Solved Tried to watch Avatar, ended up with Cosstmin and won't go away!!

Status
Not open for further replies.
T

Tracyspeaks

New Member
Thread author
Aug 16, 2014
14
I would really like some help removing this program. I work from my computer and cannot afford for it be infected.

Please help!
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
T

Tracyspeaks

New Member
Thread author
Aug 16, 2014
14
Good morning. Hope you're still there. I had to put this computer down to use a backup computer. My son needs computer to do school work. Getting started now!
 
T

Tracyspeaks

New Member
Thread author
Aug 16, 2014
14
Here is the first log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Tracy Dornelly (administrator) on TRACYDORNELLY on 20-08-2014 08:40:34
Running from C:\Users\Tracy Dornelly\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\firefox\firefox.exe
(Mozilla Corporation) C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\firefox\firefox.exe
(Mozilla Corporation) C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Mozilla Corporation) C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\firefox\firefox.exe
(Mozilla Corporation) C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\firefox\firefox.exe
(Mozilla Corporation) C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\firefox\firefox.exe
(Mozilla Corporation) C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\firefox\firefox.exe
(Mozilla Corporation) C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
() C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\Idle~Crawler.exe
(Mozilla Corporation) C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Mozilla Corporation) C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [fst_us_205] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4085511053-820811713-3101008905-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-21-4085511053-820811713-3101008905-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-4085511053-820811713-3101008905-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-08] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Tracy Dornelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DealFinder.lnk
ShortcutTarget: DealFinder.lnk -> C:\Program Files (x86)\AA\DealFinder\DealFinder\DealFinder.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Tracy Dornelly\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\user.js
FF SearchPlugin: C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\searchplugins\cc-wiki-en.xml
FF SearchPlugin: C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\searchplugins\creative-commons-search.xml
FF SearchPlugin: C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\searchplugins\web-search-powered-by-google.xml
FF Extension: cosstminn - C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\Extensions\bodn@ieiy.net [2014-08-15]
FF Extension: PageRank for Firefox - C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\Extensions\pagerank@any-tech.ws.xpi [2012-04-10]
FF Extension: Alexa Toolbar - C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\Extensions\toolbar@alexa.com.xpi [2011-09-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-11]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Extension: (cosstminn) - C:\Users\Tracy Dornelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkpacilcggkkbellcfbemdfaammddigp [2014-08-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 mr7910; C:\Windows\System32\DRIVERS\mr7910.sys [55808 2007-03-16] (Mars Semiconductor Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 08:40 - 2014-08-20 08:41 - 00017883 _____ () C:\Users\Tracy Dornelly\Downloads\FRST.txt
2014-08-20 08:39 - 2014-08-20 08:40 - 00000000 ____D () C:\FRST
2014-08-20 08:37 - 2014-08-20 08:37 - 02101760 _____ (Farbar) C:\Users\Tracy Dornelly\Downloads\FRST64.exe
2014-08-16 10:43 - 2014-08-20 08:39 - 00002600 _____ () C:\Users\Tracy Dornelly\Desktop\Homeschooling notes.txt
2014-08-15 23:36 - 2014-08-15 23:36 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-15 23:27 - 2013-12-18 22:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-15 23:26 - 2014-08-15 23:26 - 00000000 ____D () C:\Program Files (x86)\Okiitan
2014-08-15 23:25 - 2014-08-15 23:25 - 00003476 _____ () C:\windows\System32\Tasks\PCSafePRO_Popup
2014-08-15 23:25 - 2014-08-15 23:25 - 00003212 _____ () C:\windows\System32\Tasks\PCSafePRO_Start
2014-08-15 23:25 - 2014-08-15 23:25 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Fusion_Tech_Software,_LLC
2014-08-15 23:24 - 2014-08-16 08:55 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-15 23:24 - 2014-08-15 23:44 - 00000000 ____D () C:\ProgramData\cosstminn
2014-08-15 23:24 - 2014-08-15 23:36 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
2014-08-15 23:24 - 2014-08-15 23:34 - 00000000 ____D () C:\ProgramData\4d09ce8d5400296d
2014-08-15 23:24 - 2014-08-15 23:34 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2014-08-15 23:24 - 2014-08-15 23:25 - 00000000 ____D () C:\Users\Tracy Dornelly\Documents\PCSafePRO
2014-08-15 23:24 - 2014-08-15 23:25 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler
2014-08-15 23:24 - 2014-08-15 23:24 - 00004606 _____ () C:\windows\System32\Tasks\Idle~Crawler Runner
2014-08-15 23:24 - 2014-08-15 23:24 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Torch
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Packages
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Google
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\globalUpdate
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Comodo
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Chromatic Browser
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator
2014-08-15 23:23 - 2014-08-15 23:23 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-08-15 23:22 - 2014-08-15 23:33 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Roaming\device
2014-08-15 23:22 - 2014-08-15 23:32 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Roaming\serv
2014-08-15 23:22 - 2014-08-15 23:22 - 00300920 _____ () C:\Users\Tracy Dornelly\Downloads\setup.exe
2014-08-15 12:56 - 2014-08-15 12:56 - 00267359 _____ () C:\Users\Tracy Dornelly\Downloads\ferguson protest 1.jpeg
