Solved Cannot load FRST - getting svchost issues

cmany

New Member
Thread author
Jul 1, 2015
6
First, thank you for your time.

I have read through the instructions for this forum, and have attempted to install FRS...but no matter what I do, I cannot get it to complete the install, let alone run.

I downloaded it for 64 bit. But the error I get is that I have the wrong version and it is not compatible, please install FRST64.

So I am stuck, and cannot proceed.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.

  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




warning.gif
Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.



Can you download both FRST versions and then try one?
 

cmany

New Member
Thread author
Jul 1, 2015
6
OK...I am finally getting it to run, and not without having to jump through hoops.

I started getting proxy connection errors...Chrome simply will not connect, but was able to bypass, and set autodetect settings in Firefox.

I had also been able to install a free version of Malwarebytes (while I was trying everything to get this software going), which it found nearly 400 items, and cleared them...supposedly...which of course, Avast started with all its warnings, and same stuff was coming up.

FRST has just completed, so uploading the the text document here. Well I guess not, it will not allow me to upload. UGH. I guess I will have to copy and paste.
 

cmany

New Member
Thread author
Jul 1, 2015
6
this is the FRST.txt file

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by cmany (administrator) on CHRISTINEPC on 02-07-2015 11:55:16
Running from C:\Users\cmany\Downloads
Loaded Profiles: cmany (Available Profiles: cmany & James & Ryan)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-14] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\Run: [Google Update] => C:\Users\cmany\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-24] (Google Inc.)
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\Run: [GoogleChromeAutoLaunch_EA2838D8254389E924E130677F9AAC40] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-19] (Google Inc.)
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\MountPoints2: {9424d55f-4cfb-11e4-bee9-a0481cbb707d} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\MountPoints2: {ab3d5966-1921-11e3-be74-a0481cbb707d} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\MountPoints2: {b3fd1c44-eb51-11e3-bec8-a0481cbb707d} - "G:\TL_Bootstrap.exe"
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\MountPoints2: {bec44947-cd99-11e4-bf2d-a0481cbb707d} - "H:\TLBootstrap_WPP.exe"
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\MountPoints2: {d1cdbc1f-7b51-11e4-bf04-a0481cbb707d} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\MountPoints2: {f66f3f5b-2531-11e3-be7a-a0481cbb707d} - "F:\TL_Bootstrap.exe"
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\GPhotos.scr
AppInit_DLLs-x32: c:\progra~3\{2027c~1\1172~1.1\cofo.dll => "c:\progra~3\{2027c~1\1172~1.1\cofo.dll" File not found
Startup: C:\Users\cmany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\cmany\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-07] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2123845491-2313268984-385980148-1002] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2123845491-2313268984-385980148-1002] => http=127.0.0.1:49573;https=127.0.0.1:49573
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2123845491-2313268984-385980148-1002 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKU\S-1-5-21-2123845491-2313268984-385980148-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2123845491-2313268984-385980148-1002 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2123845491-2313268984-385980148-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid...coid=avgtbavg&cmpid=0415tb&pr=fr&d=2014-11-11 09:49:52&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2123845491-2313268984-385980148-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/we...&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2123845491-2313268984-385980148-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2123845491-2313268984-385980148-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2123845491-2313268984-385980148-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-30] (Avast Software s.r.o.)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-13] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-30] (Avast Software s.r.o.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-13] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-2123845491-2313268984-385980148-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-01-28] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 38.8.82.2
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [DhcpNameServer] 192.168.0.1 216.165.129.158
Tcpip\..\Interfaces\{D6F62554-5838-4060-A29C-BAB1A8A22A6C}: [DhcpNameServer] 192.168.0.1 38.8.82.2
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\cmany\AppData\Roaming\Mozilla\Firefox\Profiles\achtc29s.default
FF DefaultSearchEngine: AVG Secure Search
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: www.google.com
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll [2013-09-10] ()
FF Plugin HKU\S-1-5-21-2123845491-2313268984-385980148-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\cmany\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2123845491-2313268984-385980148-1002: @talk.google.com/O1DPlugin -> C:\Users\cmany\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2123845491-2313268984-385980148-1002: @tools.google.com/Google Update;version=3 -> C:\Users\cmany\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2123845491-2313268984-385980148-1002: @tools.google.com/Google Update;version=9 -> C:\Users\cmany\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cmany\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\cmany\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\cmany\AppData\Roaming\Mozilla\Firefox\Profiles\achtc29s.default\searchplugins\google-avast.xml [2014-12-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-05-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-17]

