Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer slow. Had toolbar.do.


  • This topic is locked This topic is locked
20 replies to this topic

#1 gwtterry

gwtterry

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 06 January 2015 - 07:29 PM

My Windows 7 Dell Studio 1640 XPS laptop has been sooo slow lately.  Seems like process in the background.  I ran a Spybot Search & Destroy and found toolbar.do, I think it was.  I downloaded Malware Bytes and removed that, but laptop is still soooo slow.  I think something else is still going on.

 

I started a topic back in October, but couldn't back to it because I ended up moving across the country and every time I ran the aswMBR scan, my computer would blue screen over and over.  I'm settled now and finally got the scans to run without blue screening.  I apologize for delay.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015

Ran by Tracy (administrator) on TRACY-PC on 06-01-2015 14:48:04
Running from C:\Users\Tracy\Downloads
Loaded Profile: Tracy (Available profiles: Tracy)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
( ) C:\Windows\System32\lxeacoms.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1552168 2008-09-25] (Synaptics, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [2041112 2008-09-26] (Dell Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-04] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1613603796-1990743980-727887599-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1613603796-1990743980-727887599-1000\...\Run: [GoogleChromeAutoLaunch_01CA19FABFA3145EF0091BC706EED4AD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1613603796-1990743980-727887599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1613603796-1990743980-727887599-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1613603796-1990743980-727887599-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Tracy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (mention) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdbnpodkgflemjpckmcdgabbmefpfnb [2013-03-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Sprout Social) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\biailfjhlmalakjackgpekkbmljelldc [2013-08-22]
CHR Extension: (Alexa Traffic Rank) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2012-09-06]
CHR Extension: (Circloscope Free (Inactives+)) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhcfgcecigkknnimiljlbcjmnbeeodhl [2012-09-06]
CHR Extension: (SEO SERP Workbench) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl [2014-07-08]
CHR Extension: (Replies and more for Google+) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea [2012-09-06]
CHR Extension: (Yast - The World's Easiest Time Tracker) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gokleigpmoameleoajncmkmajedgfgbk [2012-09-06]
CHR Extension: (Avast Online Security) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-04]
CHR Extension: (Pin It Button) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-11-24]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-03-04]
CHR Extension: (Discussions button for Google Search™) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjiggoeheaondbmhmilpmbdkpgcjmdn [2014-03-20]
CHR Extension: (Unfriend Finder) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijknldiopccnikfclcmmjnponjkicbc [2013-02-14]
CHR Extension: (Seo Serp Manager) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncpgpllflmbaaofhdmfamncdipmedjo [2014-07-08]
CHR Extension: (SEO Tools) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\joocnajjlllncaiimobhdlcacaijcjpl [2014-07-08]
CHR Extension: (Social Statistics for Google Plus) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjhofkehhgakpglgghlkccimpbgplfi [2012-09-06]
CHR Extension: (Harvest) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\laddjnahcdblbgdpbfmlllllmcimepem [2013-01-04]
CHR Extension: (Evernote Web) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-01-04]
CHR Extension: (Circloscope) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mechgkelogghhgmpmbpofjijifdppppl [2014-10-15]
CHR Extension: (Google Wallet) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2012-09-06]
CHR Extension: (Google Reader) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2012-09-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-03] (AVAST Software)
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [33960 2009-07-29] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1054888 2009-07-29] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [602792 2009-07-29] ( )
R3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [204576 2014-05-19] (Microsoft)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-03] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-03] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-04] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-06 14:48 - 2015-01-06 14:48 - 00017732 _____ () C:\Users\Tracy\Downloads\FRST.txt
2015-01-06 14:47 - 2015-01-06 14:48 - 00000000 ____D () C:\FRST
2015-01-06 14:47 - 2015-01-06 14:47 - 02123776 _____ (Farbar) C:\Users\Tracy\Downloads\FRST64.exe
2015-01-06 14:32 - 2015-01-06 14:32 - 00000000 ____H () C:\ProgramData\cm-lock
2015-01-06 10:03 - 2015-01-06 10:03 - 00090291 _____ () C:\Users\Tracy\Downloads\Free_Google+_Page_Report_on_Hupy_and_Abraham,_S.C._(11_06_2014-01_05_2015_PST).pptx
2015-01-06 09:24 - 2015-01-06 09:24 - 00065536 _____ () C:\Users\Tracy\Downloads\FLVPlayer-Chrome (1).exe
2015-01-03 19:13 - 2015-01-03 19:13 - 00595056 _____ () C:\Users\Tracy\Downloads\Installation.exe
2015-01-03 19:12 - 2015-01-03 19:13 - 00066528 _____ () C:\Users\Tracy\Downloads\FLVPlayer-Chrome.exe
2015-01-02 11:53 - 2015-01-02 11:53 - 00058780 _____ () C:\Users\Tracy\Desktop\HP Installation Error - Windows 7.hta
2015-01-02 11:29 - 2009-09-30 20:19 - 00000418 ____N () C:\Windows\hpwmdl28.dat.temp
2015-01-02 11:23 - 2015-01-02 11:23 - 05197824 _____ () C:\Users\Tracy\Downloads\HPSupportSolutionsFramework-en-11.51.0048.msi