2014-08-14 08:54 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-14 08:54 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-14 08:54 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-14 08:54 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-14 08:54 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-14 08:54 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-14 08:54 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-14 08:54 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-13 09:17 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-13 09:17 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-13 09:17 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-13 09:17 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-13 09:17 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-13 09:17 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-13 09:17 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-13 09:17 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-13 09:17 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-13 09:17 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-13 09:17 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-13 09:17 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-13 09:17 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-13 09:17 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-13 09:17 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-13 09:17 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-13 09:17 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-13 09:17 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-13 09:17 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-13 09:17 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-13 09:17 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-13 09:17 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-13 09:17 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-13 09:17 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-13 09:17 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-13 09:17 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 09:17 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-13 09:17 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-13 09:17 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-13 09:17 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-13 09:17 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-13 09:17 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-13 09:17 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-13 09:17 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-13 09:17 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-13 09:17 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-13 09:17 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-13 09:17 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-13 09:17 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 09:17 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-13 09:17 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-13 09:17 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-13 09:17 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-13 09:17 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-13 09:17 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-13 09:17 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-13 09:17 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-13 09:17 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-13 09:17 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-13 09:17 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-13 09:17 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-13 09:17 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-13 09:17 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-13 09:17 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-13 09:17 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-13 09:17 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-13 09:17 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-13 09:17 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-13 09:17 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-13 09:17 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-13 09:17 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-13 09:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-13 09:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-13 09:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-13 09:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-13 09:17 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-13 09:17 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-13 09:17 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-13 09:17 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-13 09:17 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-13 09:17 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-13 09:17 - 2014-07-08 18:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-13 09:17 - 2014-07-08 18:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-13 09:17 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-13 09:17 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-13 09:17 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-13 09:17 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-13 09:17 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-13 09:17 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-13 09:17 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-13 09:17 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-13 09:17 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-13 09:17 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-13 09:14 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-13 09:14 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-13 09:14 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-13 09:14 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-08 18:38 - 2014-08-08 18:38 - 00635760 _____ (ROBLOX Corporation) C:\Users\Tracy Dornelly\Downloads\RobloxPlayerLauncher.exe
2014-08-08 13:39 - 2014-08-08 13:39 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\{DCEAD4C1-DA90-433F-95C5-684F3A1A49A6}