Chrome:
=======
CHR Profile: C:\Users\cmany\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\cmany\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2015-01-02]
CHR Extension: (Google Docs) - C:\Users\cmany\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-09]
CHR Extension: (Google Drive) - C:\Users\cmany\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-09]
CHR Extension: (YouTube) - C:\Users\cmany\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-09]
CHR Extension: (AVG Secure Search) - C:\Users\cmany\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-07-01]
CHR Extension: (Google Search) - C:\Users\cmany\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-09]
CHR Extension: (Norton Identity Safe) - C:\Users\cmany\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\cmany\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06]
CHR Extension: (Water's Valley) - C:\Users\cmany\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhpodmbdlgmgffpgbennemfkjhhaocfl [2015-06-12]
CHR Extension: (Google Wallet) - C:\Users\cmany\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Gmail) - C:\Users\cmany\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-13] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-07] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-14] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-17] (WildTangent)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-09-25] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\cmany\AppData\Local\Temp\7zS2264\hpslpsvc64.dll [X]
S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-07] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-14] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-07] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-14] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-07] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-07] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-29] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-07] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-07] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-09-25] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-12-10] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 11:55 - 2015-07-02 11:56 - 00024751 _____ C:\Users\cmany\Downloads\FRST.txt
2015-07-02 11:55 - 2015-07-02 11:55 - 00000000 ____D C:\FRST
2015-07-02 11:54 - 2015-07-02 11:54 - 02112512 _____ (Farbar) C:\Users\cmany\Downloads\FRST64.exe
2015-07-02 11:53 - 2015-07-02 11:53 - 01636352 _____ (Farbar) C:\Users\cmany\Downloads\FRST.exe
2015-07-02 10:01 - 2015-07-02 11:15 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-02 10:01 - 2015-07-02 10:04 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-02 10:01 - 2015-07-02 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-02 10:01 - 2015-07-02 10:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-02 10:01 - 2015-07-02 10:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-02 10:01 - 2015-06-18 09:48 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-02 10:01 - 2015-06-18 09:47 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-02 10:01 - 2015-06-18 09:47 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-02 09:59 - 2015-07-02 10:00 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\cmany\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-07-02 09:46 - 2015-07-02 09:47 - 00002378 _____ C:\WINDOWS\SysWOW64\OSSService.log
2015-07-01 22:01 - 2015-07-01 22:01 - 00004470 _____ C:\WINDOWS\System32\Tasks\Validate Installation
2015-07-01 22:01 - 2015-07-01 22:01 - 00000064 _____ C:\Users\cmany\AppData\Local\af1f5a3da4d5606dd5071fdc7d1524c3
2015-06-30 15:14 - 2015-07-02 11:28 - 00001467 _____ C:\Users\cmany\Downloads\farbar-recovery-scan-tool (1).website
2015-06-30 15:13 - 2015-06-30 15:14 - 00001467 _____ C:\Users\cmany\Downloads\farbar-recovery-scan-tool.website
2015-06-29 13:19 - 2015-06-29 13:19 - 00010655 _____ C:\Users\cmany\Downloads\cutstackinv2080.odt
2015-06-25 13:15 - 2015-06-25 13:41 - 00000000 ____D C:\Users\cmany\Downloads\sigils
2015-06-25 12:50 - 2015-06-25 12:53 - 00000000 ____D C:\Users\cmany\AppData\Local\Adobe
2015-06-17 10:25 - 2015-06-17 10:25 - 10431106 _____ C:\Users\cmany\Downloads\0617150945.mp4
2015-06-17 08:31 - 2015-06-29 14:31 - 00003170 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForcmany
2015-06-11 18:42 - 2015-06-11 18:42 - 00000000 ____D C:\Users\James\AppData\Local\GWX
2015-06-10 21:19 - 2015-06-10 21:19 - 00000000 ____D C:\ProgramData\2719f1ab00007943
2015-06-10 21:01 - 2015-06-10 21:01 - 00000000 ____D C:\Users\cmany\AppData\Local\GWX
2015-06-10 15:04 - 2015-06-10 15:04 - 00000044 _____ C:\Users\cmany\AppData\Roaming\WB.CFG
