20 replies to this topic

[gwtterry]

My Windows 7 Dell Studio 1640 XPS laptop has been sooo slow lately.  Seems like process in the background.  I ran a Spybot Search & Destroy and found toolbar.do, I think it was.  I downloaded Malware Bytes and removed that, but laptop is still soooo slow.  I think something else is still going on.

 

I started a topic back in October, but couldn't back to it because I ended up moving across the country and every time I ran the aswMBR scan, my computer would blue screen over and over.  I'm settled now and finally got the scans to run without blue screening.  I apologize for delay.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015

Ran by Tracy (administrator) on TRACY-PC on 06-01-2015 14:48:04

Running from C:\Users\Tracy\Downloads

Loaded Profile: Tracy (Available profiles: Tracy)

Platform: Windows 7 Ultimate (X64) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

( ) C:\Windows\System32\lxeacoms.exe

(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1552168 2008-09-25] (Synaptics, Inc.)

HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [2041112 2008-09-26] (Dell Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-04] (AVAST Software)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKU\S-1-5-21-1613603796-1990743980-727887599-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-1613603796-1990743980-727887599-1000\...\Run: [GoogleChromeAutoLaunch_01CA19FABFA3145EF0091BC706EED4AD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-1613603796-1990743980-727887599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1613603796-1990743980-727887599-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 

SearchScopes: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()

BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

Toolbar: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKU\S-1-5-21-1613603796-1990743980-727887599-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Tracy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-06]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-06]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.yahoo.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (mention) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdbnpodkgflemjpckmcdgabbmefpfnb [2013-03-02]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

CHR Extension: (Sprout Social) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\biailfjhlmalakjackgpekkbmljelldc [2013-08-22]

CHR Extension: (Alexa Traffic Rank) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2012-09-06]

CHR Extension: (Circloscope Free (Inactives+)) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhcfgcecigkknnimiljlbcjmnbeeodhl [2012-09-06]

CHR Extension: (SEO SERP Workbench) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl [2014-07-08]

CHR Extension: (Replies and more for Google+) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea [2012-09-06]

CHR Extension: (Yast - The World's Easiest Time Tracker) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gokleigpmoameleoajncmkmajedgfgbk [2012-09-06]

CHR Extension: (Avast Online Security) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-04]

CHR Extension: (Pin It Button) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-11-24]

CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-03-04]

CHR Extension: (Discussions button for Google Search™) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjiggoeheaondbmhmilpmbdkpgcjmdn [2014-03-20]

CHR Extension: (Unfriend Finder) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijknldiopccnikfclcmmjnponjkicbc [2013-02-14]

CHR Extension: (Seo Serp Manager) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncpgpllflmbaaofhdmfamncdipmedjo [2014-07-08]

CHR Extension: (SEO Tools) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\joocnajjlllncaiimobhdlcacaijcjpl [2014-07-08]

CHR Extension: (Social Statistics for Google Plus) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjhofkehhgakpglgghlkccimpbgplfi [2012-09-06]

CHR Extension: (Harvest) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\laddjnahcdblbgdpbfmlllllmcimepem [2013-01-04]

CHR Extension: (Evernote Web) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-01-04]

CHR Extension: (Circloscope) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mechgkelogghhgmpmbpofjijifdppppl [2014-10-15]

CHR Extension: (Google Wallet) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2012-09-06]

CHR Extension: (Google Reader) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2012-09-07]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-03]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-03] (AVAST Software)

S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [33960 2009-07-29] (Lexmark International, Inc.)

R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1054888 2009-07-29] ( )

R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [602792 2009-07-29] ( )

R3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]

R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [204576 2014-05-19] (Microsoft)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-03] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-03] (AVAST Software)

R1 AswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-03] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-03] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-04] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-03] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-03] ()

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-04] (Malwarebytes Corporation)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]

U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-06 14:48 - 2015-01-06 14:48 - 00017732 _____ () C:\Users\Tracy\Downloads\FRST.txt

2015-01-06 14:47 - 2015-01-06 14:48 - 00000000 ____D () C:\FRST

2015-01-06 14:47 - 2015-01-06 14:47 - 02123776 _____ (Farbar) C:\Users\Tracy\Downloads\FRST64.exe

2015-01-06 14:32 - 2015-01-06 14:32 - 00000000 ____H () C:\ProgramData\cm-lock

2015-01-06 10:03 - 2015-01-06 10:03 - 00090291 _____ () C:\Users\Tracy\Downloads\Free_Google+_Page_Report_on_Hupy_and_Abraham,_S.C._(11_06_2014-01_05_2015_PST).pptx

2015-01-06 09:24 - 2015-01-06 09:24 - 00065536 _____ () C:\Users\Tracy\Downloads\FLVPlayer-Chrome (1).exe

2015-01-03 19:13 - 2015-01-03 19:13 - 00595056 _____ () C:\Users\Tracy\Downloads\Installation.exe

2015-01-03 19:12 - 2015-01-03 19:13 - 00066528 _____ () C:\Users\Tracy\Downloads\FLVPlayer-Chrome.exe

2015-01-02 11:53 - 2015-01-02 11:53 - 00058780 _____ () C:\Users\Tracy\Desktop\HP Installation Error - Windows 7.hta

2015-01-02 11:29 - 2009-09-30 20:19 - 00000418 ____N () C:\Windows\hpwmdl28.dat.temp

2015-01-02 11:23 - 2015-01-02 11:23 - 05197824 _____ () C:\Users\Tracy\Downloads\HPSupportSolutionsFramework-en-11.51.0048.msi

2014-12-31 11:15 - 2014-12-31 11:15 - 02008965 _____ () C:\Users\Tracy\Downloads\happy_new_year_2015_312182.zip

2014-12-29 11:34 - 2014-12-29 11:40 - 47809240 _____ () C:\Users\Tracy\Downloads\Coach Mike Ditka on Gridiron Greats.mp4

2014-12-29 11:31 - 2014-12-29 11:32 - 30986863 _____ () C:\Users\Tracy\Downloads\Mike Ditka Gridiron Greats Fundraising Challenge.mp4

2014-12-23 10:57 - 2014-12-23 10:57 - 00089785 _____ () C:\Users\Tracy\Downloads\Free_Google+_Page_Report_on_Wynn_at_Law,_LLC_(10_23_2014-12_22_2014_PST) (1).pptx

2014-12-23 10:52 - 2014-12-23 10:52 - 00089790 _____ () C:\Users\Tracy\Downloads\Free_Google+_Page_Report_on_Wynn_at_Law,_LLC_(10_23_2014-12_22_2014_PST).pptx