2014-12-31 11:15 - 2014-12-31 11:15 - 02008965 _____ () C:\Users\Tracy\Downloads\happy_new_year_2015_312182.zip
2014-12-29 11:34 - 2014-12-29 11:40 - 47809240 _____ () C:\Users\Tracy\Downloads\Coach Mike Ditka on Gridiron Greats.mp4
2014-12-29 11:31 - 2014-12-29 11:32 - 30986863 _____ () C:\Users\Tracy\Downloads\Mike Ditka Gridiron Greats Fundraising Challenge.mp4
2014-12-23 10:57 - 2014-12-23 10:57 - 00089785 _____ () C:\Users\Tracy\Downloads\Free_Google+_Page_Report_on_Wynn_at_Law,_LLC_(10_23_2014-12_22_2014_PST) (1).pptx
2014-12-23 10:52 - 2014-12-23 10:52 - 00089790 _____ () C:\Users\Tracy\Downloads\Free_Google+_Page_Report_on_Wynn_at_Law,_LLC_(10_23_2014-12_22_2014_PST).pptx
2014-12-23 10:11 - 2014-12-23 10:11 - 00002585 _____ () C:\Users\Tracy\Downloads\wynnatlaw-com_20141223T171121Z_TopSearchQueries_20141123-20141223.csv
2014-12-23 10:10 - 2014-12-23 10:10 - 00000417 _____ () C:\Users\Tracy\Downloads\wynnatlaw-com_20141223T171056Z_TopSearchQueriesTimeseries_20141123-20141223.csv
2014-12-18 12:55 - 2015-01-04 12:57 - 00000000 ____D () C:\Users\Tracy\AppData\Local\AnyMeeting
2014-12-18 12:36 - 2014-12-18 12:37 - 30431616 _____ (Microsoft Corporation) C:\Users\Tracy\Downloads\AnyMeetingInstaller_v3.1.0.exe
2014-12-14 18:35 - 2014-12-14 19:06 - 03224139 _____ () C:\Users\Tracy\Documents\TShirt_Full-FrontChest.psd
2014-12-14 18:29 - 2014-12-14 18:29 - 00224838 _____ () C:\Users\Tracy\Downloads\_T-Shirts-Womens-Left_Chest.zip
2014-12-14 18:21 - 2014-12-14 18:21 - 05207198 _____ () C:\Users\Tracy\Documents\TShirt_Full-Frontd.psd
2014-12-14 18:19 - 2014-12-14 19:01 - 04205250 _____ () C:\Users\Tracy\Documents\TShirt_Full-Backc.psd
2014-12-14 18:16 - 2014-12-14 18:16 - 05297104 _____ () C:\Users\Tracy\Documents\TShirt_Full-Frontc.psd
2014-12-14 18:03 - 2014-12-14 18:03 - 05311352 _____ () C:\Users\Tracy\Documents\TShirt_Full-Frontb.psd
2014-12-14 17:39 - 2014-12-14 17:39 - 04419832 _____ () C:\Users\Tracy\Documents\TShirt_Full-Front.psd
2014-12-14 15:13 - 2014-12-14 18:15 - 04585233 _____ () C:\Users\Tracy\Documents\TShirt_Full-Back.psd
2014-12-14 15:13 - 2014-12-14 15:13 - 01954905 _____ () C:\Users\Tracy\Documents\TShirt_Full.psd
2014-12-14 14:32 - 2014-12-14 14:32 - 00180541 _____ () C:\Users\Tracy\Downloads\_T-Shirts-Womens (1).zip
2014-12-14 14:31 - 2014-12-14 14:31 - 00180541 _____ () C:\Users\Tracy\Downloads\_T-Shirts-Womens.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-06 14:48 - 2012-09-06 07:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 14:47 - 2014-11-19 17:14 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-01-06 14:45 - 2012-09-12 13:52 - 00011104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 14:45 - 2012-09-12 13:52 - 00011104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 14:43 - 2012-09-12 14:48 - 01050016 _____ () C:\Windows\WindowsUpdate.log
2015-01-06 14:40 - 2014-04-13 09:35 - 00000000 ____D () C:\ProgramData\Apple
2015-01-06 14:33 - 2012-09-06 07:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-06 14:31 - 2012-09-06 07:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-06 14:31 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 14:31 - 2009-07-13 21:51 - 32524761 _____ () C:\Windows\setupact.log
2015-01-06 14:30 - 2012-09-12 14:21 - 00194346 _____ () C:\Windows\PFRO.log
2015-01-06 14:29 - 2014-11-19 16:59 - 00009799 _____ () C:\ProgramData\hpzinstall.log
2015-01-06 14:28 - 2014-11-19 16:57 - 00000000 ____D () C:\ProgramData\HP
2015-01-06 14:26 - 2014-11-19 16:47 - 00000000 ____D () C:\Program Files (x86)\Hp
2015-01-06 14:00 - 2012-09-18 16:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-06 10:17 - 2012-09-06 11:47 - 00000000 ____D () C:\Users\Tracy\Documents\Hupy
2015-01-06 09:25 - 2012-09-06 14:06 - 00000000 ____D () C:\Users\Tracy\AppData\Local\Adobe
2015-01-06 09:21 - 2012-09-12 15:26 - 00119736 _____ () C:\Users\Tracy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-05 23:32 - 2009-07-13 21:45 - 05087552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-05 22:28 - 2012-10-03 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2015-01-05 22:28 - 2012-10-03 09:27 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2015-01-05 18:00 - 2014-04-19 19:41 - 00000466 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2015-01-04 12:59 - 2014-09-05 08:34 - 00000000 ____D () C:\Windows\pss
2015-01-04 12:58 - 2012-12-29 16:11 - 00000000 ___RD () C:\Users\Tracy\Dropbox
2015-01-04 12:58 - 2012-12-29 16:07 - 00000000 ____D () C:\Users\Tracy\AppData\Roaming\Dropbox
2015-01-04 00:07 - 2014-10-15 08:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 15:42 - 2014-04-14 11:03 - 00000000 ____D () C:\Users\Tracy\Documents\Wayne
2015-01-02 11:41 - 2006-11-02 05:34 - 00000254 _____ () C:\Windows\win.ini
2015-01-02 11:29 - 2014-11-19 16:59 - 00207581 _____ () C:\Windows\hpwins28.dat
2014-12-29 20:32 - 2009-07-13 22:13 - 00844518 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 13:17 - 2012-09-15 12:09 - 00000000 ____D () C:\Users\Tracy\Documents\Speaking
2014-12-17 10:35 - 2012-09-15 12:10 - 00000000 ____D () C:\Users\Tracy\Documents\Themes
2014-12-17 10:31 - 2012-09-15 12:04 - 00000000 ____D () C:\Users\Tracy\Documents\Marketing Resources
2014-12-14 08:31 - 2013-01-24 08:46 - 00001017 _____ () C:\Users\Tracy\Desktop\Dropbox.lnk
2014-12-14 08:31 - 2012-12-29 16:08 - 00000000 ____D () C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-14 08:21 - 2009-07-13 22:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-12 00:05 - 2012-09-06 07:39 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 21:55 - 2012-09-06 08:18 - 00000000 ____D () C:\Users\Tracy\AppData\Roaming\FileZilla
2014-12-10 09:00 - 2012-09-18 16:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 09:00 - 2012-09-18 16:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 09:00 - 2012-09-18 16:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 13:19 - 2014-10-15 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-09 13:19 - 2014-10-15 08:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
 