2014-08-08 01:38 - 2014-08-08 01:38 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\{87170A43-C0BB-4AB3-AB22-DF7B10BED0E9}
2014-08-07 12:47 - 2014-08-07 12:47 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\{562E1661-2DC5-43FB-BD64-0DB920A871B3}
2014-08-07 10:01 - 2014-08-07 10:01 - 00147098 _____ () C:\Users\Tracy Dornelly\Downloads\blerd tristan.jpeg
2014-08-07 00:44 - 2014-08-07 00:47 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\{02327C8C-1B9C-40B9-A407-1543EE8B852E}
2014-08-07 00:44 - 2014-08-07 00:44 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\{2A6227B3-28A2-4C5E-9435-C4DBA6CDB1F7}
2014-08-02 09:14 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-02 09:14 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-02 09:14 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-02 09:14 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-02 09:14 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-02 09:14 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-02 09:14 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-02 09:14 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-02 09:14 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-02 09:14 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-02 09:14 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-02 09:14 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-02 09:14 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-02 09:14 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-24 22:58 - 2014-08-15 20:03 - 00030288 _____ () C:\Users\Tracy Dornelly\Desktop\notes misc.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 08:41 - 2014-08-20 08:40 - 00017883 _____ () C:\Users\Tracy Dornelly\Downloads\FRST.txt
2014-08-20 08:40 - 2014-08-20 08:39 - 00000000 ____D () C:\FRST
2014-08-20 08:40 - 2011-08-24 21:25 - 00000506 _____ () C:\windows\Tasks\SystemToolsDailyTest.job
2014-08-20 08:40 - 2011-07-21 02:07 - 01468836 _____ () C:\windows\WindowsUpdate.log
2014-08-20 08:39 - 2014-08-16 10:43 - 00002600 _____ () C:\Users\Tracy Dornelly\Desktop\Homeschooling notes.txt
2014-08-20 08:39 - 2013-05-23 13:23 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Roaming\BatteryBar
2014-08-20 08:37 - 2014-08-20 08:37 - 02101760 _____ (Farbar) C:\Users\Tracy Dornelly\Downloads\FRST64.exe
2014-08-20 08:37 - 2011-08-24 21:25 - 00000564 _____ () C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-20 08:26 - 2012-04-12 08:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 08:26 - 2011-08-27 20:59 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Roaming\Skype
2014-08-18 12:33 - 2012-05-27 11:11 - 73540096 ___SH () C:\Users\Tracy Dornelly\Downloads\Thumbs.db
2014-08-18 12:31 - 2011-08-24 21:25 - 00003560 _____ () C:\windows\System32\Tasks\SystemToolsDailyTest
2014-08-16 09:25 - 2009-07-14 00:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 09:25 - 2009-07-14 00:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 08:55 - 2014-08-15 23:24 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-16 02:15 - 2013-09-11 06:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-15 23:48 - 2013-05-23 13:43 - 00017373 _____ () C:\windows\setupact.log
2014-08-15 23:45 - 2011-07-21 03:04 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-08-15 23:45 - 2011-07-21 03:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-08-15 23:45 - 2011-07-21 02:53 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-08-15 23:44 - 2014-08-15 23:24 - 00000000 ____D () C:\ProgramData\cosstminn
2014-08-15 23:44 - 2013-05-23 13:42 - 00156168 _____ () C:\windows\PFRO.log
2014-08-15 23:44 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-15 23:36 - 2014-08-15 23:36 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-15 23:36 - 2014-08-15 23:24 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
2014-08-15 23:34 - 2014-08-15 23:24 - 00000000 ____D () C:\ProgramData\4d09ce8d5400296d
2014-08-15 23:34 - 2014-08-15 23:24 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2014-08-15 23:33 - 2014-08-15 23:22 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Roaming\device
2014-08-15 23:32 - 2014-08-15 23:22 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Roaming\serv
2014-08-15 23:29 - 2013-09-11 07:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-15 23:29 - 2012-05-07 00:34 - 00000000 ____D () C:\Users\Tracy Dornelly\DDM
2014-08-15 23:26 - 2014-08-15 23:26 - 00000000 ____D () C:\Program Files (x86)\Okiitan
2014-08-15 23:25 - 2014-08-15 23:25 - 00003476 _____ () C:\windows\System32\Tasks\PCSafePRO_Popup
2014-08-15 23:25 - 2014-08-15 23:25 - 00003212 _____ () C:\windows\System32\Tasks\PCSafePRO_Start
2014-08-15 23:25 - 2014-08-15 23:25 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Fusion_Tech_Software,_LLC
2014-08-15 23:25 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\Documents\PCSafePRO
2014-08-15 23:25 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler
2014-08-15 23:24 - 2014-08-15 23:24 - 00004606 _____ () C:\windows\System32\Tasks\Idle~Crawler Runner
2014-08-15 23:24 - 2014-08-15 23:24 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Torch
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Packages
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Google
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\globalUpdate
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Comodo
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Chromatic Browser
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator
2014-08-15 23:24 - 2009-07-13 23:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-08-15 23:24 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-08-15 23:23 - 2014-08-15 23:23 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-08-15 23:22 - 2014-08-15 23:22 - 00300920 _____ () C:\Users\Tracy Dornelly\Downloads\setup.exe
2014-08-15 20:03 - 2014-07-24 22:58 - 00030288 _____ () C:\Users\Tracy Dornelly\Desktop\notes misc.txt
2014-08-15 12:56 - 2014-08-15 12:56 - 00267359 _____ () C:\Users\Tracy Dornelly\Downloads\ferguson protest 1.jpeg