2015-06-10 11:52 - 2015-05-22 07:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-10 11:52 - 2015-05-21 07:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-10 11:52 - 2015-05-21 07:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-10 11:52 - 2015-05-21 07:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-10 11:52 - 2015-05-21 07:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-10 11:52 - 2015-05-21 07:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-10 11:52 - 2015-05-21 07:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-10 11:52 - 2015-04-16 16:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-10 11:51 - 2015-05-21 10:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 11:33 - 2015-05-27 08:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 11:29 - 2015-05-27 08:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 11:25 - 2015-05-22 12:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 11:23 - 2015-05-22 11:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 11:22 - 2015-05-22 20:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 11:20 - 2015-05-22 20:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 11:19 - 2015-05-22 11:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 11:16 - 2015-05-22 21:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 11:16 - 2015-05-22 21:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 11:16 - 2015-05-22 21:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 11:16 - 2015-05-22 21:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 11:16 - 2015-05-22 21:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 11:16 - 2015-05-22 20:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 11:16 - 2015-05-22 20:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 11:16 - 2015-05-22 20:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 11:16 - 2015-05-22 20:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 11:16 - 2015-05-22 20:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 11:16 - 2015-05-22 20:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 11:16 - 2015-05-22 20:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 11:16 - 2015-05-22 20:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 11:16 - 2015-05-22 20:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 11:16 - 2015-05-22 20:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 11:16 - 2015-05-22 20:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 11:16 - 2015-05-22 13:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 11:16 - 2015-05-22 13:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 11:16 - 2015-05-22 13:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 11:16 - 2015-05-22 12:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 11:16 - 2015-05-22 12:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 11:16 - 2015-05-22 12:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 11:16 - 2015-05-22 12:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 11:16 - 2015-05-22 12:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 11:16 - 2015-05-22 12:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 11:16 - 2015-05-22 12:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 11:16 - 2015-05-22 12:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 11:16 - 2015-05-22 12:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 11:16 - 2015-05-22 12:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 11:16 - 2015-05-22 12:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 11:16 - 2015-05-22 11:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 11:16 - 2015-05-22 11:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 11:16 - 2015-05-22 11:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 11:13 - 2015-04-08 16:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 11:08 - 2015-03-19 21:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 11:08 - 2015-03-19 21:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 11:08 - 2015-03-19 20:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 11:08 - 2015-03-19 20:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 11:08 - 2015-03-01 19:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 11:08 - 2015-03-01 19:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 11:07 - 2015-05-25 07:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 11:07 - 2015-05-25 07:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 11:07 - 2015-04-08 16:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 11:06 - 2015-04-01 16:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 11:06 - 2015-04-01 16:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 11:01 - 2015-04-13 16:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 11:01 - 2015-04-13 16:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 11:00 - 2015-04-09 18:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 11:00 - 2015-04-09 18:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 10:59 - 2015-04-24 20:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 10:59 - 2015-04-24 20:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 10:59 - 2015-04-16 00:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 10:58 - 2015-03-31 22:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 10:58 - 2015-03-31 22:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 10:58 - 2015-03-31 22:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 10:58 - 2015-03-31 22:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 10:58 - 2015-03-31 21:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 10:58 - 2015-03-31 21:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 10:58 - 2015-03-31 21:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 10:58 - 2015-03-31 20:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 10:58 - 2015-03-31 20:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 10:58 - 2015-03-31 20:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 10:58 - 2015-03-31 20:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 10:58 - 2015-03-31 20:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 10:58 - 2015-03-31 20:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-05 16:09 - 2015-06-10 21:25 - 00000000 ____D C:\Users\cmany\AppData\Local\Chromium
