Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24
  1. #11
    Member
    Join Date
    Aug 2014
    Posts
    14
    Points
    0

    Default

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 8/30/2014
    Scan Time: 11:23:22 AM
    Logfile: malwarereport.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.08.30.05
    Rootkit Database: v2014.08.21.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7
    CPU: x64
    File System: NTFS
    User: Ryan

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 308633
    Time Elapsed: 19 min, 32 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    First.txt:
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2014
    Ran by Ryan (administrator) on RYAN-PC on 30-08-2014 12:04:07
    Running from C:\Users\Ryan\Downloads
    Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Safe Mode (with Networking)

    The only official download link for FRST:
    Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
    Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [DellSupportCenter] => c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [287112 2012-02-22] (SecureW2 B.V.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-3335902033-79738686-2682408393-1001\...\Run: [Facebook Update] => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
    HKU\S-1-5-21-3335902033-79738686-2682408393-1001\...\Policies\Explorer: [HideSCAHealth] 1

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x12F8BE4537BECF01
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.731.2\NativeBHO.dll (WhiteSky)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\q6egzb0x.default-1390148873435
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ryan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml
    FF Extension: Adblock Plus - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\q6egzb0x.default-1390148873435\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-02]

    Chrome:
    =======
    CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
    CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
    S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [290816 2008-05-16] (Pharos Systems International) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 SW2SVC; C:\Program Files (x86)\SecureW2\sw2_service.exe [126856 2012-02-22] (SecureW2 B.V.)
    S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
    S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
    S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-30 12:04 - 2014-08-30 12:05 - 00012076 _____ () C:\Users\Ryan\Downloads\FRST.txt
    2014-08-30 11:55 - 2014-08-30 12:04 - 00000000 ____D () C:\FRST
    2014-08-30 11:55 - 2014-08-30 11:55 - 02103808 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
    2014-08-30 11:53 - 2014-08-30 11:53 - 00001048 _____ () C:\Users\Ryan\Desktop\malwarereport.txt
    2014-08-29 23:41 - 2014-08-29 23:42 - 00056066 _____ () C:\Users\Ryan\Desktop\fix.txt
    2014-08-29 22:19 - 2014-08-29 22:19 - 00000000 ____D () C:\_OTL
    2014-08-29 20:34 - 2014-08-29 20:34 - 00088686 _____ () C:\Users\Ryan\Desktop\Extras.Txt
    2014-08-29 20:32 - 2014-08-30 00:28 - 00073768 _____ () C:\Users\Ryan\Desktop\OTL.Txt
    2014-08-29 20:03 - 2014-08-29 20:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Desktop\OTL.exe
    2014-08-29 17:22 - 2014-08-29 22:54 - 00000000 ____D () C:\Windows\system32\MpEngineStore
    2014-08-29 17:07 - 2014-08-29 17:07 - 00003224 ____N () C:\bootsqm.dat
    2014-08-29 17:06 - 2014-08-29 17:06 - 00000000 __SHD () C:\found.000
    2014-08-28 21:26 - 2014-08-28 21:26 - 00012248 _____ () C:\Users\Ryan\Downloads\hijackthis.log
    2014-08-28 21:25 - 2014-08-28 21:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ryan\Downloads\HijackThis.exe
    2014-08-27 17:12 - 2014-08-27 17:12 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill.scr
    2014-08-27 17:12 - 2014-08-27 17:12 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill64.scr
    2014-08-27 17:12 - 2014-08-27 17:12 - 00001674 _____ () C:\Users\Ryan\Desktop\Rkill.txt
    2014-08-26 20:07 - 2014-08-26 20:09 - 00000000 ____D () C:\ProgramData\Sophos
    2014-08-26 19:52 - 2014-08-26 19:52 - 00003201 _____ () C:\Users\Ryan\Desktop\Sophos Virus Removal Tool.lnk
    2014-08-26 19:52 - 2014-08-26 19:52 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
    2014-08-26 19:49 - 2014-08-26 19:49 - 00000000 ____D () C:\Program Files (x86)\Sophos
    2014-08-26 19:44 - 2014-08-26 19:46 - 94829768 _____ (Sophos Limited) C:\Users\Ryan\Downloads\Sophos Virus Removal Tool.exe
    2014-08-26 19:09 - 2014-08-05 09:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-08-26 19:08 - 2014-08-29 22:16 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-08-26 19:03 - 2014-08-26 19:03 - 13829304 _____ (Microsoft Corporation) C:\Users\Ryan\Downloads\mseinstall.exe
    2014-08-25 20:46 - 2014-08-25 20:46 - 00000000 ____D () C:\ProgramData\White Sky, Inc
    2014-08-25 20:36 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-08-25 20:36 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-08-25 20:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-08-25 20:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-08-25 20:35 - 2014-08-25 20:36 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
    2014-08-25 18:46 - 2014-08-30 11:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-25 18:44 - 2014-08-25 18:44 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-25 18:44 - 2014-08-25 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-25 18:44 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-25 18:44 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-08-25 18:44 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\AVG2014
    2014-08-25 17:37 - 2014-08-25 17:37 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-08-25 17:37 - 2014-08-25 17:37 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\TuneUp Software
    2014-08-25 17:34 - 2014-08-25 17:38 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-08-25 17:32 - 2014-08-25 17:47 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Avg2014
    2014-08-25 17:32 - 2014-08-25 17:32 - 00000000 ____D () C:\Users\Ryan\AppData\Local\MFAData
    2014-08-24 12:20 - 2014-08-29 22:55 - 00033696 _____ () C:\Windows\PFRO.log
    2014-08-24 12:20 - 2014-08-29 22:55 - 00001008 _____ () C:\Windows\setupact.log
    2014-08-24 12:20 - 2014-08-24 12:20 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-23 00:15 - 2014-08-24 12:34 - 00000000 ____D () C:\Program Files\Unlocker
    2014-08-23 00:15 - 2014-08-23 00:15 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
    2014-08-22 14:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-08-22 14:35 - 2014-08-22 14:39 - 00000000 ____D () C:\AdwCleaner
    2014-08-22 03:17 - 2014-08-22 03:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-30 12:05 - 2014-08-30 12:04 - 00012076 _____ () C:\Users\Ryan\Downloads\FRST.txt