2014-08-14 10:47 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-08-14 09:24 - 2009-07-14 00:45 - 00464288 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-14 09:22 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-14 09:06 - 2011-12-11 15:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 09:01 - 2013-08-08 01:41 - 00000000 ____D () C:\windows\system32\MRT
2014-08-14 08:59 - 2011-08-27 12:34 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-14 08:52 - 2014-05-07 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-12 21:39 - 2011-07-21 04:59 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-10 09:30 - 2011-07-21 02:48 - 00000000 ____D () C:\ProgramData\Skype
2014-08-08 18:38 - 2014-08-08 18:38 - 00635760 _____ (ROBLOX Corporation) C:\Users\Tracy Dornelly\Downloads\RobloxPlayerLauncher.exe
2014-08-08 13:39 - 2014-08-08 13:39 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\{DCEAD4C1-DA90-433F-95C5-684F3A1A49A6}
2014-08-08 01:38 - 2014-08-08 01:38 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\{87170A43-C0BB-4AB3-AB22-DF7B10BED0E9}
2014-08-07 12:47 - 2014-08-07 12:47 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\{562E1661-2DC5-43FB-BD64-0DB920A871B3}
2014-08-07 10:01 - 2014-08-07 10:01 - 00147098 _____ () C:\Users\Tracy Dornelly\Downloads\blerd tristan.jpeg
2014-08-07 00:47 - 2014-08-07 00:44 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\{02327C8C-1B9C-40B9-A407-1543EE8B852E}
2014-08-07 00:44 - 2014-08-07 00:44 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\{2A6227B3-28A2-4C5E-9435-C4DBA6CDB1F7}
2014-08-06 22:06 - 2014-08-13 09:14 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-13 09:14 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-01 10:46 - 2012-04-10 00:21 - 00000000 ____D () C:\Users\Tracy Dornelly\Tracy's Life
2014-07-31 19:41 - 2014-08-13 09:17 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-13 09:17 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-26 08:39 - 2012-05-20 09:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 08:39 - 2012-05-20 09:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 08:39 - 2012-05-07 07:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-26 01:16 - 2012-05-20 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 10:52 - 2014-08-13 09:17 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-13 09:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-13 09:17 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-13 09:17 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-13 09:17 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-13 09:17 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-13 09:17 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-13 09:17 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-13 09:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-13 09:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-13 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-13 09:17 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-13 09:17 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-13 09:17 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-13 09:17 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-13 09:17 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 08:47 - 2014-08-13 09:17 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:40 - 2014-08-13 09:17 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-13 09:17 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-13 09:17 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-13 09:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-13 09:17 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-13 09:17 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-13 09:17 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-13 09:17 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-13 09:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-13 09:17 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-13 09:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-13 09:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-13 09:17 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-13 09:17 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-13 09:17 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-13 09:17 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-13 09:17 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-13 09:17 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-13 09:17 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-13 09:17 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-13 09:17 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-13 09:17 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-13 09:17 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-13 09:17 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-13 09:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-13 09:17 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-13 09:17 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-13 09:17 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-13 09:17 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-13 09:17 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:03 - 2014-08-13 09:17 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-13 09:17 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-13 09:17 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-13 09:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-13 09:17 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-13 09:17 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-13 09:17 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-23 14:45 - 2014-06-11 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Tracy Dornelly\AppData\Local\Temp\7-doohtz.dll
C:\Users\Tracy Dornelly\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Tracy Dornelly\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Tracy Dornelly\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Tracy Dornelly\AppData\Local\Temp\nzttyylf.dll
C:\Users\Tracy Dornelly\AppData\Local\Temp\post1.exe
C:\Users\Tracy Dornelly\AppData\Local\Temp\post2.dll
C:\Users\Tracy Dornelly\AppData\Local\Temp\post2.exe
C:\Users\Tracy Dornelly\AppData\Local\Temp\setup__9487.exe
C:\Users\Tracy Dornelly\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 00:38