2015-06-05 15:48 - 2015-06-05 15:48 - 00005106 _____ C:\Users\cmany\Downloads\blank.mp4
2015-06-05 15:41 - 2015-06-05 15:41 - 02621645 _____ C:\Users\cmany\Downloads\skateboard.dcr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 11:54 - 2014-01-31 15:36 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2123845491-2313268984-385980148-1007UA.job
2015-07-02 11:53 - 2014-09-06 04:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-02 11:27 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-02 11:24 - 2013-09-09 03:45 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2123845491-2313268984-385980148-1002
2015-07-02 11:20 - 2013-09-09 03:45 - 00000000 ____D C:\Users\cmany\Documents\Youcam
2015-07-02 11:19 - 2014-04-16 09:11 - 00000000 __RDO C:\Users\cmany\SkyDrive
2015-07-02 11:16 - 2013-09-09 20:56 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-02 11:14 - 2014-12-04 21:51 - 00075386 _____ C:\WINDOWS\setupact.log
2015-07-02 11:14 - 2013-09-29 21:55 - 01132786 _____ C:\WINDOWS\PFRO.log
2015-07-02 11:14 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-02 11:13 - 2013-11-02 16:08 - 01906679 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-02 11:13 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Registration
2015-07-02 11:13 - 2013-08-22 07:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-07-02 11:03 - 2013-09-09 20:56 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-02 11:00 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-02 10:00 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-02 09:47 - 2014-12-17 00:16 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-01 21:42 - 2013-09-09 03:39 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1967B75C-7D90-4971-A351-A41F4FD8FAE1}
2015-06-30 15:06 - 2013-11-04 19:58 - 03246080 ___SH C:\Users\cmany\Downloads\Thumbs.db
2015-06-30 14:29 - 2013-09-24 13:23 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-06-30 06:15 - 2014-01-19 10:20 - 00743424 ___SH C:\Users\cmany\Desktop\Thumbs.db
2015-06-29 14:58 - 2014-12-17 00:16 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-29 14:31 - 2014-03-21 05:45 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForcmany.job
2015-06-25 22:25 - 2014-09-12 22:15 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2123845491-2313268984-385980148-1002Core.job
2015-06-25 22:25 - 2013-11-02 15:46 - 00000000 ____D C:\Users\cmany
2015-06-25 21:12 - 2013-11-04 07:15 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2123845491-2313268984-385980148-1004
2015-06-25 18:57 - 2013-11-04 07:12 - 00000000 ___DO C:\Users\James\SkyDrive
2015-06-25 16:54 - 2014-01-31 15:36 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2123845491-2313268984-385980148-1007Core.job
2015-06-25 14:03 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-25 12:53 - 2014-09-06 04:51 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-25 12:43 - 2014-04-28 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-25 05:32 - 2015-04-26 07:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-22 23:29 - 2014-10-19 12:58 - 00000000 ____D C:\Users\cmany\AppData\Local\CrashDumps
2015-06-22 12:13 - 2013-09-09 20:58 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-20 11:49 - 2014-04-28 20:15 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-20 11:49 - 2014-04-28 20:15 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-20 08:37 - 2015-03-21 18:17 - 00095744 ___SH C:\Users\James\Downloads\Thumbs.db
2015-06-20 08:28 - 2015-03-23 20:36 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps
2015-06-20 07:17 - 2013-11-04 07:04 - 00000000 ____D C:\Users\James
2015-06-19 21:02 - 2015-05-14 16:55 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 21:02 - 2015-05-14 16:55 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-15 08:55 - 2013-09-29 22:04 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-12 12:14 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-12 10:21 - 2014-09-09 21:34 - 00000000 ____D C:\Temp
2015-06-11 10:02 - 2013-09-09 03:35 - 00000000 ____D C:\Users\cmany\AppData\Local\Packages
2015-06-10 21:08 - 2014-11-13 21:01 - 00000000 __SHD C:\Users\cmany\AppData\Local\EmieBrowserModeList
2015-06-10 21:08 - 2014-04-28 20:04 - 00000000 __SHD C:\Users\cmany\AppData\Local\EmieUserList
2015-06-10 21:08 - 2014-04-28 20:04 - 00000000 __SHD C:\Users\cmany\AppData\Local\EmieSiteList
2015-06-10 20:58 - 2013-08-22 08:44 - 00337976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 20:52 - 2015-04-21 20:17 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-10 20:52 - 2015-03-15 19:46 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-10 20:52 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 20:52 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 14:05 - 2013-09-10 20:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 13:15 - 2013-09-10 20:44 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-06 10:09 - 2014-03-28 11:40 - 00002058 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-06 10:09 - 2014-03-28 11:40 - 00002056 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-06 10:09 - 2014-03-28 11:40 - 00002046 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-06-06 10:09 - 2014-03-28 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-05 16:01 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Resources