2014-12-23 10:11 - 2014-12-23 10:11 - 00002585 _____ () C:\Users\Tracy\Downloads\wynnatlaw-com_20141223T171121Z_TopSearchQueries_20141123-20141223.csv

2014-12-23 10:10 - 2014-12-23 10:10 - 00000417 _____ () C:\Users\Tracy\Downloads\wynnatlaw-com_20141223T171056Z_TopSearchQueriesTimeseries_20141123-20141223.csv

2014-12-18 12:55 - 2015-01-04 12:57 - 00000000 ____D () C:\Users\Tracy\AppData\Local\AnyMeeting

2014-12-18 12:36 - 2014-12-18 12:37 - 30431616 _____ (Microsoft Corporation) C:\Users\Tracy\Downloads\AnyMeetingInstaller_v3.1.0.exe

2014-12-14 18:35 - 2014-12-14 19:06 - 03224139 _____ () C:\Users\Tracy\Documents\TShirt_Full-FrontChest.psd

2014-12-14 18:29 - 2014-12-14 18:29 - 00224838 _____ () C:\Users\Tracy\Downloads\_T-Shirts-Womens-Left_Chest.zip

2014-12-14 18:21 - 2014-12-14 18:21 - 05207198 _____ () C:\Users\Tracy\Documents\TShirt_Full-Frontd.psd

2014-12-14 18:19 - 2014-12-14 19:01 - 04205250 _____ () C:\Users\Tracy\Documents\TShirt_Full-Backc.psd

2014-12-14 18:16 - 2014-12-14 18:16 - 05297104 _____ () C:\Users\Tracy\Documents\TShirt_Full-Frontc.psd

2014-12-14 18:03 - 2014-12-14 18:03 - 05311352 _____ () C:\Users\Tracy\Documents\TShirt_Full-Frontb.psd

2014-12-14 17:39 - 2014-12-14 17:39 - 04419832 _____ () C:\Users\Tracy\Documents\TShirt_Full-Front.psd

2014-12-14 15:13 - 2014-12-14 18:15 - 04585233 _____ () C:\Users\Tracy\Documents\TShirt_Full-Back.psd

2014-12-14 15:13 - 2014-12-14 15:13 - 01954905 _____ () C:\Users\Tracy\Documents\TShirt_Full.psd

2014-12-14 14:32 - 2014-12-14 14:32 - 00180541 _____ () C:\Users\Tracy\Downloads\_T-Shirts-Womens (1).zip

2014-12-14 14:31 - 2014-12-14 14:31 - 00180541 _____ () C:\Users\Tracy\Downloads\_T-Shirts-Womens.zip

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-06 14:48 - 2012-09-06 07:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-06 14:47 - 2014-11-19 17:14 - 00000000 ____D () C:\Program Files (x86)\Yahoo!

2015-01-06 14:45 - 2012-09-12 13:52 - 00011104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-06 14:45 - 2012-09-12 13:52 - 00011104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-06 14:43 - 2012-09-12 14:48 - 01050016 _____ () C:\Windows\WindowsUpdate.log

2015-01-06 14:40 - 2014-04-13 09:35 - 00000000 ____D () C:\ProgramData\Apple

2015-01-06 14:33 - 2012-09-06 07:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-01-06 14:31 - 2012-09-06 07:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-06 14:31 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-06 14:31 - 2009-07-13 21:51 - 32524761 _____ () C:\Windows\setupact.log

2015-01-06 14:30 - 2012-09-12 14:21 - 00194346 _____ () C:\Windows\PFRO.log

2015-01-06 14:29 - 2014-11-19 16:59 - 00009799 _____ () C:\ProgramData\hpzinstall.log

2015-01-06 14:28 - 2014-11-19 16:57 - 00000000 ____D () C:\ProgramData\HP

2015-01-06 14:26 - 2014-11-19 16:47 - 00000000 ____D () C:\Program Files (x86)\Hp

2015-01-06 14:00 - 2012-09-18 16:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-06 10:17 - 2012-09-06 11:47 - 00000000 ____D () C:\Users\Tracy\Documents\Hupy

2015-01-06 09:25 - 2012-09-06 14:06 - 00000000 ____D () C:\Users\Tracy\AppData\Local\Adobe

2015-01-06 09:21 - 2012-09-12 15:26 - 00119736 _____ () C:\Users\Tracy\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-05 23:32 - 2009-07-13 21:45 - 05087552 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-05 22:28 - 2012-10-03 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft

2015-01-05 22:28 - 2012-10-03 09:27 - 00000000 ____D () C:\Program Files (x86)\AnvSoft

2015-01-05 18:00 - 2014-04-19 19:41 - 00000466 _____ () C:\Windows\Tasks\ParetoLogic Registration.job

2015-01-04 12:59 - 2014-09-05 08:34 - 00000000 ____D () C:\Windows\pss

2015-01-04 12:58 - 2012-12-29 16:11 - 00000000 ___RD () C:\Users\Tracy\Dropbox

2015-01-04 12:58 - 2012-12-29 16:07 - 00000000 ____D () C:\Users\Tracy\AppData\Roaming\Dropbox

2015-01-04 00:07 - 2014-10-15 08:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-03 15:42 - 2014-04-14 11:03 - 00000000 ____D () C:\Users\Tracy\Documents\Wayne

2015-01-02 11:41 - 2006-11-02 05:34 - 00000254 _____ () C:\Windows\win.ini

2015-01-02 11:29 - 2014-11-19 16:59 - 00207581 _____ () C:\Windows\hpwins28.dat

2014-12-29 20:32 - 2009-07-13 22:13 - 00844518 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-17 13:17 - 2012-09-15 12:09 - 00000000 ____D () C:\Users\Tracy\Documents\Speaking

2014-12-17 10:35 - 2012-09-15 12:10 - 00000000 ____D () C:\Users\Tracy\Documents\Themes

2014-12-17 10:31 - 2012-09-15 12:04 - 00000000 ____D () C:\Users\Tracy\Documents\Marketing Resources

2014-12-14 08:31 - 2013-01-24 08:46 - 00001017 _____ () C:\Users\Tracy\Desktop\Dropbox.lnk

2014-12-14 08:31 - 2012-12-29 16:08 - 00000000 ____D () C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-12-14 08:21 - 2009-07-13 22:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-12-12 00:05 - 2012-09-06 07:39 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-10 21:55 - 2012-09-06 08:18 - 00000000 ____D () C:\Users\Tracy\AppData\Roaming\FileZilla

2014-12-10 09:00 - 2012-09-18 16:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 09:00 - 2012-09-18 16:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-10 09:00 - 2012-09-18 16:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-09 13:19 - 2014-10-15 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-09 13:19 - 2014-10-15 08:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