    2014-08-30 12:04 - 2014-08-30 11:55 - 00000000 ____D () C:\FRST
    2014-08-30 11:55 - 2014-08-30 11:55 - 02103808 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
    2014-08-30 11:53 - 2014-08-30 11:53 - 00001048 _____ () C:\Users\Ryan\Desktop\malwarereport.txt
    2014-08-30 11:22 - 2014-08-25 18:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-30 00:29 - 2011-09-10 01:55 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3335902033-79738686-2682408393-1001UA.job
    2014-08-30 00:29 - 2011-09-10 01:55 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3335902033-79738686-2682408393-1001Core.job
    2014-08-30 00:28 - 2014-08-29 20:32 - 00073768 _____ () C:\Users\Ryan\Desktop\OTL.Txt
    2014-08-30 00:28 - 2009-07-14 01:10 - 01926156 _____ () C:\Windows\WindowsUpdate.log
    2014-08-29 23:42 - 2014-08-29 23:41 - 00056066 _____ () C:\Users\Ryan\Desktop\fix.txt
    2014-08-29 23:04 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-29 23:04 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-29 22:55 - 2014-08-24 12:20 - 00033696 _____ () C:\Windows\PFRO.log
    2014-08-29 22:55 - 2014-08-24 12:20 - 00001008 _____ () C:\Windows\setupact.log
    2014-08-29 22:55 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-29 22:54 - 2014-08-29 17:22 - 00000000 ____D () C:\Windows\system32\MpEngineStore
    2014-08-29 22:19 - 2014-08-29 22:19 - 00000000 ____D () C:\_OTL
    2014-08-29 22:16 - 2014-08-26 19:08 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-08-29 22:11 - 2011-06-23 01:50 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-08-29 22:02 - 2012-02-27 01:10 - 00000000 ____D () C:\ProgramData\MFAData
    2014-08-29 20:34 - 2014-08-29 20:34 - 00088686 _____ () C:\Users\Ryan\Desktop\Extras.Txt
    2014-08-29 20:03 - 2014-08-29 20:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Desktop\OTL.exe
    2014-08-29 17:07 - 2014-08-29 17:07 - 00003224 ____N () C:\bootsqm.dat
    2014-08-29 17:06 - 2014-08-29 17:06 - 00000000 __SHD () C:\found.000
    2014-08-28 21:26 - 2014-08-28 21:26 - 00012248 _____ () C:\Users\Ryan\Downloads\hijackthis.log
    2014-08-28 21:25 - 2014-08-28 21:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ryan\Downloads\HijackThis.exe
    2014-08-27 17:12 - 2014-08-27 17:12 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill.scr
    2014-08-27 17:12 - 2014-08-27 17:12 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill64.scr
    2014-08-27 17:12 - 2014-08-27 17:12 - 00001674 _____ () C:\Users\Ryan\Desktop\Rkill.txt
    2014-08-27 16:48 - 2010-07-28 07:12 - 00000000 ____D () C:\ProgramData\WildTangent
    2014-08-27 16:48 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-08-27 16:32 - 2011-07-07 22:05 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
    2014-08-27 16:32 - 2010-07-28 07:33 - 00000000 ____D () C:\ProgramData\Skype
    2014-08-26 20:09 - 2014-08-26 20:07 - 00000000 ____D () C:\ProgramData\Sophos
    2014-08-26 20:04 - 2009-07-14 00:45 - 00420504 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-26 19:52 - 2014-08-26 19:52 - 00003201 _____ () C:\Users\Ryan\Desktop\Sophos Virus Removal Tool.lnk
    2014-08-26 19:52 - 2014-08-26 19:52 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
    2014-08-26 19:49 - 2014-08-26 19:49 - 00000000 ____D () C:\Program Files (x86)\Sophos
    2014-08-26 19:46 - 2014-08-26 19:44 - 94829768 _____ (Sophos Limited) C:\Users\Ryan\Downloads\Sophos Virus Removal Tool.exe
    2014-08-26 19:08 - 2011-06-03 23:29 - 00110376 _____ () C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-08-26 19:07 - 2013-08-25 21:36 - 00000000 ____D () C:\ProgramData\Autodesk
    2014-08-26 19:06 - 2012-10-29 17:50 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\.minecraft
    2014-08-26 19:03 - 2014-08-26 19:03 - 13829304 _____ (Microsoft Corporation) C:\Users\Ryan\Downloads\mseinstall.exe
    2014-08-25 20:46 - 2014-08-25 20:46 - 00000000 ____D () C:\ProgramData\White Sky, Inc
    2014-08-25 20:37 - 2014-04-09 13:20 - 00000000 ____D () C:\ProgramData\Oracle
    2014-08-25 20:36 - 2014-08-25 20:35 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
    2014-08-25 20:36 - 2010-07-28 06:53 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-08-25 19:57 - 2014-07-22 15:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-08-25 18:45 - 2012-07-12 00:24 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Malwarebytes
    2014-08-25 18:44 - 2014-08-25 18:44 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-25 18:44 - 2014-08-25 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-25 18:44 - 2012-07-12 00:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-25 17:47 - 2014-08-25 17:32 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Avg2014
    2014-08-25 17:41 - 2012-02-27 01:16 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\AVG2014
    2014-08-25 17:40 - 2013-11-14 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2014-08-25 17:40 - 2012-06-04 20:27 - 00000000 ___HD () C:\$AVG
    2014-08-25 17:38 - 2014-08-25 17:34 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-08-25 17:37 - 2014-08-25 17:37 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-08-25 17:37 - 2014-08-25 17:37 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\TuneUp Software
    2014-08-25 17:32 - 2014-08-25 17:32 - 00000000 ____D () C:\Users\Ryan\AppData\Local\MFAData
    2014-08-25 17:22 - 2009-07-14 01:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-08-24 16:00 - 2009-07-14 01:13 - 00783394 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-24 12:35 - 2010-07-28 07:17 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
    2014-08-24 12:34 - 2014-08-23 00:15 - 00000000 ____D () C:\Program Files\Unlocker
    2014-08-24 12:20 - 2014-08-24 12:20 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-23 00:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
    2014-08-23 00:15 - 2014-08-23 00:15 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
    2014-08-22 23:44 - 2010-07-28 09:35 - 00000000 ____D () C:\Windows\Panther
    2014-08-22 15:02 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-08-22 15:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-08-22 14:39 - 2014-08-22 14:35 - 00000000 ____D () C:\AdwCleaner
    2014-08-22 03:18 - 2014-08-22 03:17 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2014-08-15 11:22 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
    2014-08-15 11:22 - 2011-06-03 23:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-08-15 11:19 - 2011-07-19 20:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-08-05 09:20 - 2014-08-26 19:09 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-08-01 16:17 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-08-01 16:17 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-21 17:48