==================== Files in the root of some directories =======

2015-06-10 15:04 - 2015-06-10 15:04 - 0000044 _____ () C:\Users\cmany\AppData\Roaming\WB.CFG
2015-07-01 22:01 - 2015-07-01 22:01 - 0000064 _____ () C:\Users\cmany\AppData\Local\af1f5a3da4d5606dd5071fdc7d1524c3
2014-12-20 10:48 - 2015-03-18 18:00 - 0006656 _____ () C:\Users\cmany\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-22 20:51 - 2014-11-22 20:51 - 0006529 _____ () C:\Users\cmany\AppData\Local\recently-used.xbel
2013-12-20 09:07 - 2015-05-14 21:31 - 0007604 _____ () C:\Users\cmany\AppData\Local\resmon.resmoncfg
2015-05-14 14:31 - 2015-02-03 13:49 - 0010240 _____ () C:\Users\cmany\AppData\Local\Z@!-7a1c0819-3e31-4117-a430-a8a830bf4d60.tmp
2015-05-14 14:31 - 2015-02-03 13:49 - 0009216 _____ () C:\Users\cmany\AppData\Local\Z@S!-3674060f-0321-47fa-9f0d-2b98cd6858c1.tmp

Some files in TEMP:
====================
C:\Users\cmany\AppData\Local\Temp\1435810342512_farbar-recovery-scan-tool.exe
C:\Users\cmany\AppData\Local\Temp\1435810539187_farbar-recovery-scan-tool.exe
C:\Users\cmany\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcpfxj2.dll
C:\Users\cmany\AppData\Local\Temp\farbar-recovery-scan-tool.exe
C:\Users\cmany\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\cmany\AppData\Local\Temp\optprosetup.exe
C:\Users\cmany\AppData\Local\Temp\{0513E177-9AD2-4DB6-9C83-4AF2D28870BD}-43.0.2357.65_chrome_installer.exe
C:\Users\cmany\AppData\Local\Temp\{4C432EF5-1214-4F4D-BAE5-960A6B0E9FAF}-42.0.2311.152_chrome_installer.exe
C:\Users\Ryan\AppData\Local\Temp\COMAP.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-01 23:01

==================== End of log ============================
 

cmany

New Member
Thread author
Jul 1, 2015
6
This is the addition.txt file

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by cmany at 2015-07-02 11:58:30
Running from C:\Users\cmany\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2123845491-2313268984-385980148-500 - Administrator - Disabled)
cmany (S-1-5-21-2123845491-2313268984-385980148-1002 - Administrator - Enabled) => C:\Users\cmany
Guest (S-1-5-21-2123845491-2313268984-385980148-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2123845491-2313268984-385980148-1006 - Limited - Enabled)
James (S-1-5-21-2123845491-2313268984-385980148-1004 - Limited - Enabled) => C:\Users\James
Ryan (S-1-5-21-2123845491-2313268984-385980148-1007 - Limited - Enabled) => C:\Users\Ryan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3603 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{47DB754E-FC61-4EAE-A933-6708CF466BB0}) (Version: 9.5.0314 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle (HKLM-x32\...\11231247) (Version: - Oberon Media)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.1 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.10.25 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\cmany\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\cmany\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\cmany\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\cmany\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\cmany\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\cmany\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\cmany\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2123845491-2313268984-385980148-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cmany\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