Some content of TEMP:
====================
C:\Users\Tracy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjkjosd.dll
C:\Users\Tracy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 14:15
 
==================== End Of Log ============================
 
 
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015
Ran by Tracy at 2015-01-06 14:49:54
Running from C:\Users\Tracy\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Any Video Converter 5.7.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ATI Catalyst Install Manager (HKLM\...\{64FBA03C-575C-D688-1C80-A5773CE471F9}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
AVerMedia HC82 Express-Card Hybrid Analog (HKLM-x32\...\InstallShield_{1F295031-E793-4308-A384-5553977DFD13}) (Version: 2.00.0001 - AVerMedia)
AVerMedia HC82 Express-Card Hybrid Analog (x32 Version: 2.00.0001 - AVerMedia) Hidden
AVerMedia MCE Encoder x64 3.0.1.0 (HKLM-x32\...\AVerMedia MCE Encoder x64) (Version: 3.0.1.0 - AVerMedia Technologies, Inc.)
Belarc Advisor 8.2 (HKLM-x32\...\Belarc Advisor) (Version: 8.2.7.16 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.07.01 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
ccc-core-static (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Citrix Online Launcher (HKLM-x32\...\{75C7BFBC-5FA8-47C9-9E6C-AD1954F63A53}) (Version: 1.0.109 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 11.2.12.0 - Synaptics)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.33 - Creative Technology Ltd)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
doPDF (Version: 8.0.907 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{a137ef5e-56f5-4cca-89f8-80df47fc4521}) (Version: 8.0.906.0 - Softland)
Dropbox (HKU\S-1-5-21-1613603796-1990743980-727887599-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk (remove only) (HKU\S-1-5-21-1613603796-1990743980-727887599-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.7.0.1172 (HKU\S-1-5-21-1613603796-1990743980-727887599-1000\...\GoToMeeting) (Version: 5.7.0.1172 - CitrixOnline)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6267.0 - IDT)
Integrated Webcam Driver (1.03.02.0919)   (HKLM\...\Creative OA001) (Version:  - )
Intel® PROSet/Wireless WiFi Driver (HKLM\...\{AFE36C05-B442-4DEA-9BFB-2D72C8A1E153}) (Version: 12.00.2000 - Intel® Corporation)
ITECIR (HKLM-x32\...\{F6BB6248-C507-46FE-8A35-1B16F35E0441}) (Version: 1.9 - ITE)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.3.37.0 - )
Lexmark Tools for Office (HKLM-x32\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.29.0.0 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Accounting 2009 (HKLM-x32\...\Microsoft Office Accounting 2009) (Version: 4.0.3610.0 - Microsoft Corporation)
Microsoft Office Accounting 2009 Equifax Addin (HKLM-x32\...\{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}) (Version: 4.0.1930.0 - Microsoft Corporation)
Microsoft Office Accounting 2009 Fixed Asset Manager (HKLM-x32\...\{53276F5A-85AB-4BEF-BAA2-2490975DC006}) (Version: 4.0.1930.0 - Microsoft Corporation)
Microsoft Office Accounting 2009 PayPal Addin (HKLM-x32\...\{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}) (Version: 4.0.1930.0 - Microsoft Corporation)
Microsoft Office Accounting 2009 Tax Integration Add-in (HKLM-x32\...\{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}) (Version: 4.0.1930.0 - Microsoft Corporation)
Microsoft Office Accounting ADP Payroll Addin (HKLM-x32\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1613603796-1990743980-727887599-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Modem Diagnostics Tool (HKLM\...\{1C89932F-1D9D-4776-AD7A-9156FF792539}) (Version: 1.0.22.0 - Dell)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyFonts Order M4439045 (HKLM-x32\...\{F564454D-DEBE-0CCE-93C3-FD8DEB975100}) (Version: 1.0 - MyFonts.com, Inc.)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.46 - BVRP Software, Inc)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{72FA3932-13F2-4AC2-9859-80DFB3E32D27}) (Version: 8.0.907 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{56C7F352-A03D-447C-98C2-7185F6067CC1}) (Version: 8.0.907 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{8B94B029-DF00-4314-BE5F-96AAA44D0B5A}) (Version: 8.0.907 - Softland)
Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.13 - Dell Inc.)
RICOH Media Driver ver.2.07.01.00 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.00 - RICOH)
RICOH R5C83x/84x Media Driver Ver.3.53.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.53.02 - RICOH)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
SERPAttacks (HKLM-x32\...\SERPAttacks_is1) (Version:  - Jayson Yanuaria)
Skins (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WIDCOMM Bluetooth Software 6.1.0.4402 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.4402 - Dell)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zip Repair Pro (HKLM-x32\...\Zip Repair Pro_is1) (Version: 5.1.0.1431 - GetData Pty Ltd)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1172\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Tracy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Tracy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Tracy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tracy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
16-10-2014 15:04:20 Scheduled Checkpoint
24-10-2014 10:36:09 Scheduled Checkpoint
25-10-2014 02:33:51 Windows Update
30-10-2014 06:46:18 Installed Java 7 Update 71
01-11-2014 00:05:18 Windows Update
08-11-2014 01:33:12 Windows Update
15-11-2014 07:33:31 Windows Update
19-11-2014 16:46:15 Installed HP Support Solutions Framework
21-11-2014 02:20:53 Windows Update
26-11-2014 05:37:50 Windows Update
29-11-2014 10:47:12 Windows Update
07-12-2014 01:23:15 Scheduled Checkpoint
07-12-2014 02:45:16 Windows Update
12-12-2014 05:25:04 Windows Update
18-12-2014 02:35:19 Windows Update
18-12-2014 12:54:11 Installed AnyMeeting
23-12-2014 03:16:29 Windows Update
26-12-2014 14:33:45 Windows Update
02-01-2015 11:23:53 Installed HP Support Solutions Framework
05-01-2015 22:10:47 Restore Operation
05-01-2015 22:24:13 Removed AnyMeeting
05-01-2015 22:37:14 Removed HP Support Solutions Framework
05-01-2015 22:40:08 Removed HP Update.
06-01-2015 14:36:42 Removed Apple Application Support
06-01-2015 14:40:21 Removed Apple Mobile Device Support
06-01-2015 14:41:35 Removed Apple Software Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:34 - 2014-12-09 13:23 - 00450713 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {56AA5446-415B-4FD5-B697-401A1EB98CFE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-03] (AVAST Software)
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {762A2259-5860-4272-91AE-4780BD0A7015} - System32\Tasks\AdobeAAMUpdater-1.0-Tracy-PC-Tracy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-07-31] (Adobe Systems Incorporated)
Task: {7D890074-8864-4BF4-9097-B22DABFCAC7C} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2014-05-19] ()
Task: {ADF18BF1-2DB4-4915-A073-AACC79A49FAC} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {D38B714F-8E91-4F57-9D9C-B293B0774EAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {DE8B9393-6922-4C0F-AA25-DF767971C11C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EE3F064A-4B93-4547-925E-6D05227A55E8} - System32\Tasks\{32A10F24-0A49-4E81-B532-7ABA7F26BD0F} => pcalua.exe -a C:\Users\Tracy\Downloads\HiJackThis.exe -d C:\Users\Tracy\Downloads
Task: {F5792F9A-4948-4731-9077-2B01A7EAB0D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll
 
