData\TEMP => ":E51234A9" ADS removed successfully.
C:\ProgramData\TEMP => ":E8B5993B" ADS removed successfully.
C:\ProgramData\TEMP => ":EB6CB455" ADS removed successfully.
C:\ProgramData\TEMP => ":EFEF58CC" ADS removed successfully.
C:\ProgramData\TEMP => ":F0A3E54E" ADS removed successfully.
C:\ProgramData\TEMP => ":F1E651F6" ADS removed successfully.
"C:\ProgramData\TEMP" => ":F216755" ADS not found.
C:\ProgramData\TEMP => ":F28885DF" ADS removed successfully.
C:\ProgramData\TEMP => ":F321F01E" ADS removed successfully.
C:\ProgramData\TEMP => ":F4F4A435" ADS removed successfully.
C:\ProgramData\TEMP => ":F568DD7B" ADS removed successfully.
C:\ProgramData\TEMP => ":F57D2F43" ADS removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => Moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => Moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => Moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => Moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Windows\SysWOW64\npdeployJava1.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
C:\Users\Wayne\Downloads\ReimageRepair (4).exe => Moved successfully.
C:\Windows\Reimage.ini => Moved successfully.
EmptyTemp: => Removed 51.4 MB temporary data.


#42 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 22 December 2014 - 02:26 AM

Hi ENYAW22 ,

Your log appears to be clean. :thumbup: 
We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = = = = = = = = = = = =

bullseye_zpse9eaf36e.gif Remove Disinfection Tools

  • Download Delfix
  • Tick the following boxes:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    Delfix_zpsbce6c60b.gif
  • Click Run
  • Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =


With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate windows and frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent install this program to lock down and prevent crypto-ransomeware

CryptoPrevent_zps7ddc3ebd.jpg

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Green should be good to go
  • Yellow for caution
  • Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

  • Windows XP:
    Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
    If you are running Windows XP, please take the time to read the information provided at these links.
  • Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
  • Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#43 ENYAW22

ENYAW22

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 23 December 2014 - 11:15 AM

Good morning OCD.
Thank you for all your help and patience. I am away in another city having Christmas with my grandkids and will clean up my computer on my return home. Have a merry Christmas and thanks again.---Wayne

#44 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 December 2014 - 11:30 AM

Hi ENYAW22,

You're welcome! Merry Christmas to you and your family also.

I will close the thread. If you should have any difficulties doing the clean up send me a PM and I'll re-open the topic.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#45 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 December 2014 - 11:30 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users