10-06-2015 12:07:02 Windows Update
18-06-2015 10:58:13 Scheduled Checkpoint
25-06-2015 14:00:53 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12A0D01E-ACE0-4F89-B453-B14B754EB0F8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {19ED4324-99F3-41AF-9101-1E835196733C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-08] (Hewlett-Packard)
Task: {20DE3A25-1F60-4D4F-A627-65E558917948} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {2142A8FF-8070-4449-A429-5869A0378112} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2123845491-2313268984-385980148-1002Core => C:\Users\cmany\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-24] (Google Inc.)
Task: {2904DE61-3034-4AE5-9FB4-BC9B1CBABB17} - \GeniusBox No Task File <==== ATTENTION
Task: {39C9CDC1-5278-456F-BC75-3E5976888C0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4059ABC1-BBF8-40AA-A119-54C53878E56C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2123845491-2313268984-385980148-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {53B02643-AB54-4FD5-BEBE-D8EBC1324CBD} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-03] (CyberLink Corp.)
Task: {608805E0-5FF1-4478-96E3-736C09800541} - System32\Tasks\HPCeeScheduleForcmany => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {66A287AE-6002-4F5D-B2EC-DD72AF1B947D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-10] (Synaptics Incorporated)
Task: {697A5465-09D2-46BA-8161-923741460FDE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2123845491-2313268984-385980148-1002UA => C:\Users\cmany\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-24] (Google Inc.)
Task: {6F0DEB2A-A0B6-4237-9359-3F9B6F9BA683} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2123845491-2313268984-385980148-1007Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)
Task: {7262756C-E5C7-482B-AB80-1F7DC58BCD74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-08] (Hewlett-Packard)
Task: {74026C79-BAB0-4908-BCC9-0AF55D52A32B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-09] (Google Inc.)
Task: {75A8807F-23F8-43D4-8CBE-5F486EA16AB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-09] (Google Inc.)
Task: {801B415D-1591-47D3-A13F-8EF4A5113A61} - System32\Tasks\avastBCLRestartS-1-5-21-2123845491-2313268984-385980148-1002 => Chrome.exe
Task: {8736ADB5-104B-42EB-85DD-4A21093EBD2A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
Task: {8EF8F6F9-F13D-4BD3-8828-8E80E56AC5BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8F948875-EF32-4F8C-9433-EAC180387172} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2123845491-2313268984-385980148-1007UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)
Task: {9B80C332-BE3D-4AF6-A22E-AA59A1515502} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {A114F463-70F0-4967-9143-702E68A57786} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-12-25] (Realtek Semiconductor)
Task: {B7E8F5F5-9A38-4AEC-A557-E79DF72034C8} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: {C18525AE-CB9F-4710-98DE-578405712CBC} - System32\Tasks\Google Update => C:\Users\cmany\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-24] (Google Inc.)
Task: {D0462F9B-00AB-4CA8-9AAB-534B25CE227C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E5114A26-FA2F-4DC7-BAD3-F3E0C05763B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {FBA3DC8D-CA4C-4F52-B273-DDBB47BC7E83} - System32\Tasks\Validate Installation => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2123845491-2313268984-385980148-1002Core.job => C:\Users\cmany\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2123845491-2313268984-385980148-1002UA.job => C:\Users\cmany\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2123845491-2313268984-385980148-1007Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2123845491-2313268984-385980148-1007UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForcmany.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-07 09:11 - 2015-05-07 09:11 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-07 09:11 - 2015-05-07 09:11 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-02 09:48 - 2015-07-02 09:48 - 02955264 _____ () C:\Program Files\AVAST Software\Avast\defs\15070202\algo.dll
2014-01-16 15:27 - 2013-08-05 01:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-30 14:46 - 2015-03-30 14:46 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-22 12:13 - 2015-06-19 23:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 12:13 - 2015-06-19 23:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-22 12:13 - 2015-06-19 23:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1AE68282
AlternateDataStreams: C:\Users\cmany\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\cmany\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\James\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Ryan\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Ryan\SkyDrive.old:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2123845491-2313268984-385980148-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.0.1 - 38.8.82.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: vToolbarUpdater18.4.0 => 2
MSCONFIG\Services: WtuSystemSupport => 2
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2123845491-2313268984-385980148-1002\...\StartupApproved\Run: => "msnmsgr"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DB1E6CAD-BA80-468D-8744-5EBC4C0E1F2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9EC512C4-B13C-45B2-B9E1-BD7F275F63DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3C915BFC-A7B3-4429-8BEB-5568F2C5EE70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8154691B-9156-44A2-86AD-C43DA8321FAA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A75CE455-05A2-410B-B31F-56FEA80367B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B4522328-08C3-4E6A-AF72-50032CA7E761}] => (Allow) C:\Users\cmany\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{427F688D-5A15-42A1-B500-9F2910D03F1F}] => (Allow) C:\Users\cmany\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{EB71A5CA-9CC9-44E5-9927-50E0CB31CC19}C:\users\cmany\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\cmany\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{D8B15FCB-B276-4802-ADAB-F1B098C08E84}C:\users\cmany\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\cmany\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0C682F09-50A4-43A8-A1C8-46380DB7DD0F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99CB8013-ABA3-48AB-9559-587166A14FFA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E6B4F33A-5E86-41A7-B1AB-9E710F1906D0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{02CB014F-AC50-4E12-B461-136EE799FD68}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{7BF68963-B5D9-41CD-8F26-B6CBFFCC834B}] => (Allow) C:\Users\cmany\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E2E93D07-78A3-4B44-8754-4BC4EF068250}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{847BA100-CB2A-4A74-968A-65820F2B9EF9}] => (Allow) LPort=2869
FirewallRules: [{E8C9B0C1-B4C7-4AFF-B3EE-C52953E4392B}] => (Allow) LPort=1900
FirewallRules: [{B85732C7-EE33-44E4-9DC8-159D2A04AD5D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{7BEF647E-5865-459C-BC6B-F0217D1A3163}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{010B0FB9-FEAE-43AC-9B88-1219812D54CB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6CD7C493-9D66-4627-B8BA-0292456EF2FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BC9B2F55-A94F-4817-B49E-3F88CDEC3EFC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{61631CAF-7856-4AA3-9D15-42D1F65D3E9D}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{0C55206D-46BE-4A14-B17C-BF01D379394D}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2015 11:08:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 358