 

Some content of TEMP:

====================

C:\Users\Tracy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjkjosd.dll

C:\Users\Tracy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-04 14:15

 

==================== End Of Log ============================

 

 

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015

Ran by Tracy at 2015-01-06 14:49:54

Running from C:\Users\Tracy\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

Any Video Converter 5.7.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)

ATI Catalyst Install Manager (HKLM\...\{64FBA03C-575C-D688-1C80-A5773CE471F9}) (Version: 3.0.732.0 - ATI Technologies, Inc.)

avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)

AVerMedia HC82 Express-Card Hybrid Analog (HKLM-x32\...\InstallShield_{1F295031-E793-4308-A384-5553977DFD13}) (Version: 2.00.0001 - AVerMedia)

AVerMedia HC82 Express-Card Hybrid Analog (x32 Version: 2.00.0001 - AVerMedia) Hidden

AVerMedia MCE Encoder x64 3.0.1.0 (HKLM-x32\...\AVerMedia MCE Encoder x64) (Version: 3.0.1.0 - AVerMedia Technologies, Inc.)

Belarc Advisor 8.2 (HKLM-x32\...\Belarc Advisor) (Version: 8.2.7.16 - Belarc Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.07.01 - Broadcom Corporation)

Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)

Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden

ccc-core-static (x32 Version: 2009.0625.1812.30825 - ATI) Hidden

Citrix Online Launcher (HKLM-x32\...\{75C7BFBC-5FA8-47C9-9E6C-AD1954F63A53}) (Version: 1.0.109 - Citrix)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 11.2.12.0 - Synaptics)

Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.33 - Creative Technology Ltd)

Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)

doPDF (Version: 8.0.907 - Softland) Hidden

doPDF 8 (HKLM-x32\...\{a137ef5e-56f5-4cca-89f8-80df47fc4521}) (Version: 8.0.906.0 - Softland)

Dropbox (HKU\S-1-5-21-1613603796-1990743980-727887599-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)

FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)

GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Talk (remove only) (HKU\S-1-5-21-1613603796-1990743980-727887599-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

GoToMeeting 5.7.0.1172 (HKU\S-1-5-21-1613603796-1990743980-727887599-1000\...\GoToMeeting) (Version: 5.7.0.1172 - CitrixOnline)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6267.0 - IDT)

Integrated Webcam Driver (1.03.02.0919)   (HKLM\...\Creative OA001) (Version:  - )

Intel® PROSet/Wireless WiFi Driver (HKLM\...\{AFE36C05-B442-4DEA-9BFB-2D72C8A1E153}) (Version: 12.00.2000 - Intel® Corporation)

ITECIR (HKLM-x32\...\{F6BB6248-C507-46FE-8A35-1B16F35E0441}) (Version: 1.9 - ITE)

iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Java™ 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)

Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )

Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)

Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.3.37.0 - )

Lexmark Tools for Office (HKLM-x32\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.29.0.0 - )

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Accounting 2009 (HKLM-x32\...\Microsoft Office Accounting 2009) (Version: 4.0.3610.0 - Microsoft Corporation)

Microsoft Office Accounting 2009 Equifax Addin (HKLM-x32\...\{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}) (Version: 4.0.1930.0 - Microsoft Corporation)

Microsoft Office Accounting 2009 Fixed Asset Manager (HKLM-x32\...\{53276F5A-85AB-4BEF-BAA2-2490975DC006}) (Version: 4.0.1930.0 - Microsoft Corporation)

Microsoft Office Accounting 2009 PayPal Addin (HKLM-x32\...\{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}) (Version: 4.0.1930.0 - Microsoft Corporation)

Microsoft Office Accounting 2009 Tax Integration Add-in (HKLM-x32\...\{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}) (Version: 4.0.1930.0 - Microsoft Corporation)

Microsoft Office Accounting ADP Payroll Addin (HKLM-x32\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-1613603796-1990743980-727887599-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)

Modem Diagnostics Tool (HKLM\...\{1C89932F-1D9D-4776-AD7A-9156FF792539}) (Version: 1.0.22.0 - Dell)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

MyFonts Order M4439045 (HKLM-x32\...\{F564454D-DEBE-0CCE-93C3-FD8DEB975100}) (Version: 1.0 - MyFonts.com, Inc.)

NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.46 - BVRP Software, Inc)

novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{72FA3932-13F2-4AC2-9859-80DFB3E32D27}) (Version: 8.0.907 - Softland)

novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{56C7F352-A03D-447C-98C2-7185F6067CC1}) (Version: 8.0.907 - Softland)

novaPDF 8 Printer Driver (HKLM\...\{8B94B029-DF00-4314-BE5F-96AAA44D0B5A}) (Version: 8.0.907 - Softland)

Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.13 - Dell Inc.)

RICOH Media Driver ver.2.07.01.00 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.00 - RICOH)

RICOH R5C83x/84x Media Driver Ver.3.53.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.53.02 - RICOH)

Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)

SERPAttacks (HKLM-x32\...\SERPAttacks_is1) (Version:  - Jayson Yanuaria)

Skins (x32 Version: 2009.0625.1812.30825 - ATI) Hidden

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

WIDCOMM Bluetooth Software 6.1.0.4402 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.4402 - Dell)

Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

Zip Repair Pro (HKLM-x32\...\Zip Repair Pro_is1) (Version: 5.1.0.1431 - GetData Pty Ltd)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1172\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Tracy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Tracy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Tracy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tracy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1613603796-1990743980-727887599-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tracy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

16-10-2014 15:04:20 Scheduled Checkpoint

24-10-2014 10:36:09 Scheduled Checkpoint

25-10-2014 02:33:51 Windows Update

30-10-2014 06:46:18 Installed Java 7 Update 71

01-11-2014 00:05:18 Windows Update

08-11-2014 01:33:12 Windows Update

15-11-2014 07:33:31 Windows Update

19-11-2014 16:46:15 Installed HP Support Solutions Framework

21-11-2014 02:20:53 Windows Update

26-11-2014 05:37:50 Windows Update

29-11-2014 10:47:12 Windows Update

07-12-2014 01:23:15 Scheduled Checkpoint

07-12-2014 02:45:16 Windows Update

12-12-2014 05:25:04 Windows Update

18-12-2014 02:35:19 Windows Update

18-12-2014 12:54:11 Installed AnyMeeting

23-12-2014 03:16:29 Windows Update

26-12-2014 14:33:45 Windows Update

02-01-2015 11:23:53 Installed HP Support Solutions Framework

05-01-2015 22:10:47 Restore Operation

05-01-2015 22:24:13 Removed AnyMeeting

05-01-2015 22:37:14 Removed HP Support Solutions Framework

05-01-2015 22:40:08 Removed HP Update.