==================== Loaded Modules (whitelisted) =============
 
2012-09-12 18:36 - 2009-04-17 03:53 - 00053760 _____ () C:\Windows\System32\LXEAPMON.DLL
2012-09-12 18:35 - 2009-01-13 06:15 - 04485120 _____ () C:\Windows\System32\LXEAOEM.DLL
2014-05-19 14:48 - 2014-05-19 14:48 - 00017920 _____ () C:\Windows\System32\novamn8.dll
2012-09-12 18:40 - 2009-06-19 02:01 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2014-05-01 12:29 - 2014-05-01 12:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-21 07:20 - 2014-05-21 07:20 - 00130933 _____ () C:\Windows\TEMP\2a9a7188-2f9b-4c02-a7f4-5421caf99ace\AgileDotNetRT64.dll
2014-05-21 07:21 - 2014-05-21 07:21 - 00130933 _____ () C:\Windows\TEMP\2baca5df-110d-4425-83de-0e951af60763\AgileDotNetRT64.dll
2008-06-05 14:00 - 2008-06-05 14:00 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-05-05 10:56 - 2009-05-05 10:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-09-12 14:09 - 2012-09-12 14:09 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-10-03 06:57 - 2014-10-03 06:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-01-06 13:22 - 2015-01-06 13:22 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010601\algo.dll
2014-10-16 02:15 - 2014-10-16 02:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-10-03 06:57 - 2014-10-03 06:57 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-12 00:05 - 2014-12-05 18:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 00:05 - 2014-12-05 18:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 00:05 - 2014-12-05 18:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 00:05 - 2014-12-05 18:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Tracy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AnyMeeting.lnk => C:\Windows\pss\AnyMeeting.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tracy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
MSCONFIG\startupreg: googletalk => C:\Users\Tracy\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lexmark S300-S400 Series => "C:\Program Files (x86)\Lexmark S300-S400 Series\fm3032.exe" /s
MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1613603796-1990743980-727887599-500 - Administrator - Disabled)
Guest (S-1-5-21-1613603796-1990743980-727887599-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1613603796-1990743980-727887599-1005 - Limited - Enabled)
Tracy (S-1-5-21-1613603796-1990743980-727887599-1000 - Administrator - Enabled) => C:\Users\Tracy
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/06/2015 02:40:12 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Tracy-PC)
Description: Application or service 'Apple Mobile Device' could not be restarted.
 
Error: (01/06/2015 02:32:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/06/2015 02:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hpzscr40.exe, version: 13.0.445.0, time stamp: 0x4a7346a0
Faulting module name: hpzscr40.exe, version: 13.0.445.0, time stamp: 0x4a7346a0
Exception code: 0xc0000417
Fault offset: 0x0000000000100bf4
Faulting process id: 0xebc
Faulting application start time: 0xhpzscr40.exe0
Faulting application path: hpzscr40.exe1
Faulting module path: hpzscr40.exe2
Report Id: hpzscr40.exe3
 
Error: (01/06/2015 11:52:30 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (01/06/2015 09:16:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 11:33:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 10:33:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 10:21:26 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x8007045b.
 
Error: (01/05/2015 10:19:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 10:00:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (01/06/2015 02:40:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error: 
%%1053
 
Error: (01/06/2015 02:40:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
 
Error: (01/06/2015 02:39:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (01/06/2015 02:31:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (01/06/2015 02:31:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
 
Error: (01/06/2015 09:17:15 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (01/06/2015 09:14:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (01/06/2015 09:14:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
 