Start Time: 01d0b4e89f503b9e

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: eec903c4-20dc-11e5-bf4e-a0481cbb707d

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (07/02/2015 10:51:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1590

Start Time: 01d0b4e686c77147

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 7f190a8c-20da-11e5-bf4e-a0481cbb707d

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (07/02/2015 09:49:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTINEPC)
Description: Activation of app Microsoft.NetworkSpeedTest_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/02/2015 09:49:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: CHRISTINEPC)
Description: App Microsoft.NetworkSpeedTest_1.0.0.23_x64__8wekyb3d8bbwe+App did not launch within its allotted time.

Error: (07/02/2015 09:46:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pmservice.exe, version: 1.1.23.141, time stamp: 0x53f257cf
Faulting module name: pmservice.exe, version: 1.1.23.141, time stamp: 0x53f257cf
Exception code: 0xc0000005
Fault offset: 0x0000d54b
Faulting process id: 0x93c
Faulting application start time: 0xpmservice.exe0
Faulting application path: pmservice.exe1
Faulting module path: pmservice.exe2
Report Id: pmservice.exe3
Faulting package full name: pmservice.exe4
Faulting package-relative application ID: pmservice.exe5

Error: (07/02/2015 04:48:58 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (07/01/2015 09:38:03 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server

Error: (06/30/2015 11:21:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 170c

Start Time: 01d0b35884375366

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\backgroundTaskHost.exe

Report Id: 72cb0605-1f4c-11e5-bf4c-a0481cbb707d

Faulting package full name: Microsoft.MicrosoftSudoku_1.2.1406.2005_x86__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (06/30/2015 11:21:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1140

Start Time: 01d0b358816a1d69

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\backgroundTaskHost.exe

Report Id: 723d6b1d-1f4c-11e5-bf4c-a0481cbb707d

Faulting package full name: Microsoft.MicrosoftMahjong_2.4.1412.2202_x86__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftMahjong

Error: (06/30/2015 05:45:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1250

Start Time: 01d0b32a37e76525

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 78eb259f-1f1d-11e5-bf4c-a0481cbb707d

Faulting package full name: Farlex.581429F59E1D8_2.1.0.18_x64__wyegy4e46y996

Faulting package-relative application ID: App


System errors:
=============
Error: (07/02/2015 11:17:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (07/02/2015 09:52:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PremierOpinion service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2015 09:50:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (07/02/2015 04:54:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.