    ==================== End Of Log ============================


    addition.txt:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2014
    Ran by Ryan at 2014-08-30 12:05:53
    Running from C:\Users\Ryan\Downloads
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
    Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.233 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)
    AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
    AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version: - Microsoft)
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
    Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
    Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
    Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
    DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
    HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
    HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
    HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{860B418B-F90B-465A-BC1D-04B518045C72}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
    iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
    LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.)
    SecureW2 Enterprise Client 3.5.6 (HKLM-x32\...\SecureW2 Enterprise Client) (Version: - )
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.20.0 - Synaptics Incorporated)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
    Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
    Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    21-07-2014 01:09:59 Scheduled Checkpoint
    25-07-2014 00:01:04 Windows Update
    01-08-2014 21:27:37 Scheduled Checkpoint
    11-08-2014 02:26:38 Scheduled Checkpoint
    15-08-2014 15:17:42 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2014-08-29 22:48 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {11294AC9-5E03-422B-9CED-D5F9568B2A6D} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
    Task: {3B3325E2-BDAA-4B3E-B25F-C0417E877058} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {66906D00-DA58-4A4F-985E-A89D45A0C84D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3335902033-79738686-2682408393-1001UA => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
    Task: {8DA146FF-FA6B-44E4-BF24-6F58AF03930B} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [2012-02-22] (SecureW2 B.V.)
    Task: {9098615F-D8B6-4E03-B0E5-6F078108FC0A} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
    Task: {D39E292B-3712-425E-A57D-AB2029C7D3EE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3335902033-79738686-2682408393-1001Core => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
    Task: {D9DD4A5B-BD0D-47FF-A31A-7F730C5E1C16} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {E4FBD172-4B66-4DC4-9D8E-3AFCFCE50330} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3335902033-79738686-2682408393-1001Core.job => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3335902033-79738686-2682408393-1001UA.job => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe

    ==================== Loaded Modules (whitelisted) =============


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============

    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/30/2014 00:03:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
    Faulting module name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
    Exception code: 0xc0000005
    Fault offset: 0x0000000000042f0a
    Faulting process id: 0x4d4
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (08/29/2014 11:01:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
    Faulting module name: Flash64_11_2_202_233.ocx, version: 11.2.202.233, time stamp: 0x4f8601ae
    Exception code: 0xc0000005
    Fault offset: 0x00000000005fcca5
    Faulting process id: 0x15c8
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (08/29/2014 10:00:57 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Ryan-PC)
    Description: HRESULT:0x8004FF11
    Description:Canít install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

    Error: (08/29/2014 09:55:01 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
    Faulting module name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
    Exception code: 0xc0000005
    Fault offset: 0x0000000000042f0a
    Faulting process id: 0x4e8
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (08/29/2014 06:23:33 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
    Faulting module name: mshtml.dll, version: 8.0.7600.17267, time stamp: 0x513191fa
    Exception code: 0xc0000005
    Fault offset: 0x0000000000468532
    Faulting process id: 0x118c
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (08/29/2014 05:00:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
    Faulting module name: WININET.dll, version: 8.0.7600.17267, time stamp: 0x51319309
    Exception code: 0xc0000005
    Fault offset: 0x00000000000195a8
    Faulting process id: 0x1afc
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (08/27/2014 05:28:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91
    Faulting module name: mozalloc.dll, version: 31.0.0.5310, time stamp: 0x53c72e91
    Exception code: 0x80000003
    Fault offset: 0x0000141b
    Faulting process id: 0xcd4
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (08/27/2014 04:34:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
    Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
    Exception code: 0xc000070a
    Fault offset: 0x0000000000061243
    Faulting process id: 0xdc4
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (08/26/2014 10:24:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
    Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


    Details:
    Could not query the status of the EventSystem service.

    System Error:
    A system shutdown is in progress.
    .

    Error: (08/26/2014 09:36:38 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.