06-01-2015 14:36:42 Removed Apple Application Support

06-01-2015 14:40:21 Removed Apple Mobile Device Support

06-01-2015 14:41:35 Removed Apple Software Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 05:34 - 2014-12-09 13:23 - 00450713 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 www.123fporn.info

127.0.0.1 123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

 

There are 1000 more lines.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {56AA5446-415B-4FD5-B697-401A1EB98CFE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-03] (AVAST Software)

Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs

Task: {762A2259-5860-4272-91AE-4780BD0A7015} - System32\Tasks\AdobeAAMUpdater-1.0-Tracy-PC-Tracy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-07-31] (Adobe Systems Incorporated)

Task: {7D890074-8864-4BF4-9097-B22DABFCAC7C} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2014-05-19] ()

Task: {ADF18BF1-2DB4-4915-A073-AACC79A49FAC} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns

Task: {D38B714F-8E91-4F57-9D9C-B293B0774EAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)

Task: {DE8B9393-6922-4C0F-AA25-DF767971C11C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)

Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs

Task: {EE3F064A-4B93-4547-925E-6D05227A55E8} - System32\Tasks\{32A10F24-0A49-4E81-B532-7ABA7F26BD0F} => pcalua.exe -a C:\Users\Tracy\Downloads\HiJackThis.exe -d C:\Users\Tracy\Downloads

Task: {F5792F9A-4948-4731-9077-2B01A7EAB0D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll

 

==================== Loaded Modules (whitelisted) =============

 

2012-09-12 18:36 - 2009-04-17 03:53 - 00053760 _____ () C:\Windows\System32\LXEAPMON.DLL

2012-09-12 18:35 - 2009-01-13 06:15 - 04485120 _____ () C:\Windows\System32\LXEAOEM.DLL

2014-05-19 14:48 - 2014-05-19 14:48 - 00017920 _____ () C:\Windows\System32\novamn8.dll

2012-09-12 18:40 - 2009-06-19 02:01 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll

2014-05-01 12:29 - 2014-05-01 12:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2014-05-21 07:20 - 2014-05-21 07:20 - 00130933 _____ () C:\Windows\TEMP\2a9a7188-2f9b-4c02-a7f4-5421caf99ace\AgileDotNetRT64.dll

2014-05-21 07:21 - 2014-05-21 07:21 - 00130933 _____ () C:\Windows\TEMP\2baca5df-110d-4425-83de-0e951af60763\AgileDotNetRT64.dll

2008-06-05 14:00 - 2008-06-05 14:00 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

2009-05-05 10:56 - 2009-05-05 10:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2012-09-12 14:09 - 2012-09-12 14:09 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2014-10-03 06:57 - 2014-10-03 06:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

2015-01-06 13:22 - 2015-01-06 13:22 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010601\algo.dll

2014-10-16 02:15 - 2014-10-16 02:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

2014-05-24 09:41 - 2014-05-24 09:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll

2014-05-24 09:41 - 2014-05-24 09:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll

2014-10-03 06:57 - 2014-10-03 06:57 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-12-12 00:05 - 2014-12-05 18:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-12 00:05 - 2014-12-05 18:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-12 00:05 - 2014-12-05 18:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-12 00:05 - 2014-12-05 18:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Tracy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AnyMeeting.lnk => C:\Windows\pss\AnyMeeting.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Tracy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"

MSCONFIG\startupreg: googletalk => C:\Users\Tracy\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Lexmark S300-S400 Series => "C:\Program Files (x86)\Lexmark S300-S400 Series\fm3032.exe" /s

MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-1613603796-1990743980-727887599-500 - Administrator - Disabled)

Guest (S-1-5-21-1613603796-1990743980-727887599-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1613603796-1990743980-727887599-1005 - Limited - Enabled)

Tracy (S-1-5-21-1613603796-1990743980-727887599-1000 - Administrator - Enabled) => C:\Users\Tracy

 

==================== Faulty Device Manager Devices =============

 

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/06/2015 02:40:12 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Tracy-PC)

Description: Application or service 'Apple Mobile Device' could not be restarted.

 

Error: (01/06/2015 02:32:45 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/06/2015 02:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: hpzscr40.exe, version: 13.0.445.0, time stamp: 0x4a7346a0

Faulting module name: hpzscr40.exe, version: 13.0.445.0, time stamp: 0x4a7346a0

Exception code: 0xc0000417

Fault offset: 0x0000000000100bf4

Faulting process id: 0xebc

Faulting application start time: 0xhpzscr40.exe0

Faulting application path: hpzscr40.exe1

Faulting module path: hpzscr40.exe2

Report Id: hpzscr40.exe3

 

Error: (01/06/2015 11:52:30 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

 

Error: (01/06/2015 09:16:07 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/05/2015 11:33:10 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/05/2015 10:33:45 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/05/2015 10:21:26 PM) (Source: System Restore) (EventID: 8210) (User: )

Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x8007045b.

 

Error: (01/05/2015 10:19:33 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/05/2015 10:00:35 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (01/06/2015 02:40:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Apple Mobile Device service failed to start due to the following error: 

%%1053

 

Error: (01/06/2015 02:40:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

 

Error: (01/06/2015 02:39:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Windows Update service hung on starting.

 

Error: (01/06/2015 02:31:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The lxeaCATSCustConnectService service failed to start due to the following error: 

%%1053

 

Error: (01/06/2015 02:31:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

 

Error: (01/06/2015 09:17:15 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (01/06/2015 09:14:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The lxeaCATSCustConnectService service failed to start due to the following error: 

%%1053

 

Error: (01/06/2015 09:14:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

 

Error: (01/05/2015 11:32:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The lxeaCATSCustConnectService service failed to start due to the following error: 

%%1053

 

Error: (01/05/2015 11:32:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

 

 

Microsoft Office Sessions:

=========================

Error: (07/24/2014 10:17:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1377 seconds with 240 seconds of active time.  This session ended with a crash.