Error: (07/02/2015 04:54:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

Error: (07/02/2015 04:53:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

Error: (07/01/2015 11:06:23 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTINEPC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (07/01/2015 11:06:23 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTINEPC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (07/01/2015 11:06:23 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTINEPC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (07/01/2015 11:06:23 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTINEPC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


Microsoft Office:
=========================
Error: (07/02/2015 11:08:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1741535801d0b4e89f503b9e4294967295C:\WINDOWS\syswow64\wwahost.exeeec903c4-20dc-11e5-bf4e-a0481cbb707dMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (07/02/2015 10:51:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415159001d0b4e686c771474294967295C:\WINDOWS\syswow64\wwahost.exe7f190a8c-20da-11e5-bf4e-a0481cbb707dMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (07/02/2015 09:49:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTINEPC)
Description: Microsoft.NetworkSpeedTest_8wekyb3d8bbwe!App-2144927142

Error: (07/02/2015 09:49:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: CHRISTINEPC)
Description: Microsoft.NetworkSpeedTest_1.0.0.23_x64__8wekyb3d8bbwe+App

Error: (07/02/2015 09:46:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: pmservice.exe1.1.23.14153f257cfpmservice.exe1.1.23.14153f257cfc00000050000d54b93c01d0b4de36d4a5e8C:\Program Files (x86)\PremierOpinion\pmservice.exeC:\Program Files (x86)\PremierOpinion\pmservice.exe8458b5b7-20d1-11e5-bf4e-a0481cbb707d

Error: (07/02/2015 04:48:58 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (07/01/2015 09:38:03 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485946

Error: (06/30/2015 11:21:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415170c01d0b358843753664294967295C:\WINDOWS\syswow64\backgroundTaskHost.exe72cb0605-1f4c-11e5-bf4c-a0481cbb707dMicrosoft.MicrosoftSudoku_1.2.1406.2005_x86__8wekyb3d8bbweApp

Error: (06/30/2015 11:21:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415114001d0b358816a1d694294967295C:\WINDOWS\syswow64\backgroundTaskHost.exe723d6b1d-1f4c-11e5-bf4c-a0481cbb707dMicrosoft.MicrosoftMahjong_2.4.1412.2202_x86__8wekyb3d8bbweMicrosoftMahjong

Error: (06/30/2015 05:45:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415125001d0b32a37e765254294967295C:\WINDOWS\system32\backgroundTaskHost.exe78eb259f-1f1d-11e5-bf4c-a0481cbb707dFarlex.581429F59E1D8_2.1.0.18_x64__wyegy4e46y996App


CodeIntegrity Errors:
===================================
Date: 2015-06-29 21:02:24.709
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-29 21:02:23.709
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-29 21:02:21.858
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-29 21:02:20.863
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-29 21:02:19.848
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-29 21:02:18.778
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-29 21:02:17.768
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-29 21:02:16.716
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-29 21:02:15.692
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-29 21:02:14.672
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD E-300 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 50%
Total physical RAM: 3682.26 MB
Available physical RAM: 1831.95 MB
Total Pagefile: 5346.26 MB
Available Pagefile: 3151.96 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:273.59 GB) (Free:182.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1E1F4777)

Partition: GPT Partition Type.

==================== End of log ============================
 

cmany

New Member
Thread author
Jul 1, 2015
6
OK...don't know why they wouldn't upload earlier...but they finally have
 

Attachments

  • Addition.txt
    40.5 KB · Views: 11
  • FRST.txt
    44.4 KB · Views: 13

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    6.1 KB · Views: 10

cmany

New Member
Thread author
Jul 1, 2015
6
Thanks so much. Looks like everything ran through, no more messages upon reboot. Will be looking up the other tips posted for optimizing my machine.

Do you know what I got hit with?

Here is the file.
 

Attachments

  • Fixlog.txt
    16.4 KB · Views: 8

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
You've been infected with Adware and sadly, I don't know how you got infected.


Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)


Recommended reading:
icon_exclaim.gif
MUST READ - security tips:

icon_exclaim.gif
MUST READ - general maintenance:


The Importance of Software Updating:

In order to stay protected it is
very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.




Recommended additional software:
icon_arrow.gif
CCleaner - to clean unneeded temporary files.
icon_arrow.gif
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif
McShield - to prevent infections spread by removable media.
icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gif
Adblock - to surf the web without annoying ads!



Post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​




Stay safe,
TwinHeadedEagle :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top