    System errors:
    =============
    Error: (08/30/2014 00:04:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1068

    Error: (08/30/2014 00:02:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/30/2014 00:02:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/30/2014 00:02:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/30/2014 00:00:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/30/2014 00:00:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/30/2014 00:00:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/30/2014 11:55:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/30/2014 11:55:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/30/2014 11:55:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (08/30/2014 00:03:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.1.7600.167684d688122Explorer.EXE6.1.7600.167684d688122c00000050000000000042f0a4d401cfc465a7c763faC:\Windows\Explorer.EXEC:\Windows\Explorer.EXE28609250-305f-11e4-afa8-b8ac6f79421e

    Error: (08/29/2014 11:01:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.1.7600.167684d688122Flash64_11_2_202_233.ocx11.2.202.2334f8601aec000000500000000005fcca515c801cfc3fe6974e9e0C:\Windows\Explorer.EXEC:\Windows\system32\Macromed\Flash\Flash64_11_2_202_233.ocxdf86a7d5-2ff1-11e4-9513-b8ac6f79421e

    Error: (08/29/2014 10:00:57 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Ryan-PC)
    Description: HRESULT:0x8004FF11
    Description:Canít install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

    Error: (08/29/2014 09:55:01 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.1.7600.167684d688122Explorer.EXE6.1.7600.167684d688122c00000050000000000042f0a4e801cfc3e5900c58c8C:\Windows\Explorer.EXEC:\Windows\Explorer.EXEa6c69411-2fe8-11e4-8328-b8ac6f79421e

    Error: (08/29/2014 06:23:33 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.1.7600.167684d688122mshtml.dll8.0.7600.17267513191fac00000050000000000468532118c01cfc3d7aca938daC:\Windows\Explorer.EXEC:\Windows\System32\mshtml.dll1bde0d63-2fcb-11e4-bab2-b8ac6f79421e

    Error: (08/29/2014 05:00:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.1.7600.167684d688122WININET.dll8.0.7600.1726751319309c000000500000000000195a81afc01cfc3cbc3442eacC:\Windows\Explorer.EXEC:\Windows\system32\WININET.dll7c2b8af1-2fbf-11e4-b92a-b8ac6f79421e

    Error: (08/27/2014 05:28:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bcd401cfc23da098aaf1C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll22c121c5-2e31-11e4-b75c-b8ac6f79421e

    Error: (08/27/2014 04:34:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.1.7600.167684d688122ntdll.dll6.1.7600.169154ec4b137c000070a0000000000061243dc401cfc235b109a0d3C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll98be142a-2e29-11e4-bc0f-b8ac6f79421e

    Error: (08/26/2014 10:24:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
    Description:
    Details:
    Could not query the status of the EventSystem service.

    System Error:
    A system shutdown is in progress.

    Error: (08/26/2014 09:36:38 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe


    CodeIntegrity Errors:
    ===================================
    Date: 2014-08-29 22:57:25.987
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\mc2B4DD.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-29 22:57:25.909
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\mc2B4DD.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-29 22:08:45.510
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\mc225C8.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-29 22:08:45.385
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\mc225C8.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-29 17:18:58.681
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\mc22818.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-29 17:18:58.572
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\mc22818.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-29 16:24:33.297
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\mc2FD70.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-29 16:24:33.203
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\mc2FD70.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-28 19:18:58.401
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\mc2FD9F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-28 19:18:58.323
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\mc2FD9F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
    Percentage of memory in use: 80%
    Total physical RAM: 3892.42 MB
    Available physical RAM: 758.64 MB
    Total Pagefile: 7784.84 MB
    Available Pagefile: 4501.72 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:380.4 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9983125D)
    Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  2. #12
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,188
    Points
    1308

    Default

    Hello,

    From now on please run scans in regular mode, not safemode, reason being some Malware may not be running is safemode and we will not see it in the scan reports. Just a few items to address in log. Lets fix them with the instructions provided.


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
     start
    reboot:
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    Task: {E4FBD172-4B66-4DC4-9D8E-3AFCFCE50330} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
    end
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


    Next this scan could take while!

    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go >>HERE<< then click on:

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      1. Scan for potentially unwanted applications
      2. Scan for potentially unsafe applications
      3. Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
    • Copy and paste that log as a reply to this topic.
    • Now click on:
      (Selecting Uninstall application on close if you so wish)


    Your next reply should include:

    • Fixlog.txt
    • ESET scan results.
    • Run frst in regular mode post a new log.



    Thanks
    Joe

  3. #13
    Member
    Join Date
    Aug 2014
    Posts
    14
    Points
    0

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014
    Ran by Ryan at 2014-08-31 09:21:12 Run:1
    Running from C:\Users\Ryan\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    reboot:
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    Task: {E4FBD172-4B66-4DC4-9D8E-3AFCFCE50330} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
    end
    *****************

    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4FBD172-4B66-4DC4-9D8E-3AFCFCE50330}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4FBD172-4B66-4DC4-9D8E-3AFCFCE50330}" => Key deleted successfully.
    C:\Windows\System32\Tasks\pcreg => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg" => Key deleted successfully.


    The system needed a reboot.

    ==== End of Fixlog ====

    ESETSmartInstaller@High as downloader log:
    all ok
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.7623
    # api_version=3.0.2
    # EOSSerial=550f886d1cd2d74380c9e2578332128e
    # engine=19927
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2014-08-31 05:36:38
    # local_time=2014-08-31 01:36:38 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode_1='AVG AntiVirus Free Edition 2014'
    # compatibility_mode=1051 16777213 100 98 0 95697382 0 0
    # compatibility_mode_1=''
    # compatibility_mode=5893 16776573 100 94 0 161050048 0 0
    # scanned=191611
    # found=11
    # cleaned=0
    # scan_time=14275
    sh=A61576D1485353E78AC1BE7FA0D1E3605318F5E2 ft=1 fh=d28cb997866ff834 vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\pcreg\service.exe.vir"
    sh=FF6C5A8C29C241FF6473F523BBC503CA71495828 ft=1 fh=b00fb477ddfbb081 vn="Win32/AdWare.SmartApps.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\Updater\updater.exe.vir"
    sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
    sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zsknlcr.dll.vir"
    sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CREXT.DLL.vir"
    sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CrExtP5z.exe.vir"
    sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8EXTEX.DLL.vir"
    sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8EXTPEX.DLL.vir"
    sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8TICKER.DLL.vir"
    sh=FF8EE7363F23024985290D8DE0388C7CBFAF2706 ft=1 fh=1bb7c2264c841428 vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\ProgramData\comcastModemRelease\dtuser.exe"
    sh=FF8EE7363F23024985290D8DE0388C7CBFAF2706 ft=1 fh=1bb7c2264c841428 vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\Users\All Users\comcastModemRelease\dtuser.exe"