==================== End Of Log ============================
 
T

Tracyspeaks

New Member
Thread author
Aug 16, 2014
14
This is the Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Tracy Dornelly at 2014-08-20 08:43:06
Running from C:\Users\Tracy Dornelly\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5830.14 - Dell Inc.)
Dell Support Center (Version: 3.1.5830.14 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 5.4.0.1060 (HKCU\...\GoToMeeting) (Version: 5.4.0.1060 - CitrixOnline)
Idle~Crawler (HKLM-x32\...\Idle~Crawler) (Version: 80.0.0.428 - web research foundation)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CB}) (Version: 16.0.9691 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4085511053-820811713-3101008905-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1060\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

29-07-2014 12:53:24 Windows Update
30-07-2014 02:07:17 Removed eBay
01-08-2014 13:26:57 Windows Update
02-08-2014 13:13:56 Windows Update
05-08-2014 13:20:05 Windows Update
08-08-2014 13:23:40 Windows Update
12-08-2014 13:29:21 Windows Update
14-08-2014 12:51:38 Windows Update
16-08-2014 03:26:45 Installed Java 7 Update 45
16-08-2014 03:33:02 Windows Defender Checkpoint
16-08-2014 06:14:47 Removed Java 7 Update 45

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {33411963-5753-42A5-8E1C-FD0C80DF04FD} - System32\Tasks\PCSafePRO_Popup => C:\Program Files (x86)\PC Safe PRO\Splash.exe
Task: {33739F40-3AB1-4A8B-90BC-A175AEFFE5C3} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~Crawler Update => %LOCALAPPDATA%\Idle~Crawler\Idle~Crawler.exe
Task: {5A860988-B3C4-4F27-ABDB-436C009F7A4B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {6C98019D-2986-41EB-B0F0-86A1E14B3F52} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-07-25] (PC-Doctor, Inc.)
Task: {76DD91FA-6EE8-4121-BE46-80AB3AA61BB3} - System32\Tasks\Idle~Crawler Runner => %LOCALAPPDATA%\Idle~Crawler\Idle~Crawler.exe
Task: {811E0A6A-DEF2-4521-A2A2-E1762D3C12C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {89895AA1-31C8-49C9-9249-DC9E6D9EB3FB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-07-25] (PC-Doctor, Inc.)
Task: {9B6ED1BA-2E71-453F-99A4-46EBAA37EAD4} - System32\Tasks\PCSafePRO_Start => C:\Program Files (x86)\PC Safe PRO\PCSafePRO.exe
Task: {C22BCD1C-0CA1-40BE-B14A-876C81CC475A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FB02C971-4898-4164-B02C-AEE78076CEEB} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-07-25] (PC-Doctor, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2010-12-17 14:53 - 2010-12-17 14:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-07-21 02:53 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-07-21 04:47 - 2011-04-10 14:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-17 14:53 - 2010-12-17 14:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-04-11 02:17 - 2013-04-11 02:17 - 00057856 _____ () C:\Program Files\BatteryBar\BarExplorerHook.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-02-01 12:50 - 2012-02-01 12:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2014-08-12 12:04 - 2014-08-12 12:04 - 00099840 _____ () C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\Idle~Crawler.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2014-08-14 10:04 - 2014-08-14 10:04 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\97d6b17ed342f72bdf559a51f37ca929\IsdiInterop.ni.dll
2011-07-21 02:18 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-08-15 23:25 - 2014-06-06 00:38 - 03852912 _____ () C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\firefox\mozjs.dll
2014-07-08 18:12 - 2014-07-08 18:12 - 17029808 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
2014-06-11 12:38 - 2014-07-23 14:45 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-12 12:04 - 2014-08-12 12:04 - 00060416 _____ () C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\Modules\ManXec.dll
2014-08-12 12:04 - 2014-08-12 12:04 - 00039936 _____ () C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\Modules\PrfIns.dll
2014-08-12 12:04 - 2014-08-12 12:04 - 00047616 _____ () C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\Modules\WbSes.dll
2014-08-12 12:04 - 2014-08-12 12:04 - 00046592 _____ () C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\Modules\WdcMan.dll
2014-08-12 12:04 - 2014-08-12 12:04 - 00039424 _____ () C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\Modules\WblSupp.dll
2014-08-12 12:04 - 2014-08-12 12:04 - 00032768 _____ () C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler\Modules\CmnUtls.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2014 11:09:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9110