 

Error: (05/19/2014 07:15:51 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 206 seconds with 180 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2012-09-08 14:51:07.143

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-09-08 14:51:07.096

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-09-08 14:51:07.018

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-09-08 14:51:06.940

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-09-08 14:51:06.816

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz

Percentage of memory in use: 45%

Total physical RAM: 5084.86 MB

Available physical RAM: 2760.2 MB

Total Pagefile: 10167.85 MB

Available Pagefile: 7562 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.75 GB) (Free:154.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 39913991)

Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

 

 

 

aswMBR:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software

Run date: 2015-01-06 15:14:02

-----------------------------

15:14:02.643    OS Version: Windows x64 6.1.7600 

15:14:02.643    Number of processors: 2 586 0x170A

15:14:02.643    ComputerName: TRACY-PC  UserName: Tracy

15:14:05.825    Initialize success

15:14:05.825    VM: initialized successfully

15:14:05.825    VM: Intel CPU BiosDisabled 

15:14:11.693    VM: supported disk I/O ataport.SYS

15:14:15.172    AVAST engine defs: 15010601

15:14:39.762    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

15:14:39.778    Disk 0 Vendor: WDC_WD5000BPVT-24HXZT3 03.01A03 Size: 476940MB BusType: 3

15:14:39.981    Disk 0 MBR read successfully

15:14:39.981    Disk 0 MBR scan

15:14:39.981    Disk 0 Windows 7 default MBR code

15:14:39.981    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476929 MB offset 63

15:14:39.996    Disk 0 default boot code

15:14:40.012    Disk 0 scanning C:\Windows\system32\drivers

15:14:50.154    Service scanning

15:15:15.011    Modules scanning

15:15:15.011    Disk 0 trace - called modules:

15:15:15.058    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 

15:15:15.058    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005842060]

15:15:15.073    3 CLASSPNP.SYS[fffff880018a343f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80052be060]

15:15:15.916    AVAST engine scan C:\Windows

15:15:18.708    AVAST engine scan C:\Windows\system32

15:17:44.392    AVAST engine scan C:\Windows\system32\drivers

15:17:56.718    AVAST engine scan C:\Users\Tracy

15:30:05.257    File: C:\Users\Tracy\AppData\Local\Temp\MSI4DE4.tmp-\srbu.dll  **INFECTED** Win32:Malware-gen

16:20:10.249    File: C:\Users\Tracy\Downloads\FLVPlayer-Chrome.exe  **INFECTED** Win32:Rootkit-gen [Rtk]

17:04:02.476    AVAST engine scan C:\ProgramData

17:07:58.323    Scan finished successfully

17:37:49.040    Disk 0 MBR has been saved successfully to "C:\Users\Tracy\Documents\farbar\MBR.dat"

17:37:49.103    The log file has been saved successfully to "C:\Users\Tracy\Documents\farbar\aswMBR.txt"

 

 

 

Thank you.

 

[Juliet]