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
    Ran by Ryan (administrator) on RYAN-PC on 31-08-2014 13:43:19
    Running from C:\Users\Ryan\Desktop
    Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
    Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [DellSupportCenter] => c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [287112 2012-02-22] (SecureW2 B.V.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-3335902033-79738686-2682408393-1001\...\Run: [Facebook Update] => C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
    HKU\S-1-5-21-3335902033-79738686-2682408393-1001\...\Policies\Explorer: [HideSCAHealth] 1

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x12F8BE4537BECF01
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.731.2\NativeBHO.dll (WhiteSky)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\q6egzb0x.default-1390148873435
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ryan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml
    FF Extension: Adblock Plus - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\q6egzb0x.default-1390148873435\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-02]

    Chrome:
    =======
    CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default
    CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [290816 2008-05-16] (Pharos Systems International) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 SW2SVC; C:\Program Files (x86)\SecureW2\sw2_service.exe [126856 2012-02-22] (SecureW2 B.V.)
    S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
    U4 mchInjDrv; \??\C:\Windows\TEMP\mc2A9B6.tmp [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-31 13:43 - 2014-08-31 13:43 - 00014330 _____ () C:\Users\Ryan\Desktop\FRST.txt
    2014-08-31 09:32 - 2014-08-31 09:32 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-08-31 09:31 - 2014-08-31 09:32 - 02347384 _____ (ESET) C:\Users\Ryan\Downloads\esetsmartinstaller_enu.exe
    2014-08-31 09:20 - 2014-08-31 13:42 - 00000000 ____D () C:\Users\Ryan\Desktop\FRST-OlderVersion
    2014-08-30 12:05 - 2014-08-30 12:06 - 00042571 _____ () C:\Users\Ryan\Downloads\Addition.txt
    2014-08-30 12:04 - 2014-08-30 12:06 - 00026115 _____ () C:\Users\Ryan\Downloads\FRST.txt
    2014-08-30 11:55 - 2014-08-31 13:43 - 00000000 ____D () C:\FRST
    2014-08-30 11:55 - 2014-08-31 13:42 - 02104832 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
    2014-08-30 11:53 - 2014-08-30 11:53 - 00001048 _____ () C:\Users\Ryan\Desktop\malwarereport.txt
    2014-08-29 23:41 - 2014-08-29 23:42 - 00056066 _____ () C:\Users\Ryan\Desktop\fix.txt
    2014-08-29 22:19 - 2014-08-29 22:19 - 00000000 ____D () C:\_OTL
    2014-08-29 20:34 - 2014-08-29 20:34 - 00088686 _____ () C:\Users\Ryan\Desktop\Extras.Txt
    2014-08-29 20:32 - 2014-08-30 00:28 - 00073768 _____ () C:\Users\Ryan\Desktop\OTL.Txt
    2014-08-29 20:03 - 2014-08-29 20:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Desktop\OTL.exe
    2014-08-29 17:22 - 2014-08-29 22:54 - 00000000 ____D () C:\Windows\system32\MpEngineStore
    2014-08-29 17:07 - 2014-08-29 17:07 - 00003224 ____N () C:\bootsqm.dat
    2014-08-29 17:06 - 2014-08-29 17:06 - 00000000 __SHD () C:\found.000
    2014-08-28 21:26 - 2014-08-28 21:26 - 00012248 _____ () C:\Users\Ryan\Downloads\hijackthis.log
    2014-08-28 21:25 - 2014-08-28 21:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ryan\Downloads\HijackThis.exe
    2014-08-27 17:12 - 2014-08-27 17:12 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill.scr
    2014-08-27 17:12 - 2014-08-27 17:12 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill64.scr
    2014-08-27 17:12 - 2014-08-27 17:12 - 00001674 _____ () C:\Users\Ryan\Desktop\Rkill.txt
    2014-08-26 20:07 - 2014-08-26 20:09 - 00000000 ____D () C:\ProgramData\Sophos
    2014-08-26 19:52 - 2014-08-26 19:52 - 00003201 _____ () C:\Users\Ryan\Desktop\Sophos Virus Removal Tool.lnk
    2014-08-26 19:52 - 2014-08-26 19:52 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
    2014-08-26 19:49 - 2014-08-26 19:49 - 00000000 ____D () C:\Program Files (x86)\Sophos
    2014-08-26 19:44 - 2014-08-26 19:46 - 94829768 _____ (Sophos Limited) C:\Users\Ryan\Downloads\Sophos Virus Removal Tool.exe
    2014-08-26 19:09 - 2014-08-05 09:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-08-26 19:08 - 2014-08-29 22:16 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-08-26 19:03 - 2014-08-26 19:03 - 13829304 _____ (Microsoft Corporation) C:\Users\Ryan\Downloads\mseinstall.exe
    2014-08-25 20:46 - 2014-08-25 20:46 - 00000000 ____D () C:\ProgramData\White Sky, Inc
    2014-08-25 20:36 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-08-25 20:36 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-08-25 20:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-08-25 20:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-08-25 20:35 - 2014-08-25 20:36 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
    2014-08-25 18:46 - 2014-08-30 12:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-25 18:44 - 2014-08-25 18:44 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-25 18:44 - 2014-08-25 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-25 18:44 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-25 18:44 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-08-25 18:44 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\AVG2014
    2014-08-25 17:37 - 2014-08-25 17:37 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-08-25 17:37 - 2014-08-25 17:37 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\TuneUp Software
    2014-08-25 17:34 - 2014-08-25 17:38 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-08-25 17:32 - 2014-08-25 17:47 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Avg2014
    2014-08-25 17:32 - 2014-08-25 17:32 - 00000000 ____D () C:\Users\Ryan\AppData\Local\MFAData
    2014-08-24 12:20 - 2014-08-31 09:24 - 00001120 _____ () C:\Windows\setupact.log
    2014-08-24 12:20 - 2014-08-29 22:55 - 00033696 _____ () C:\Windows\PFRO.log
    2014-08-24 12:20 - 2014-08-24 12:20 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-23 00:15 - 2014-08-24 12:34 - 00000000 ____D () C:\Program Files\Unlocker
    2014-08-23 00:15 - 2014-08-23 00:15 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
    2014-08-22 14:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-08-22 14:35 - 2014-08-22 14:39 - 00000000 ____D () C:\AdwCleaner
    2014-08-22 03:17 - 2014-08-22 03:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-31 13:46 - 2014-08-31 13:43 - 00014330 _____ () C:\Users\Ryan\Desktop\FRST.txt
    2014-08-31 13:43 - 2014-08-30 11:55 - 00000000 ____D () C:\FRST
    2014-08-31 13:42 - 2014-08-31 09:20 - 00000000 ____D () C:\Users\Ryan\Desktop\FRST-OlderVersion
    2014-08-31 13:42 - 2014-08-30 11:55 - 02104832 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