Error: (01/05/2015 11:32:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (01/05/2015 11:32:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (07/24/2014 10:17:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1377 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (05/19/2014 07:15:51 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 206 seconds with 180 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-09-08 14:51:07.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-08 14:51:07.096
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-08 14:51:07.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-08 14:51:06.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-08 14:51:06.816
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 45%
Total physical RAM: 5084.86 MB
Available physical RAM: 2760.2 MB
Total Pagefile: 10167.85 MB
Available Pagefile: 7562 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.75 GB) (Free:154.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 39913991)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
aswMBR:
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2015-01-06 15:14:02
-----------------------------
15:14:02.643    OS Version: Windows x64 6.1.7600 
15:14:02.643    Number of processors: 2 586 0x170A
15:14:02.643    ComputerName: TRACY-PC  UserName: Tracy
15:14:05.825    Initialize success
15:14:05.825    VM: initialized successfully
15:14:05.825    VM: Intel CPU BiosDisabled 
15:14:11.693    VM: supported disk I/O ataport.SYS
15:14:15.172    AVAST engine defs: 15010601
15:14:39.762    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:14:39.778    Disk 0 Vendor: WDC_WD5000BPVT-24HXZT3 03.01A03 Size: 476940MB BusType: 3
15:14:39.981    Disk 0 MBR read successfully
15:14:39.981    Disk 0 MBR scan
15:14:39.981    Disk 0 Windows 7 default MBR code
15:14:39.981    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476929 MB offset 63
15:14:39.996    Disk 0 default boot code
15:14:40.012    Disk 0 scanning C:\Windows\system32\drivers
15:14:50.154    Service scanning
15:15:15.011    Modules scanning
15:15:15.011    Disk 0 trace - called modules:
15:15:15.058    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
15:15:15.058    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005842060]
15:15:15.073    3 CLASSPNP.SYS[fffff880018a343f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80052be060]
15:15:15.916    AVAST engine scan C:\Windows
15:15:18.708    AVAST engine scan C:\Windows\system32
15:17:44.392    AVAST engine scan C:\Windows\system32\drivers
15:17:56.718    AVAST engine scan C:\Users\Tracy
15:30:05.257    File: C:\Users\Tracy\AppData\Local\Temp\MSI4DE4.tmp-\srbu.dll  **INFECTED** Win32:Malware-gen
16:20:10.249    File: C:\Users\Tracy\Downloads\FLVPlayer-Chrome.exe  **INFECTED** Win32:Rootkit-gen [Rtk]
17:04:02.476    AVAST engine scan C:\ProgramData
17:07:58.323    Scan finished successfully
17:37:49.040    Disk 0 MBR has been saved successfully to "C:\Users\Tracy\Documents\farbar\MBR.dat"
17:37:49.103    The log file has been saved successfully to "C:\Users\Tracy\Documents\farbar\aswMBR.txt"
 
 
 
Thank you.

 


    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,494 posts
  • Interests:Boo!....
  • MVP