Error: (08/19/2014 11:09:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9110

Error: (08/19/2014 11:09:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2014 11:09:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8065

Error: (08/19/2014 11:09:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8065

Error: (08/19/2014 11:09:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2014 11:09:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020

Error: (08/19/2014 11:09:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020

Error: (08/19/2014 11:09:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2014 11:09:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6021


System errors:
=============
Error: (08/15/2014 11:45:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (08/15/2014 11:45:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (08/15/2014 11:37:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update Dolphin Deals service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/15/2014 11:33:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NetworkHostSrv service terminated unexpectedly. It has done this 1 time(s).

Error: (08/15/2014 11:23:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NetworkHostSrv service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/14/2014 11:47:29 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer EMPRESS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{57494F34-B98F-44BD-A1AA-877496F2D401}.
The master browser is stopping or an election is being forced.

Error: (08/14/2014 11:35:29 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer EMPRESS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{57494F34-B98F-44BD-A1AA-877496F2D401}.
The master browser is stopping or an election is being forced.

Error: (08/14/2014 11:22:20 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer EMPRESS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{57494F34-B98F-44BD-A1AA-877496F2D401}.
The master browser is stopping or an election is being forced.

Error: (08/14/2014 09:26:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (08/14/2014 09:26:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.


Microsoft Office Sessions:
=========================
Error: (07/24/2014 03:52:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 543806 seconds with 5280 seconds of active time. This session ended with a crash.

Error: (07/18/2014 08:47:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 306458 seconds with 2280 seconds of active time. This session ended with a crash.

Error: (06/29/2014 02:13:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 450490 seconds with 6000 seconds of active time. This session ended with a crash.

Error: (05/09/2014 07:15:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14151 seconds with 120 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2013-07-08 03:50:49.789
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-08 03:50:49.730
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-08 03:49:16.759
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-08 03:49:16.700
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-08 03:48:33.710
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-08 03:48:33.652
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-08 03:48:32.600
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-08 03:48:32.541
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-08 03:48:31.437
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-08 03:48:31.376
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 77%
Total physical RAM: 8100.25 MB
Available physical RAM: 1806.51 MB
Total Pagefile: 26975.81 MB
Available Pagefile: 2459.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:573.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 33A289ED)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.




adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.
 

Attachments

  • fixlist.txt
    4.5 KB · Views: 246
T

Tracyspeaks

New Member
Thread author
Aug 16, 2014
14
I wasn't able to save the FRST file to my desktop. I'm using Firefox, so I downloaded the file, the box popped up for me to scan. I hit scan and pasted the codes that appeared in the popup notepads.

I'm not sure where the file is now. I tried to hit "Fix" on the popup window and it said both files need to be located in the same place.
 
T

Tracyspeaks

New Member
Thread author
Aug 16, 2014
14
The email said, "Download attached fixlist.txt file and save it to the Desktop:"

I'm sorry, I didn't see a file attached. I did download the AdwCleaner but didn't run it. I wasn't sure....hope I didn't make anything worst!
 