    2014-08-31 12:31 - 2011-09-10 01:55 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3335902033-79738686-2682408393-1001UA.job
    2014-08-31 11:56 - 2009-07-14 01:10 - 02047805 _____ () C:\Windows\WindowsUpdate.log
    2014-08-31 09:32 - 2014-08-31 09:32 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-08-31 09:32 - 2014-08-31 09:31 - 02347384 _____ (ESET) C:\Users\Ryan\Downloads\esetsmartinstaller_enu.exe
    2014-08-31 09:32 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-31 09:32 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-31 09:24 - 2014-08-24 12:20 - 00001120 _____ () C:\Windows\setupact.log
    2014-08-31 09:24 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-31 09:20 - 2012-02-27 01:10 - 00000000 ____D () C:\ProgramData\MFAData
    2014-08-30 12:28 - 2014-08-25 18:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-30 12:06 - 2014-08-30 12:05 - 00042571 _____ () C:\Users\Ryan\Downloads\Addition.txt
    2014-08-30 12:06 - 2014-08-30 12:04 - 00026115 _____ () C:\Users\Ryan\Downloads\FRST.txt
    2014-08-30 11:53 - 2014-08-30 11:53 - 00001048 _____ () C:\Users\Ryan\Desktop\malwarereport.txt
    2014-08-30 00:29 - 2011-09-10 01:55 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3335902033-79738686-2682408393-1001Core.job
    2014-08-30 00:28 - 2014-08-29 20:32 - 00073768 _____ () C:\Users\Ryan\Desktop\OTL.Txt
    2014-08-29 23:42 - 2014-08-29 23:41 - 00056066 _____ () C:\Users\Ryan\Desktop\fix.txt
    2014-08-29 22:55 - 2014-08-24 12:20 - 00033696 _____ () C:\Windows\PFRO.log
    2014-08-29 22:54 - 2014-08-29 17:22 - 00000000 ____D () C:\Windows\system32\MpEngineStore
    2014-08-29 22:19 - 2014-08-29 22:19 - 00000000 ____D () C:\_OTL
    2014-08-29 22:16 - 2014-08-26 19:08 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-08-29 22:11 - 2011-06-23 01:50 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-08-29 20:34 - 2014-08-29 20:34 - 00088686 _____ () C:\Users\Ryan\Desktop\Extras.Txt
    2014-08-29 20:03 - 2014-08-29 20:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Desktop\OTL.exe
    2014-08-29 17:07 - 2014-08-29 17:07 - 00003224 ____N () C:\bootsqm.dat
    2014-08-29 17:06 - 2014-08-29 17:06 - 00000000 __SHD () C:\found.000
    2014-08-28 21:26 - 2014-08-28 21:26 - 00012248 _____ () C:\Users\Ryan\Downloads\hijackthis.log
    2014-08-28 21:25 - 2014-08-28 21:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ryan\Downloads\HijackThis.exe
    2014-08-27 17:12 - 2014-08-27 17:12 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill.scr
    2014-08-27 17:12 - 2014-08-27 17:12 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill64.scr
    2014-08-27 17:12 - 2014-08-27 17:12 - 00001674 _____ () C:\Users\Ryan\Desktop\Rkill.txt
    2014-08-27 16:48 - 2010-07-28 07:12 - 00000000 ____D () C:\ProgramData\WildTangent
    2014-08-27 16:48 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-08-27 16:32 - 2011-07-07 22:05 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
    2014-08-27 16:32 - 2010-07-28 07:33 - 00000000 ____D () C:\ProgramData\Skype
    2014-08-26 20:09 - 2014-08-26 20:07 - 00000000 ____D () C:\ProgramData\Sophos
    2014-08-26 20:04 - 2009-07-14 00:45 - 00420504 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-26 19:52 - 2014-08-26 19:52 - 00003201 _____ () C:\Users\Ryan\Desktop\Sophos Virus Removal Tool.lnk
    2014-08-26 19:52 - 2014-08-26 19:52 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
    2014-08-26 19:49 - 2014-08-26 19:49 - 00000000 ____D () C:\Program Files (x86)\Sophos
    2014-08-26 19:46 - 2014-08-26 19:44 - 94829768 _____ (Sophos Limited) C:\Users\Ryan\Downloads\Sophos Virus Removal Tool.exe
    2014-08-26 19:08 - 2011-06-03 23:29 - 00110376 _____ () C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-08-26 19:07 - 2013-08-25 21:36 - 00000000 ____D () C:\ProgramData\Autodesk
    2014-08-26 19:06 - 2012-10-29 17:50 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\.minecraft
    2014-08-26 19:03 - 2014-08-26 19:03 - 13829304 _____ (Microsoft Corporation) C:\Users\Ryan\Downloads\mseinstall.exe
    2014-08-25 20:46 - 2014-08-25 20:46 - 00000000 ____D () C:\ProgramData\White Sky, Inc
    2014-08-25 20:37 - 2014-04-09 13:20 - 00000000 ____D () C:\ProgramData\Oracle
    2014-08-25 20:36 - 2014-08-25 20:35 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
    2014-08-25 20:36 - 2010-07-28 06:53 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-08-25 19:57 - 2014-07-22 15:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-08-25 18:45 - 2012-07-12 00:24 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Malwarebytes
    2014-08-25 18:44 - 2014-08-25 18:44 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-25 18:44 - 2014-08-25 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-25 18:44 - 2012-07-12 00:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-25 17:47 - 2014-08-25 17:32 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Avg2014
    2014-08-25 17:41 - 2012-02-27 01:16 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\AVG2014
    2014-08-25 17:40 - 2013-11-14 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2014-08-25 17:40 - 2012-06-04 20:27 - 00000000 ___HD () C:\$AVG
    2014-08-25 17:38 - 2014-08-25 17:34 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-08-25 17:37 - 2014-08-25 17:37 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-08-25 17:37 - 2014-08-25 17:37 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\TuneUp Software
    2014-08-25 17:32 - 2014-08-25 17:32 - 00000000 ____D () C:\Users\Ryan\AppData\Local\MFAData
    2014-08-25 17:22 - 2009-07-14 01:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-08-24 16:00 - 2009-07-14 01:13 - 00783394 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-24 12:35 - 2010-07-28 07:17 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
    2014-08-24 12:34 - 2014-08-23 00:15 - 00000000 ____D () C:\Program Files\Unlocker
    2014-08-24 12:20 - 2014-08-24 12:20 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-23 00:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
    2014-08-23 00:15 - 2014-08-23 00:15 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
    2014-08-22 23:44 - 2010-07-28 09:35 - 00000000 ____D () C:\Windows\Panther
    2014-08-22 15:02 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-08-22 15:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-08-22 14:39 - 2014-08-22 14:35 - 00000000 ____D () C:\AdwCleaner
    2014-08-22 03:18 - 2014-08-22 03:17 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2014-08-15 11:22 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
    2014-08-15 11:22 - 2011-06-03 23:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-08-15 11:19 - 2011-07-19 20:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-08-05 09:20 - 2014-08-26 19:09 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-08-01 16:17 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-08-01 16:17 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-21 17:48