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

~~
Please use the add/remove programs list to uninstall
Java 6 Update 7

~~~~
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

• Backup Internet Explorer Favourites
• Backup Firefox Bookmarks
• Backup Chrome Bookmarks
• Proceed with the reset once done.
• Internet Explorer: How to reset Internet Explorer settings
• Firefox: Reset Firefox
• Chrome: Chrome - Reset browser settings
• ~~~~~~~~~~~~~~~~~~~
  
  Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
  Paste this into the open notepad. save it to the Desktop as fixlist.txt
  NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
  It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
   
  

  start
  CloseProcesses:
  HKU\S-1-5-21-1613603796-1990743980-727887599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
  SearchScopes: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
  Toolbar: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
  Toolbar: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
  C:\Users\Tracy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjkjosd.dll
  C:\Users\Tracy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
  C:\Users\Tracy\AppData\Local\Temp\MSI4DE4.tmp-\srbu.dll
  C:\Users\Tracy\Downloads\FLVPlayer-Chrome.exe
  EmptyTemp:
  Hosts:
  End

  Open FRST/FRST64 and press the Fix button just once and wait.
  If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
  
  
  *******
  Malwarebytes Anti-Rootkit (MBAR)
• Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
• Double-click MBAR.exe to run the installer.
• Select a convenient location to extract the contents and click OK. Navigate to the location you selected.
• Right-Click MBAR.exe and select Run as administrator to run the programme.
• Follow the prompts to update the programme and scan your computer.
• Upon completion, click Cleanup and reboot your computer.
• After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more.
• Upon completion, two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.
• 
  ******************
  AdwCleaner
• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
• -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
  
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  
  
  Please download Junkware Removal Tool to your desktop.
• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.
• ~~~~~`
  
  
  please post
  Fixlog.txt
  Malwarebytes Anti-Rootkit
  C:\AdwCleaner.txt
  JRT.txt

[gwtterry]

Thank you.  Here are results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015

Ran by Tracy at 2015-01-07 09:46:51 Run:1

Running from C:\Users\Tracy\Downloads

Loaded Profile: Tracy (Available profiles: Tracy)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

CloseProcesses:

HKU\S-1-5-21-1613603796-1990743980-727887599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =

SearchScopes: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File

Toolbar: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKU\S-1-5-21-1613603796-1990743980-727887599-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

C:\Users\Tracy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjkjosd.dll

C:\Users\Tracy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Tracy\AppData\Local\Temp\MSI4DE4.tmp-\srbu.dll

C:\Users\Tracy\Downloads\FLVPlayer-Chrome.exe

EmptyTemp:

Hosts:

End

*****************

 

Processes closed successfully.

"HKU\S-1-5-21-1613603796-1990743980-727887599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKU\S-1-5-21-1613603796-1990743980-727887599-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 

HKU\S-1-5-21-1613603796-1990743980-727887599-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 

HKU\S-1-5-21-1613603796-1990743980-727887599-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully.

HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found. 

"C:\Users\Tracy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjkjosd.dll" => File/Directory not found.

C:\Users\Tracy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.

C:\Users\Tracy\AppData\Local\Temp\MSI4DE4.tmp-\srbu.dll => Moved successfully.

C:\Users\Tracy\Downloads\FLVPlayer-Chrome.exe => Moved successfully.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 27.4 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 09:52:55 ====

 

 

 

# AdwCleaner v4.106 - Report created 07/01/2015 at 10:45:35

# Updated 21/12/2014 by Xplode

# Database : 2015-01-03.1 [Live]

# Operating System : Windows 7 Ultimate  (64 bits)

# Username : Tracy - TRACY-PC

# Running from : C:\Users\Tracy\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Tracy\AppData\Local\FileTypeAssistant

Folder Deleted : C:\Users\Tracy\AppData\Local\Ilivid Player

Folder Deleted : C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

Folder Deleted : C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Bitberry

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\SmartBar

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.7600.17267

 

 

-\\ Google Chrome v39.0.2171.95

 

 

*************************

 

AdwCleaner[R0].txt - [2285 octets] - [07/01/2015 10:42:39]

AdwCleaner[S0].txt - [2025 octets] - [07/01/2015 10:45:35]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2085 octets] ##########

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 7 Ultimate x64

Ran by Tracy on Wed 01/07/2015 at 10:55:15.36

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Tracy\AppData\Roaming\thinstall"

Successfully deleted: [Folder] "C:\Users\Tracy\appdata\local\thinstall"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 01/07/2015 at 11:00:01.48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

www.malwarebytes.org

 

Database version: v2015.01.07.11

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Tracy :: TRACY-PC [administrator]

 

1/7/2015 10:07:00 AM

mbar-log-2015-01-07 (10-07-00).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 331617

Time elapsed: 19 minute(s), 3 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

 

[Juliet]

Tell me what the computer is doing now?

[gwtterry]

I had to run out for a minute. I haven't had a chance since the scans and removal to use it consistently to gauge it, but it is moving somewhat faster thus far.

[Juliet]

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note:
  For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
• Click the blue Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
• Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
• Click on Advanced Settings
• Make sure that the option Remove found threats is unticked.
• Ensure these options are ticked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Click Start
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
• Close the ESET online scan.

[gwtterry]

ESET Results:

 

C:\FRST\Quarantine\C\Users\Tracy\AppData\Local\Temp\MSI4DE4.tmp-\srbu.dll.xBAD a variant of MSIL/Toolbar.Linkury.F potentially unwanted application

C:\FRST\Quarantine\C\Users\Tracy\Downloads\FLVPlayer-Chrome.exe.xBAD NSIS/TrojanDownloader.Adload.AA trojan

C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe a variant of Win32/Somoto.A potentially unwanted application

C:\Users\Tracy\Documents\Ted\Chenequa-Caretaking\Website\wp-admin\images\toggle-faber-maud.php PHP/Kryptik.AB trojan

C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-admin\link-majority-propitiate.php PHP/Kryptik.AB trojan

C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-content\themes\TheCorporation\header.php JS/Agent.NNS trojan

C:\Users\Tracy\Documents\Ted\Ideal-Contractors\Website\wp-weather.php PHP/Kryptik.AB trojan

C:\Users\Tracy\Documents\Wynn\New Website\system.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\videos\ini.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\ajax.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\menu.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\img\include.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\page.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\css\object.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\images\info.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\js\dir.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\lib_options_up.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\attachments\dir.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchabg\sql.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\help.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\model.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\images\model.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\code.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\start.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\alias.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\dirs.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\include\db.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\langs\system.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\phpmailer\test.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\styling\cache.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\stats.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\ini.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\option.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\plugin.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\xml.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\test.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\ajax.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\functions.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\themes.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\config.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\dirs.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\languages\article.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\view.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\rtl\test.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\contact-form\images\info.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\holiday-snow\title.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\infinite-scroll\infinity.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\likes\include.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\minileven\theme\pub\minileven\sidebar.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\functions.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\global.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\post-by-email\system.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\publicize\assets\utf.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\sharedaddy\dump.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\gallery.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\search.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\img\code.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\widgets\header.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\_inc\images\rss\file.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\page.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\proxy.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\search.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\dirs.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\session.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\option.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\proxy.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\css.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\menu.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\lang\object.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\alias.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\cache.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\stats.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\css\page.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\bad-behavior.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\wordpress-seo.php.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\include.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\index.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\config.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\filesystem-message.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\files.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\resources\step3.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\config.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\inc.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\gentium\ini.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\tmp\system.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\proxy.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\image\info.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\db.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\global.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\stats.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\user.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\jscolor\press.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\footer.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\menu.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\js\template.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\include.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\config.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\files.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\gallery.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\global.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\content-aside.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\sql.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\css\utf.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\genericons\font\general.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\images\config.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\back-compat.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\template-tags.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\user.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\js\proxy.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\languages\user.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\template.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\fonts\user.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\back-compat.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\file.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\files.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\js\system.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\header.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\options.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\inc\utf.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\languages\ajax.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\page-templates\front-page.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2012\list.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\09\page.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\11\ini.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\12\article.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\general.php PHP/Agent.NEH trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\options.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\03\header.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\file.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\footer.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\06\themes.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\07\stats.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\08\config.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\wpcf7_captcha\system.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\footer.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\css\file.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\fonts\header.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\ID3\model.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\view.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\crystal\files.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\css.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\javascript.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\plugin.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\user.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\wlw\functions.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\imgareaselect\stats.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\jquery\object.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\mediaelement\general.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\file.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\include.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\dir.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\test.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\list.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\press.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\functions.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\blog.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\charmap\header.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\image\info.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\tabfocus\cache.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\textcolor\object.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wordpress\include.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpautoresize\search.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpeditimage\start.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\skins\wordpress\css.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\themes\dir.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\utils\plugin.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\blog.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\dir.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\option.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\admin.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\menu.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\session.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\db.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\menu.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Decode\HTML\code.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\model.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\template.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Net\admin.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\global.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\header.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\inc.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\XML\menu.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\inc.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Engine\dump.php PHP/WebShell.NBV trojan

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Renderer\dir.php PHP/Agent.NEH trojan

C:\Users\Tracy\Downloads\avc-free (2).exe a variant of Win32/OpenCandy.C potentially unsafe application

C:\Users\Tracy\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application

C:\Users\Tracy\Downloads\Brothersoft_downloader_For_Microsoft_Office_Accounting_Professional.exe a variant of Win32/BSDownloader potentially unwanted application