Posted 07 January 2015 - 08:20 AM

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

~~
Please use the add/remove programs list to uninstall
Java 6 Update 7

~~~~
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
  • xehzOq95.png.pagespeed.ic.1o1xpAkZbO.pngBackup Internet Explorer Favourites
  • xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpgBackup Firefox Bookmarks
  • U5NwUGc.pngBackup Chrome Bookmarks
  • Proceed with the reset once done.
  • xehzOq95.png.pagespeed.ic.1o1xpAkZbO.pngInternet Explorer: How to reset Internet Explorer settings
  • xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpgFirefox: Reset Firefox
  • U5NwUGc.pngChrome: Chrome - Reset browser settings
  • ~~~~~~~~~~~~~~~~~~~

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
     

    start
    CloseProcesses:
    HKU\S-1-5-21-1613603796-1990743980-727887599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
    SearchScopes: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    Toolbar: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    C:\Users\Tracy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjkjosd.dll
    C:\Users\Tracy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Tracy\AppData\Local\Temp\MSI4DE4.tmp-\srbu.dll
    C:\Users\Tracy\Downloads\FLVPlayer-Chrome.exe
    EmptyTemp:
    Hosts:
    End

    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    *******
    iAdP9bf.pngMalwarebytes Anti-Rootkit (MBAR)
  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Double-click MBAR.exe to run the installer.
  • Select a convenient location to extract the contents and click OK. Navigate to the location you selected.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Follow the prompts to update the programme and scan your computer.
  • Upon completion, click Cleanup and reboot your computer.
  • After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more.
  • Upon completion, two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

  • ******************
    BY4dvz9.pngAdwCleaner
  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
  • -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    thisisujrt.gif
    Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • ~~~~~`


    please post
    Fixlog.txt
    Malwarebytes Anti-Rootkit
    C:\AdwCleaner.txt
    JRT.txt

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 gwtterry

gwtterry

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 07 January 2015 - 12:19 PM

Thank you.  Here are results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Tracy at 2015-01-07 09:46:51 Run:1
Running from C:\Users\Tracy\Downloads
Loaded Profile: Tracy (Available profiles: Tracy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-1613603796-1990743980-727887599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
C:\Users\Tracy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjkjosd.dll
C:\Users\Tracy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Tracy\AppData\Local\Temp\MSI4DE4.tmp-\srbu.dll
C:\Users\Tracy\Downloads\FLVPlayer-Chrome.exe
EmptyTemp:
Hosts:
End
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-1613603796-1990743980-727887599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-1613603796-1990743980-727887599-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 
HKU\S-1-5-21-1613603796-1990743980-727887599-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
HKU\S-1-5-21-1613603796-1990743980-727887599-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found. 
"C:\Users\Tracy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjkjosd.dll" => File/Directory not found.
C:\Users\Tracy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Tracy\AppData\Local\Temp\MSI4DE4.tmp-\srbu.dll => Moved successfully.
C:\Users\Tracy\Downloads\FLVPlayer-Chrome.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 27.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 09:52:55 ====
 
 
 
# AdwCleaner v4.106 - Report created 07/01/2015 at 10:45:35
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : Tracy - TRACY-PC
# Running from : C:\Users\Tracy\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Tracy\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Tracy\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Folder Deleted : C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\SmartBar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.17267
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [2285 octets] - [07/01/2015 10:42:39]
AdwCleaner[S0].txt - [2025 octets] - [07/01/2015 10:45:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2085 octets] ##########
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Tracy on Wed 01/07/2015 at 10:55:15.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Tracy\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Users\Tracy\appdata\local\thinstall"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/07/2015 at 11:00:01.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
 
Database version: v2015.01.07.11
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Tracy :: TRACY-PC [administrator]
 
1/7/2015 10:07:00 AM
mbar-log-2015-01-07 (10-07-00).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 331617
Time elapsed: 19 minute(s), 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 


#4 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,494 posts
  • Interests:Boo!....
  • MVP

Posted 07 January 2015 - 12:43 PM

Tell me what the computer is doing now?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 gwtterry

gwtterry

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 07 January 2015 - 01:53 PM

I had to run out for a minute. I haven't had a chance since the scans and removal to use it consistently to gauge it, but it is moving somewhat faster thus far.



#6 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,494 posts
  • Interests:Boo!....
  • MVP

Posted 07 January 2015 - 03:16 PM

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note:
    For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#7 gwtterry

gwtterry

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 08 January 2015 - 09:33 AM

ESET Results:

 

C:\FRST\Quarantine\C\Users\Tracy\AppData\Local\Temp\MSI4DE4.tmp-\srbu.dll.xBAD a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Tracy\Downloads\FLVPlayer-Chrome.exe.xBAD NSIS/TrojanDownloader.Adload.AA trojan
C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe a variant of Win32/Somoto.A potentially unwanted application
C:\Users\Tracy\Documents\Ted\Chenequa-Caretaking\Website\wp-admin\images\toggle-faber-maud.php PHP/Kryptik.AB trojan
C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-admin\link-majority-propitiate.php PHP/Kryptik.AB trojan
C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-content\themes\TheCorporation\header.php JS/Agent.NNS trojan
C:\Users\Tracy\Documents\Ted\Ideal-Contractors\Website\wp-weather.php PHP/Kryptik.AB trojan
C:\Users\Tracy\Documents\Wynn\New Website\system.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\videos\ini.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\ajax.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\menu.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\img\include.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\page.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\css\object.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\images\info.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\js\dir.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\lib_options_up.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\attachments\dir.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchabg\sql.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\help.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\model.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\images\model.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\code.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\start.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\alias.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\dirs.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\include\db.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\langs\system.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\phpmailer\test.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\styling\cache.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\stats.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\ini.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\option.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\plugin.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\xml.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\test.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\ajax.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\functions.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\themes.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\config.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\dirs.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\languages\article.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\view.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\rtl\test.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\contact-form\images\info.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\holiday-snow\title.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\infinite-scroll\infinity.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\likes\include.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\minileven\theme\pub\minileven\sidebar.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\functions.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\global.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\post-by-email\system.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\publicize\assets\utf.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\sharedaddy\dump.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\gallery.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\search.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\img\code.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\widgets\header.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\_inc\images\rss\file.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\page.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\proxy.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\search.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\dirs.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\session.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\option.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\proxy.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\css.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\menu.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\lang\object.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\alias.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\cache.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\stats.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\css\page.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\bad-behavior.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\wordpress-seo.php.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\include.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\index.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\config.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\filesystem-message.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\files.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\resources\step3.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\config.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\inc.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\gentium\ini.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\tmp\system.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\proxy.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\image\info.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\db.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\global.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\stats.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\user.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\jscolor\press.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\footer.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\menu.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\js\template.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\include.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\config.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\files.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\gallery.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\global.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\content-aside.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\sql.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\css\utf.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\genericons\font\general.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\images\config.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\back-compat.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\template-tags.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\user.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\js\proxy.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\languages\user.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\template.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\fonts\user.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\back-compat.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\file.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\files.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\js\system.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\header.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\options.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\inc\utf.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\languages\ajax.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\page-templates\front-page.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2012\list.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\09\page.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\11\ini.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\12\article.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\general.php PHP/Agent.NEH trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\options.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\03\header.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\file.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\footer.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\06\themes.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\07\stats.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\08\config.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\wpcf7_captcha\system.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\footer.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\css\file.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\fonts\header.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\ID3\model.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\view.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\crystal\files.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\css.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\javascript.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\plugin.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\user.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\wlw\functions.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\imgareaselect\stats.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\jquery\object.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\mediaelement\general.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\file.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\include.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\dir.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\test.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\list.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\press.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\functions.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\blog.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\charmap\header.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\image\info.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\tabfocus\cache.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\textcolor\object.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wordpress\include.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpautoresize\search.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpeditimage\start.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\skins\wordpress\css.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\themes\dir.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\utils\plugin.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\blog.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\dir.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\option.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\admin.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\menu.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\session.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\db.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\menu.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Decode\HTML\code.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\model.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\template.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Net\admin.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\global.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\header.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\inc.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\XML\menu.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\inc.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Engine\dump.php PHP/WebShell.NBV trojan
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Renderer\dir.php PHP/Agent.NEH trojan
C:\Users\Tracy\Downloads\avc-free (2).exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Tracy\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application