T

Tracyspeaks

New Member
Thread author
Aug 16, 2014
14
Fixlog.txt below:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Tracy Dornelly at 2014-08-20 11:59:00 Run:1
Running from C:\Users\Tracy Dornelly\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [fst_us_205] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File
FF user.js: detected! => C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\user.js
FF SearchPlugin: C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\searchplugins\cc-wiki-en.xml
FF SearchPlugin: C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\searchplugins\creative-commons-search.xml
FF SearchPlugin: C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\searchplugins\web-search-powered-by-google.xml
FF Extension: cosstminn - C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\Extensions\bodn@ieiy.net [2014-08-15]
CHR Extension: (cosstminn) - C:\Users\Tracy Dornelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkpacilcggkkbellcfbemdfaammddigp [2014-08-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-08-15 23:24 - 2014-08-15 23:34 - 00000000 ____D () C:\ProgramData\4d09ce8d5400296d
2014-08-15 23:24 - 2014-08-15 23:34 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2014-08-15 23:24 - 2014-08-15 23:25 - 00000000 ____D () C:\Users\Tracy Dornelly\Documents\PCSafePRO
2014-08-15 23:24 - 2014-08-15 23:25 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler
2014-08-15 23:24 - 2014-08-15 23:24 - 00004606 _____ () C:\windows\System32\Tasks\Idle~Crawler Runner
2014-08-15 23:24 - 2014-08-15 23:24 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Torch
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Packages
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Google
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\globalUpdate
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Comodo
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Tracy Dornelly\AppData\Local\Chromatic Browser
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Guest
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-15 23:24 - 2014-08-15 23:24 - 00000000 ____D () C:\Users\Administrator
emptytemp:
cmd: ipconfig /flushdns
Task: {33411963-5753-42A5-8E1C-FD0C80DF04FD} - System32\Tasks\PCSafePRO_Popup => C:\Program Files (x86)\PC Safe PRO\Splash.exe
Task: {33739F40-3AB1-4A8B-90BC-A175AEFFE5C3} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~Crawler Update => %LOCALAPPDATA%\Idle~Crawler\Idle~Crawler.exe
Task: {76DD91FA-6EE8-4121-BE46-80AB3AA61BB3} - System32\Tasks\Idle~Crawler Runner => %LOCALAPPDATA%\Idle~Crawler\Idle~Crawler.exe
Task: {9B6ED1BA-2E71-453F-99A4-46EBAA37EAD4} - System32\Tasks\PCSafePRO_Start => C:\Program Files (x86)\PC Safe PRO\PCSafePRO.exe
C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_us_205 => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully.
"HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key not found.
"HKCR\PROTOCOLS\Handler\cozi" => Key deleted successfully.
"HKCR\CLSID\{5356518D-FE9C-4E08-9C1F-1E872ECD367F}" => Key not found.
C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\user.js => Moved successfully.
C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\searchplugins\cc-wiki-en.xml => Moved successfully.
C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\searchplugins\creative-commons-search.xml => Moved successfully.
C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\searchplugins\web-search-powered-by-google.xml => Moved successfully.
C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\Extensions\bodn@ieiy.net => Moved successfully.
C:\Users\Tracy Dornelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkpacilcggkkbellcfbemdfaammddigp => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\4d09ce8d5400296d => Moved successfully.
C:\Program Files (x86)\cosstminn => Moved successfully.
C:\Users\Tracy Dornelly\Documents\PCSafePRO => Moved successfully.
C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler => Moved successfully.
C:\windows\System32\Tasks\Idle~Crawler Runner => Moved successfully.
C:\ProgramData\ntuser.pol => Moved successfully.
C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf => Moved successfully.
C:\Users\Tracy Dornelly\AppData\Local\Torch => Moved successfully.
C:\Users\Tracy Dornelly\AppData\Local\Packages => Moved successfully.
C:\Users\Tracy Dornelly\AppData\Local\Google => Moved successfully.
C:\Users\Tracy Dornelly\AppData\Local\globalUpdate => Moved successfully.
C:\Users\Tracy Dornelly\AppData\Local\Comodo => Moved successfully.
C:\Users\Tracy Dornelly\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Torch => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Comodo => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\HomeGroupUser$ => Moved successfully.
C:\Users\Guest\AppData\Local\Torch => Moved successfully.
C:\Users\Guest\AppData\Local\Google => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo => Moved successfully.
C:\Users\Guest\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Guest => Moved successfully.
C:\Users\Administrator\AppData\Local\Torch => Moved successfully.
C:\Users\Administrator\AppData\Local\Google => Moved successfully.
C:\Users\Administrator\AppData\Local\Comodo => Moved successfully.
C:\Users\Administrator\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Administrator => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33411963-5753-42A5-8E1C-FD0C80DF04FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33411963-5753-42A5-8E1C-FD0C80DF04FD}" => Key deleted successfully.
C:\Windows\System32\Tasks\PCSafePRO_Popup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSafePRO_Popup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33739F40-3AB1-4A8B-90BC-A175AEFFE5C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33739F40-3AB1-4A8B-90BC-A175AEFFE5C3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Idle~Crawler Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Idle~Crawler Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{76DD91FA-6EE8-4121-BE46-80AB3AA61BB3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76DD91FA-6EE8-4121-BE46-80AB3AA61BB3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Idle~Crawler Runner not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Idle~Crawler Runner" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B6ED1BA-2E71-453F-99A4-46EBAA37EAD4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B6ED1BA-2E71-453F-99A4-46EBAA37EAD4}" => Key deleted successfully.
C:\Windows\System32\Tasks\PCSafePRO_Start => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSafePRO_Start" => Key deleted successfully.
"C:\Users\Tracy Dornelly\AppData\Local\Idle~Crawler" => File/Directory not found.
EmptyTemp: => Removed 12.4 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
 