C:\Users\Tracy\Downloads\firstrowsportapp_setup(19).exe Win32/Adware.Yontoo.D application

C:\Users\Tracy\Downloads\FLVPlayer-Chrome (1).exe NSIS/TrojanDownloader.Adload.AA trojan

C:\Users\Tracy\Downloads\Installation.exe a variant of Win32/OutBrowse.BQ potentially unwanted application

[Juliet]

Do you maintain a web site?

C:\Users\Tracy\Documents\Wynn\New Website

C:\Users\Tracy\Documents\Ted\Chenequa-Caretaking\Website

I can set up a script to take these items out but I'm not sure what exactly will become of it.
If you run/maintain a web site on your end it might not function well there after?

[Juliet]

these we can take out

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
 

start
CloseProcesses:
C:\Users\Tracy\Downloads\avc-free (2).exe
C:\Users\Tracy\Downloads\avc-free.exe
C:\Users\Tracy\Downloads\Brothersoft_downloader_For_Microsoft_Office_Accounting_Professional.exe
C:\Users\Tracy\Downloads\firstrowsportapp_setup(19).exe
C:\Users\Tracy\Downloads\FLVPlayer-Chrome (1).exe
C:\Users\Tracy\Downloads\Installation.exe
C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe
EmptyTemp:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[gwtterry]

I will run and post in my next reply.  Website are hosted on godaddy so nothing will alter what is live by taking off my computer.  Backups are just saved on my computer in case of disaster, or so I don't have create all new photoshop documents for banners, etc. if they want to change something later.  If something's infected, let's just remove it.  Thanks.

[Juliet]

OK
I'll try to fix it with a script with FRST,  if it fails,  you'll have to go to those folders manually and delete them out.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
 

start
CloseProcesses:
C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe
C:\Users\Tracy\Documents\Ted\Chenequa-Caretaking\Website\wp-admin\images\toggle-faber-maud.php
C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-admin\link-majority-propitiate.php
C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-content\themes\TheCorporation\header.php J
C:\Users\Tracy\Documents\Ted\Ideal-Contractors\Website\wp-weather.php
C:\Users\Tracy\Documents\Wynn\New Website\system.php
C:\Users\Tracy\Documents\Wynn\New Website\videos\ini.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\ajax.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\img\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\css\object.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\images\info.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\js\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\lib_options_up.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\attachments\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchabg\sql.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\help.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\model.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\images\model.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\code.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\start.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\alias.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\dirs.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\include\db.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\langs\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\phpmailer\test.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\styling\cache.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\ini.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\option.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\plugin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\xml.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\test.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\ajax.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\functions.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\themes.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\dirs.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\languages\article.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\view.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\rtl\test.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\contact-form\images\info.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\holiday-snow\title.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\infinite-scroll\infinity.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\likes\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\minileven\theme\pub\minileven\sidebar.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\functions.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\global.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\post-by-email\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\publicize\assets\utf.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\sharedaddy\dump.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\gallery.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\search.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\img\code.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\widgets\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\_inc\images\rss\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\proxy.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\search.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\dirs.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\session.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\option.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\proxy.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\css.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\lang\object.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\alias.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\cache.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\css\page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\bad-behavior.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\wordpress-seo.php.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\index.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\filesystem-message.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\files.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\resources\step3.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\inc.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\gentium\ini.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\tmp\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\proxy.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\image\info.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\db.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\global.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\jscolor\press.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\footer.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\js\template.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\files.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\gallery.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\global.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\content-aside.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\sql.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\css\utf.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\genericons\font\general.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\images\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\back-compat.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\template-tags.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\js\proxy.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\languages\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\template.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\fonts\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\back-compat.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\files.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\js\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\options.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\inc\utf.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\languages\ajax.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\page-templates\front-page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2012\list.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\09\page.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\12\article.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\general.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\options.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\03\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\footer.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\06\themes.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\07\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\08\config.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\wpcf7_captcha\system.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\footer.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\css\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\fonts\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\ID3\model.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\view.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\crystal\files.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\css.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\javascript.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\plugin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\user.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\wlw\functions.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\imgareaselect\stats.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\jquery\object.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\mediaelement\general.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\file.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\test.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\list.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\press.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\functions.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\blog.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\charmap\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\image\info.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\tabfocus\cache.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\textcolor\object.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wordpress\include.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpautoresize\search.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpeditimage\start.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\skins\wordpress\css.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\themes\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\utils\plugin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\blog.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\dir.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\option.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\admin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\session.
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\db.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Decode\HTML\code.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\model.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\template.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Net\admin.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\global.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\header.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\inc.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\XML\menu.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\inc.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Engine\dump.php
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Renderer\dir.php
EmptyTemp:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[gwtterry]

Here's first log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015

Ran by Tracy at 2015-01-08 22:56:55 Run:2

Running from C:\Users\Tracy\Downloads

Loaded Profile: Tracy (Available profiles: Tracy)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

CloseProcesses:

C:\Users\Tracy\Downloads\avc-free (2).exe

C:\Users\Tracy\Downloads\avc-free.exe

C:\Users\Tracy\Downloads\Brothersoft_downloader_For_Microsoft_Office_Accounting_Professional.exe

C:\Users\Tracy\Downloads\firstrowsportapp_setup(19).exe

C:\Users\Tracy\Downloads\FLVPlayer-Chrome (1).exe

C:\Users\Tracy\Downloads\Installation.exe

C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe

EmptyTemp:

End

*****************

 

Processes closed successfully.

C:\Users\Tracy\Downloads\avc-free (2).exe => Moved successfully.

C:\Users\Tracy\Downloads\avc-free.exe => Moved successfully.

C:\Users\Tracy\Downloads\Brothersoft_downloader_For_Microsoft_Office_Accounting_Professional.exe => Moved successfully.

C:\Users\Tracy\Downloads\firstrowsportapp_setup(19).exe => Moved successfully.

C:\Users\Tracy\Downloads\FLVPlayer-Chrome (1).exe => Moved successfully.

C:\Users\Tracy\Downloads\Installation.exe => Moved successfully.

C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe => Moved successfully.

EmptyTemp: => Removed 481.6 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 22:57:20 ====

[gwtterry]

2nd log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015

Ran by Tracy at 2015-01-08 23:08:30 Run:3

Running from C:\Users\Tracy\Downloads

Loaded Profile: Tracy (Available profiles: Tracy)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

CloseProcesses:

C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe

C:\Users\Tracy\Documents\Ted\Chenequa-Caretaking\Website\wp-admin\images\toggle-faber-maud.php

C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-admin\link-majority-propitiate.php

C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-content\themes\TheCorporation\header.php J

C:\Users\Tracy\Documents\Ted\Ideal-Contractors\Website\wp-weather.php

C:\Users\Tracy\Documents\Wynn\New Website\system.php

C:\Users\Tracy\Documents\Wynn\New Website\videos\ini.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\ajax.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\menu.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\img\include.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\page.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\css\object.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\images\info.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\js\dir.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\lib_options_up.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\attachments\dir.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchabg\sql.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\help.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\model.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\images\model.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\code.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\start.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\alias.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\dirs.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\include\db.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\langs\system.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\phpmailer\test.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\styling\cache.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\stats.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\ini.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\option.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\plugin.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\xml.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\test.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\ajax.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\functions.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\themes.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\config.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\dirs.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\languages\article.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\view.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\rtl\test.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\contact-form\images\info.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\holiday-snow\title.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\infinite-scroll\infinity.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\likes\include.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\minileven\theme\pub\minileven\sidebar.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\functions.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\global.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\post-by-email\system.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\publicize\assets\utf.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\sharedaddy\dump.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\gallery.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\search.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\img\code.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\widgets\header.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\_inc\images\rss\file.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\page.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\proxy.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\search.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\dirs.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\session.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\option.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\proxy.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\css.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\menu.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\lang\object.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\alias.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\cache.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\stats.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\css\page.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\bad-behavior.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\wordpress-seo.php.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\include.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\index.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\config.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\filesystem-message.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\files.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\resources\step3.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\config.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\inc.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\gentium\ini.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\tmp\system.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\proxy.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\image\info.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\db.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\global.