C:\Users\Tracy\Downloads\Brothersoft_downloader_For_Microsoft_Office_Accounting_Professional.exe a variant of Win32/BSDownloader potentially unwanted application
C:\Users\Tracy\Downloads\firstrowsportapp_setup(19).exe Win32/Adware.Yontoo.D application
C:\Users\Tracy\Downloads\FLVPlayer-Chrome (1).exe NSIS/TrojanDownloader.Adload.AA trojan
C:\Users\Tracy\Downloads\Installation.exe a variant of Win32/OutBrowse.BQ potentially unwanted application


#8 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,494 posts
  • Interests:Boo!....
  • MVP

Posted 08 January 2015 - 12:02 PM

Do you maintain a web site?

C:\Users\Tracy\Documents\Wynn\New Website

C:\Users\Tracy\Documents\Ted\Chenequa-Caretaking\Website

I can set up a script to take these items out but I'm not sure what exactly will become of it.
If you run/maintain a web site on your end it might not function well there after?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#9 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,494 posts
  • Interests:Boo!....
  • MVP

Posted 08 January 2015 - 12:08 PM

these we can take out

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
 

start
CloseProcesses:
C:\Users\Tracy\Downloads\avc-free (2).exe
C:\Users\Tracy\Downloads\avc-free.exe
C:\Users\Tracy\Downloads\Brothersoft_downloader_For_Microsoft_Office_Accounting_Professional.exe
C:\Users\Tracy\Downloads\firstrowsportapp_setup(19).exe
C:\Users\Tracy\Downloads\FLVPlayer-Chrome (1).exe
C:\Users\Tracy\Downloads\Installation.exe
C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#10 gwtterry

gwtterry

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 08 January 2015 - 06:11 PM

I will run and post in my next reply.  Website are hosted on godaddy so nothing will alter what is live by taking off my computer.  Backups are just saved on my computer in case of disaster, or so I don't have create all new photoshop documents for banners, etc. if they want to change something later.  If something's infected, let's just remove it.  Thanks.


    Advertisements

Register to Remove


#11 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,494 posts
  • Interests:Boo!....
  • MVP

Posted 08 January 2015 - 06:31 PM

OK
I'll try to fix it with a script with FRST,  if it fails,  you'll have to go to those folders manually and delete them out.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
 

start
CloseProcesses:
C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe
C:\Users\Tracy\Documents\Ted\Chenequa-Caretaking\Website\wp-admin\images\toggle-faber-maud.php
C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-admin\link-majority-propitiate.php
C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-content\themes\TheCorporation\header.php J
C:\Users\Tracy\Documents\Ted\Ideal-Contractors\Website\wp-weather.php
C:\Users\Tracy\Documents\Wynn\New Website\system.php
C:\Users\Tracy\Documents\Wynn\New Website\videos\ini.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\ajax.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\img\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\css\object.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\images\info.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\js\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\lib_options_up.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\attachments\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchabg\sql.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\help.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\model.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\images\model.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\code.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\start.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\alias.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\dirs.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\include\db.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\langs\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\phpmailer\test.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\styling\cache.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\ini.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\option.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\plugin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\xml.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\test.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\ajax.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\functions.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\themes.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\dirs.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\languages\article.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\view.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\rtl\test.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\contact-form\images\info.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\holiday-snow\title.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\infinite-scroll\infinity.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\likes\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\minileven\theme\pub\minileven\sidebar.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\functions.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\global.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\post-by-email\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\publicize\assets\utf.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\sharedaddy\dump.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\gallery.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\search.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\img\code.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\widgets\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\_inc\images\rss\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\proxy.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\search.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\dirs.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\session.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\option.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\proxy.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\css.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\lang\object.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\alias.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\cache.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\css\page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\bad-behavior.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\wordpress-seo.php.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\index.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\filesystem-message.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\files.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\resources\step3.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\inc.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\gentium\ini.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\tmp\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\proxy.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\image\info.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\db.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\global.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\jscolor\press.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\footer.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\js\template.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\files.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\gallery.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\global.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\content-aside.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\sql.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\css\utf.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\genericons\font\general.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\images\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\back-compat.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\template-tags.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\js\proxy.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\languages\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\template.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\fonts\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\back-compat.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\files.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\js\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\options.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\inc\utf.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\languages\ajax.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\page-templates\front-page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2012\list.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\09\page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\12\article.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\general.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\options.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\03\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\footer.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\06\themes.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\07\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\08\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\wpcf7_captcha\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\footer.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\css\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\fonts\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\ID3\model.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\view.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\crystal\files.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\css.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\javascript.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\plugin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\wlw\functions.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\imgareaselect\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\jquery\object.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\mediaelement\general.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\test.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\list.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\press.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\functions.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\blog.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\charmap\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\image\info.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\tabfocus\cache.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\textcolor\object.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wordpress\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpautoresize\search.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpeditimage\start.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\skins\wordpress\css.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\themes\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\utils\plugin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\blog.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\option.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\admin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\session.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\db.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Decode\HTML\code.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\model.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\template.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Net\admin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\global.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\inc.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\XML\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\inc.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Engine\dump.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Renderer\dir.php
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#12 gwtterry

gwtterry

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 09 January 2015 - 12:06 AM

Here's first log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Tracy at 2015-01-08 22:56:55 Run:2
Running from C:\Users\Tracy\Downloads
Loaded Profile: Tracy (Available profiles: Tracy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\Tracy\Downloads\avc-free (2).exe
C:\Users\Tracy\Downloads\avc-free.exe
C:\Users\Tracy\Downloads\Brothersoft_downloader_For_Microsoft_Office_Accounting_Professional.exe
C:\Users\Tracy\Downloads\firstrowsportapp_setup(19).exe
C:\Users\Tracy\Downloads\FLVPlayer-Chrome (1).exe
C:\Users\Tracy\Downloads\Installation.exe
C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe
EmptyTemp:
End
*****************
 
Processes closed successfully.
C:\Users\Tracy\Downloads\avc-free (2).exe => Moved successfully.
C:\Users\Tracy\Downloads\avc-free.exe => Moved successfully.
C:\Users\Tracy\Downloads\Brothersoft_downloader_For_Microsoft_Office_Accounting_Professional.exe => Moved successfully.
C:\Users\Tracy\Downloads\firstrowsportapp_setup(19).exe => Moved successfully.
C:\Users\Tracy\Downloads\FLVPlayer-Chrome (1).exe => Moved successfully.
C:\Users\Tracy\Downloads\Installation.exe => Moved successfully.
C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe => Moved successfully.
EmptyTemp: => Removed 481.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:57:20 ====


#13 gwtterry

gwtterry

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 09 January 2015 - 12:16 AM

2nd log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Tracy at 2015-01-08 23:08:30 Run:3
Running from C:\Users\Tracy\Downloads
Loaded Profile: Tracy (Available profiles: Tracy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe
C:\Users\Tracy\Documents\Ted\Chenequa-Caretaking\Website\wp-admin\images\toggle-faber-maud.php
C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-admin\link-majority-propitiate.php
C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-content\themes\TheCorporation\header.php J
C:\Users\Tracy\Documents\Ted\Ideal-Contractors\Website\wp-weather.php
C:\Users\Tracy\Documents\Wynn\New Website\system.php
C:\Users\Tracy\Documents\Wynn\New Website\videos\ini.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\ajax.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\img\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\css\object.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\images\info.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\js\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\lib_options_up.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\attachments\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchabg\sql.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\help.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\model.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\images\model.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\code.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\start.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\alias.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\dirs.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\include\db.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\langs\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\phpmailer\test.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\styling\cache.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\ini.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\option.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\plugin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\xml.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\test.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\ajax.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\functions.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\themes.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\dirs.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\languages\article.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\view.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\rtl\test.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\contact-form\images\info.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\holiday-snow\title.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\infinite-scroll\infinity.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\likes\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\minileven\theme\pub\minileven\sidebar.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\functions.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\global.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\post-by-email\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\publicize\assets\utf.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\sharedaddy\dump.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\gallery.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\search.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\img\code.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\widgets\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\_inc\images\rss\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\proxy.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\search.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\dirs.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\session.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\option.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\proxy.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\css.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\lang\object.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\alias.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\cache.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\css\page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\bad-behavior.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\wordpress-seo.php.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\index.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\filesystem-message.