T

Tracyspeaks

New Member
Thread author
Aug 16, 2014
14
Here is the AdwCleaner log:
# AdwCleaner v3.307 - Report created 20/08/2014 at 12:33:57
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tracy Dornelly - TRACYDORNELLY
# Running from : C:\Users\Tracy Dornelly\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\cosstminn
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
File Deleted : C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\Extensions\toolbar@alexa.com.xpi

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\FreeSoftToday
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Tracy Dornelly\AppData\Roaming\Mozilla\Firefox\Profiles\lcohjray.default\prefs.js ]

Line Deleted : user_pref("extensions.6o2KUq.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
Line Deleted : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\n <replacements>\n <replacement>\n <key><![CDATA[__REGION__PLACEHOLDER__]]></key>\n <v[...]
Line Deleted : user_pref("extensions.crossrider.bic", "147dcd8e0aee9508092db14f932962fc");

*************************

AdwCleaner[R0].txt - [2832 octets] - [20/08/2014 12:26:22]
AdwCleaner[R1].txt - [2892 octets] - [20/08/2014 12:33:27]
AdwCleaner[S0].txt - [2647 octets] - [20/08/2014 12:33:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2707 octets] ##########
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
We will delete them in the next step :)



Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.


Recommended reading:
icon_exclaim.gif
MUST READ - security tips:

icon_exclaim.gif
MUST READ - general maintenance:


The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.



Recommended additional software:
icon_arrow.gif
TFC - to clean unneeded temporary files.
icon_arrow.gif
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif
McShield - to prevent infections spread by removable media.
icon_arrow.gif
CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gif
FiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gif
Adblock - to surf the web without annoying ads!



Post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​



Stay safe,
TwinHeadedEagle :)
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Since this issue appears to be resolved, I am closing the topic. If that is not the case and you need or wish to continue with this topic, please contact me or any staff member with the address of the thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
 
Status
Not open for further replies.

Similar threads

B
  • Locked
A malware extension that I have been trying to get rid of for weeks.
Replies
1
Views
446
Windows Malware Removal Help & Support
nasdaq
nasdaq
Sour356
  • Locked
Chromstera wont uninstall from programs and features
Replies
10
Views
728
Windows Malware Removal Help & Support
nasdaq
nasdaq
Sour356
  • Locked
Chromstera wont uninstall from programs and features
Replies
3
Views
654
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top