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\stats.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\user.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\jscolor\press.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\footer.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\menu.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\js\template.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\include.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\config.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\files.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\gallery.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\global.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\content-aside.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\sql.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\css\utf.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\genericons\font\general.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\images\config.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\back-compat.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\template-tags.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\user.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\js\proxy.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\languages\user.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\template.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\fonts\user.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\back-compat.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\file.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\files.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\js\system.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\header.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\options.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\inc\utf.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\languages\ajax.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\page-templates\front-page.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2012\list.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\09\page.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\12\article.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\general.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\options.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\03\header.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\file.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\footer.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\06\themes.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\07\stats.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\08\config.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\wpcf7_captcha\system.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\footer.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\css\file.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\fonts\header.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\ID3\model.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\view.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\crystal\files.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\css.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\javascript.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\plugin.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\user.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\wlw\functions.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\imgareaselect\stats.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\jquery\object.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\mediaelement\general.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\file.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\include.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\dir.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\test.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\list.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\press.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\functions.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\blog.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\charmap\header.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\image\info.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\tabfocus\cache.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\textcolor\object.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wordpress\include.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpautoresize\search.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpeditimage\start.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\skins\wordpress\css.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\themes\dir.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\utils\plugin.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\blog.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\dir.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\option.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\admin.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\menu.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\session.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\db.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\menu.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Decode\HTML\code.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\model.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\template.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Net\admin.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\global.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\header.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\inc.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\XML\menu.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\inc.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Engine\dump.php

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Renderer\dir.php

EmptyTemp:

End

*****************

 

Processes closed successfully.

"C:\Users\Tracy\Documents\Fonts\Patriot_downloader_by_Ffonts.exe" => File/Directory not found.

C:\Users\Tracy\Documents\Ted\Chenequa-Caretaking\Website\wp-admin\images\toggle-faber-maud.php => Moved successfully.

C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-admin\link-majority-propitiate.php => Moved successfully.

"C:\Users\Tracy\Documents\Ted\Handyman\Website\wp-content\themes\TheCorporation\header.php J" => File/Directory not found.

C:\Users\Tracy\Documents\Ted\Ideal-Contractors\Website\wp-weather.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\system.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\videos\ini.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\ajax.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\menu.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\akismet\img\include.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\page.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\css\object.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\images\info.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\all-in-one-schemaorg-rich-snippets\js\dir.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\lib_options_up.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\attachments\dir.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchabg\sql.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\help.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\captchafonts\model.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\images\model.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\code.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\start.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\alias.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\css\dirs.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\include\db.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\js\langs\system.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\phpmailer\test.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\cforms146\styling\cache.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\stats.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\ini.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\option.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\plugin.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\images\xml.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\test.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\ajax.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\functions.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\includes\js\themes.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\config.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\contact-form-7\languages\dirs.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\languages\article.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\view.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\carousel\rtl\test.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\contact-form\images\info.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\holiday-snow\title.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\infinite-scroll\infinity.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\likes\include.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\minileven\theme\pub\minileven\sidebar.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\functions.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\omnisearch\global.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\post-by-email\system.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\publicize\assets\utf.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\sharedaddy\dump.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\gallery.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\search.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\shortcodes\img\code.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\modules\widgets\header.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\jetpack\_inc\images\rss\file.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\page.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\proxy.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\search.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\dirs.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\classes\session.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\option.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\css\proxy.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\css.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\images\menu.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\lang\object.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\alias.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\cache.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\stats.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\css\page.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\bad-behavior.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\modules\wordpress-seo.php.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\include.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\index.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\config.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\quick-setup\resources\resources\filesystem-message.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\files.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\quick-setup\resources\resources\step3.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\config.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\inc.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\gentium\ini.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\really-simple-captcha\tmp\system.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\proxy.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\image\info.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\db.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\global.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\stats.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\js\user.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\sliding-contact-form-by-formget\jscolor\press.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\footer.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\menu.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\ultimate-coming-soon-page\inc\js\template.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\include.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\config.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\files.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\gallery.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\plugins\welcome-to-wordpress\resources\global.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\content-aside.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\sql.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\css\utf.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\genericons\font\general.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\images\config.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\back-compat.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\template-tags.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\inc\user.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\js\proxy.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentyfourteen\languages\user.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\template.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\fonts\user.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\back-compat.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\file.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\inc\files.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentythirteen\js\system.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\header.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\css\options.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\inc\utf.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\languages\ajax.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\themes\twentytwelve\page-templates\front-page.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2012\list.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\09\page.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2013\12\article.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\general.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\02\options.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\03\header.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\file.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\04\footer.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\06\themes.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\07\stats.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\2014\08\config.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-content\uploads\wpcf7_captcha\system.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\footer.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\css\file.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\fonts\header.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\ID3\model.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\view.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\crystal\files.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\css.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\media\javascript.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\plugin.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\smilies\user.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\images\wlw\functions.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\imgareaselect\stats.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\jquery\object.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\mediaelement\general.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\file.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\plupload\include.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\dir.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\test.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\list.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\swfupload\plugins\press.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\functions.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\blog.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\charmap\header.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\image\info.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\tabfocus\cache.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\textcolor\object.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wordpress\include.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpautoresize\search.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\plugins\wpeditimage\start.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\skins\wordpress\css.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\themes\dir.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\js\tinymce\utils\plugin.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\blog.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\dir.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\pomo\option.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\admin.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\menu.php => Moved successfully.

"C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\session." => File/Directory not found.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\db.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Content\menu.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Decode\HTML\code.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\model.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\HTTP\template.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Net\admin.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\global.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\header.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\Parse\inc.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\XML\menu.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\inc.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Engine\dump.php => Moved successfully.

C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\Text\Diff\Renderer\dir.php => Moved successfully.

EmptyTemp: => Removed 10.3 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 23:08:46 ====

[Juliet]

ooops, one got past me
see if you can locate and delete
C:\Users\Tracy\Documents\Wynn\New Website\wp-includes\SimplePie\session.php

How's the computer now?

[gwtterry]

So far, the only problem I notice is if I'm doing too much for too long, fan comes on and it gets super slow.  I just use it as an excuse for a break and shut it down for awhile.  I should elevate it or get a cooling pad.  I am assuming this is a problem with the machine itself and not due to any infections.  Correct me if I'm wrong.  I don't recall it doing it before all this happened, though, although that may be coincidence.