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\files.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\resources\step3.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\inc.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\gentium\ini.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\tmp\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\proxy.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\image\info.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\db.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\global.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\jscolor\press.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\footer.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\js\template.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\files.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\gallery.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\global.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\content-aside.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\sql.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\css\utf.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\genericons\font\general.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\images\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\back-compat.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\template-tags.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\js\proxy.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\languages\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\template.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\fonts\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\back-compat.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\files.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\js\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\options.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\inc\utf.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\languages\ajax.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\page-templates\front-page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2012\list.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\09\page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\12\article.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\general.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\options.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\03\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\footer.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\06\themes.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\07\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\08\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\wpcf7_captcha\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\footer.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\css\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\fonts\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\ID3\model.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\view.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\crystal\files.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\css.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\javascript.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\plugin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\wlw\functions.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\imgareaselect\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\jquery\object.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\mediaelement\general.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\test.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\list.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\press.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\functions.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\blog.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\charmap\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\image\info.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\tabfocus\cache.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\textcolor\object.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wordpress\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpautoresize\search.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpeditimage\start.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\skins\wordpress\css.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\themes\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\utils\plugin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\blog.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\option.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\admin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\session.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\db.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Decode\HTML\code.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\model.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\template.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Net\admin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\global.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\inc.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\XML\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\inc.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Engine\dump.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Renderer\dir.php
EmptyTemp:
End
*****************
 
Processes closed successfully.
"C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe" => File/Directory not found.
C:\Users\Tracy\Documents\Ted\Chenequa-Caretaking\Website\wp-admin\images\toggle-faber-maud.php => Moved successfully.
C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-admin\link-majority-propitiate.php => Moved successfully.
"C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-content\themes\TheCorporation\header.php J" => File/Directory not found.
C:\Users\Tracy\Documents\Ted\Ideal-Contractors\Website\wp-weather.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\system.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\videos\ini.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\ajax.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\menu.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\img\include.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\page.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\css\object.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\images\info.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\js\dir.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\lib_options_up.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\attachments\dir.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchabg\sql.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\help.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\model.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\images\model.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\code.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\start.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\alias.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\dirs.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\include\db.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\langs\system.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\phpmailer\test.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\styling\cache.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\stats.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\ini.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\option.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\plugin.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\xml.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\test.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\ajax.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\functions.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\themes.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\config.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\dirs.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\languages\article.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\view.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\rtl\test.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\contact-form\images\info.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\holiday-snow\title.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\infinite-scroll\infinity.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\likes\include.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\minileven\theme\pub\minileven\sidebar.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\functions.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\global.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\post-by-email\system.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\publicize\assets\utf.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\sharedaddy\dump.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\gallery.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\search.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\img\code.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\widgets\header.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\_inc\images\rss\file.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\page.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\proxy.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\search.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\dirs.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\session.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\option.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\proxy.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\css.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\menu.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\lang\object.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\alias.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\cache.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\stats.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\css\page.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\bad-behavior.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\wordpress-seo.php.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\include.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\index.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\config.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\filesystem-message.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\files.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\resources\step3.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\config.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\inc.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\gentium\ini.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\tmp\system.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\proxy.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\image\info.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\db.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\global.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\stats.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\user.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\jscolor\press.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\footer.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\menu.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\js\template.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\include.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\config.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\files.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\gallery.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\global.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\content-aside.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\sql.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\css\utf.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\genericons\font\general.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\images\config.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\back-compat.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\template-tags.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\user.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\js\proxy.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\languages\user.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\template.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\fonts\user.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\back-compat.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\file.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\files.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\js\system.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\header.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\options.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\inc\utf.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\languages\ajax.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\page-templates\front-page.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2012\list.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\09\page.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\12\article.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\general.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\options.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\03\header.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\file.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\footer.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\06\themes.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\07\stats.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\08\config.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\wpcf7_captcha\system.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\footer.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\css\file.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\fonts\header.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\ID3\model.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\view.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\crystal\files.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\css.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\javascript.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\plugin.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\user.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\wlw\functions.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\imgareaselect\stats.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\jquery\object.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\mediaelement\general.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\file.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\include.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\dir.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\test.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\list.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\press.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\functions.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\blog.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\charmap\header.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\image\info.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\tabfocus\cache.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\textcolor\object.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wordpress\include.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpautoresize\search.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpeditimage\start.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\skins\wordpress\css.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\themes\dir.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\utils\plugin.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\blog.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\dir.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\option.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\admin.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\menu.php => Moved successfully.
"C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\session." => File/Directory not found.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\db.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\menu.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Decode\HTML\code.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\model.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\template.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Net\admin.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\global.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\header.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\inc.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\XML\menu.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\inc.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Engine\dump.php => Moved successfully.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Renderer\dir.php => Moved successfully.
EmptyTemp: => Removed 10.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 23:08:46 ====


#14 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,494 posts
  • Interests:Boo!....
  • MVP

Posted 09 January 2015 - 04:39 AM

ooops, one got past me
see if you can locate and delete
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\session.php

How's the computer now?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#15 gwtterry

gwtterry

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 09 January 2015 - 02:22 PM

So far, the only problem I notice is if I'm doing too much for too long, fan comes on and it gets super slow.  I just use it as an excuse for a break and shut it down for awhile.  I should elevate it or get a cooling pad.  I am assuming this is a problem with the machine itself and not due to any infections.  Correct me if I'm wrong.  I don't recall it doing it before all this happened, though, although that may be coincidence.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users