    ==================== End Of Log ============================

  4. #14
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,188
    Points
    1308

    Default

    Clean out your temporary internet files and temp files.

    Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.

    Double-click TFC.exe to run it.

    Note: If you are running on Vista, right-click on the file and choose Run As Administrator

    TFC will close all programs when run, so make sure you have saved all your work before you begin.

    * Click the Start button to begin the cleaning process.
    * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
    * Please let TFC run uninterrupted until it is finished.

    Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.



    The one that keeps popping up seems to be a trojan called cidox-vbr if I recall correctly.
    Are you still seeing that?

  5. #15
    Member
    Join Date
    Aug 2014
    Posts
    14
    Points
    0

    Default

    TFC finished and rebooted. I'm not seeing that trojan anymore, but my processes still shows an explorer.exe that appears right after two CTF loaders appear then vanish, and starts using more and more CPU memory until it uses over 1 million K. I end this process but it comes back within a minute.

  6. #16
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,188
    Points
    1308

    Default

    Hello,

    Scan with ComboFix

    This is a very powerful tool that should be used only if advised by Malware Analyst.
    Do not run ComboFix on your own!


    Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
    Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

    • Right-click on icon and select Run as Administrator to start the tool.[/*]
    • Accept the disclaimer and agree if prompted to install Recovery Console.[/*]
    • Do not take any actions while ComboFix goes through your System - it may cause it to stall![/*]
    • This scan may take some time![/*]
    • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).[/*]


    Include that log in your next reply.

  7. #17
    Member
    Join Date
    Aug 2014
    Posts
    14
    Points
    0

    Default

    I got two error messages during this.

    C:\windows\system32\GfxUI.exe
    A device attached to the system is not functioning.

    Grep.3XE - application error
    The application was unable to start correctly (0xc000012d). Click OK to close the application.

    The second one (grep.3xe) was during preparing the log report. I x'd out of the message instead of clicking OK.

  8. #18
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,188
    Points
    1308

    Default

    OK.

    Did combofix actually create a log report? Look on the c drive, usually C:\ComboFix.txt)

  9. #19
    Member
    Join Date
    Aug 2014
    Posts
    14
    Points
    0

    Default

    ComboFix 14-08-31.01 - Ryan 09/01/2014 13:00:45.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3892.3126 [GMT -4:00]
    Running from: C:\Users\Ryan\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files (x86)\SecureW2
    C:\Program Files (x86)\SecureW2\SecureW2.inf
    C:\Program Files (x86)\SecureW2\SecureW2_Enterprise_Client_356.exe
    C:\Program Files (x86)\SecureW2\sw2_res_default.bmp
    C:\Program Files (x86)\SecureW2\sw2_rsaproxy.exe
    C:\Program Files (x86)\SecureW2\sw2_service.exe
    C:\Program Files (x86)\SecureW2\sw2_tray.exe
    C:\Program Files (x86)\SecureW2\Uninstall.exe
    C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
    C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_SW2SVC
    -------\Service_SW2SVC


    ((((((((((((((((((((((((( Files Created from 2014-08-01 to 2014-09-01 )))))))))))))))))))))))))))))))


    2014-09-01 17:15:27 . 2014-09-01 17:15:27 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2014-08-31 18:51:49 . 2014-08-31 18:51:49 -------- d-----w- C:\found.001
    2014-08-31 13:32:47 . 2014-08-31 13:32:47 -------- d-----w- C:\Program Files (x86)\ESET
    2014-08-30 15:55:58 . 2014-08-31 17:46:44 -------- d-----w- C:\FRST
    2014-08-30 02:30:09 . 2014-08-21 15:24:24 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0036CAA4-B077-4133-BEAB-4C75D21E3A7A}\mpengine.dll
    2014-08-30 02:19:38 . 2014-08-30 02:19:38 -------- d-----w- C:\_OTL
    2014-08-29 21:22:50 . 2014-08-30 02:54:31 -------- d-----w- C:\Windows\system32\MpEngineStore
    2014-08-29 21:06:29 . 2014-08-29 21:06:29 -------- d-----w- C:\found.000
    2014-08-27 00:07:37 . 2014-09-01 15:56:38 -------- d-----w- C:\ProgramData\Sophos
    2014-08-26 23:09:43 . 2014-08-05 13:20:00 270496 ------w- C:\Windows\system32\MpSigStub.exe
    2014-08-26 00:46:34 . 2014-08-26 00:46:34 -------- d-----w- C:\ProgramData\White Sky, Inc
    2014-08-26 00:36:44 . 2014-08-26 00:36:44 -------- d-----w- C:\Program Files (x86)\Common Files\Java
    2014-08-26 00:36:22 . 2014-07-25 16:55:09 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-25 22:46:18 . 2014-09-01 15:54:59 122584 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
    2014-08-25 22:44:19 . 2014-05-12 11:26:10 63704 ----a-w- C:\Windows\system32\drivers\mwac.sys
    2014-08-25 22:44:19 . 2014-05-12 11:26:00 91352 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
    2014-08-25 22:44:19 . 2014-05-12 11:25:56 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2014-08-25 22:44:18 . 2014-08-25 22:44:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-25 21:40:55 . 2014-08-25 21:40:55 -------- d-----w- C:\Users\Ryan\AppData\Roaming\AVG2014
    2014-08-25 21:37:41 . 2014-08-25 21:37:41 -------- d-----w- C:\Users\Ryan\AppData\Roaming\TuneUp Software
    2014-08-25 21:34:21 . 2014-08-25 21:38:45 -------- d-----w- C:\ProgramData\AVG2014
    2014-08-25 21:32:14 . 2014-08-25 21:47:46 -------- d-----w- C:\Users\Ryan\AppData\Local\Avg2014
    2014-08-25 21:32:14 . 2014-08-25 21:32:14 -------- d-----w- C:\Users\Ryan\AppData\Local\MFAData
    2014-08-23 04:15:05 . 2014-08-24 16:34:29 -------- d-----w- C:\Program Files\Unlocker
    2014-08-22 18:39:22 . 2010-08-30 12:34:16 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-08-22 18:35:09 . 2014-08-22 18:39:48 -------- d-----w- C:\AdwCleaner
    2014-08-22 07:17:34 . 2014-08-22 07:18:02 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2014-08-22 05:39:12 . 2014-08-22 05:39:12 21504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\version1.dll
    2014-08-05 17:20:22 . 2014-08-05 17:20:22 227728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2014-08-30 02:57:33 . 2010-06-24 15:33:56 23256 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-08-15 15:19:54 . 2011-07-20 00:00:54 99218768 ----a-w- C:\Windows\system32\MRT.exe
    2014-06-30 18:30:04 . 2012-04-22 00:29:14 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-06-30 18:30:04 . 2012-04-22 00:29:14 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-06-30 16:43:02 . 2014-06-30 16:43:02 152344 ----a-w- C:\Windows\system32\drivers\avgdiska.sys
    2014-06-17 20:21:34 . 2014-06-17 20:21:34 235800 ----a-w- C:\Windows\system32\drivers\avgldx64.sys
    2014-06-17 20:07:12 . 2014-06-17 20:07:12 328984 ----a-w- C:\Windows\system32\drivers\avgloga.sys
    2014-06-17 20:06:58 . 2014-06-17 20:06:58 269080 ----a-w- C:\Windows\system32\drivers\avgtdia.sys
    2014-06-17 20:06:24 . 2014-06-17 20:06:24 190744 ----a-w- C:\Windows\system32\drivers\avgidsha.sys
    2014-06-17 20:06:22 . 2014-06-17 20:06:22 242968 ----a-w- C:\Windows\system32\drivers\avgidsdrivera.sys
    2014-06-17 20:06:20 . 2014-06-17 20:06:20 123672 ----a-w- C:\Windows\system32\drivers\avgmfx64.sys
    2014-06-17 20:06:06 . 2014-06-17 20:06:06 31512 ----a-w- C:\Windows\system32\drivers\avgrkx64.sys

  10. #20
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,188
    Points
    1308

    Default

    Hello,

    That's not the entire log, make sure you copied it all and pasted it all. Or perhaps that is all combofix wrote to the log file being that you experienced some issues ?

Page 2 of 3 FirstFirst 123 LastLast